Re: [Proftpd-user] Problems with TLSVerifyDepth

On Tue, Jan 15, 2008 at 10:00:53PM -0800, TJ Saunders wrote:[color=blue]
>[color=green]
> > Jan 15 17:13:15 mod_tls/2.1.1[4001]: unable to accept TLS connection:
> > (1) error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned[/color]
>[color=green]
> > Can anyone spot what I'm doing wrong?[/color]
>
> One possibility is that the client (lftp) might not like the self-signed
> certificate, rather than the server (proftpd). What happens if you add
> the following to your proftpd.conf:
>
> TLSOptions NoCertRequest[/color]

This does work fine. However, from the errors I was seeing it seemed
that both sides were complaining about certificate validiation... it
would seem that at least the server side should be accepting it. Also
I do have verify certificate disabled on the lftp side.

In addition, this same error occurs using WS_FTP from Windows using
their "Ipswitch" built in client side certificate.

I would like to figure out how to make this work without requiring the
above option...
[color=blue]
>
> Another possibility is that this is a specific bug in mod_tls, regarding
> the handling of this specific case. Before we reach that conclusion,
> though...what version of OpenSSL are you using?
>[/color]

openssl-0.9.7a-43.17.el4_6.1 that comes with RHEL4 Update 6.

Thanks for your response.

Ray

-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
[url]http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/[/url]
_______________________________________________
ProFTPD Users List <proftpd-users@proftpd.org>
Unsubscribe problems?
[url]http://www.proftpd.org/list-unsub.html[/url]