> > TLSOptions NoCertRequest

> This does work fine.

It works because it configures mod_tls to not request that the client
sends its certificate for verification.

> However, from the errors I was seeing it seemed that both sides were
> complaining about certificate validiation... it would seem that at least
> the server side should be accepting it. Also I do have verify
> certificate disabled on the lftp side.
> In addition, this same error occurs using WS_FTP from Windows using
> their "Ipswitch" built in client side certificate.
> I would like to figure out how to make this work without requiring the
> above option...

This post might be relevant:


Is the self-signed certificate configured to use by lftp:

set ssl:key-file "/path/to/gm_ftp/client.key.pem"
set ssl:cert-file "/path/to/gm_ftp/client.cert.pem"

the same certificates as those trusted by mod_tls:

# Certificate Authority (CA) that the server trusts.
TLSCACertificateFile /etc/proftpd/ca.crt

That might be another potential source of mismatch.

> openssl-0.9.7a-43.17.el4_6.1 that comes with RHEL4 Update 6.

OK. There were some verification bugs in older OpenSSL releases (e.g.
0.9.5); this version rules those bugs out.


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

The hardest thing of all to see is what is really there.

-J.A. Baker

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
ProFTPD Users List
Unsubscribe problems?