> > TLSOptions NoCertRequest

>
> This does work fine.


It works because it configures mod_tls to not request that the client
sends its certificate for verification.

> However, from the errors I was seeing it seemed that both sides were
> complaining about certificate validiation... it would seem that at least
> the server side should be accepting it. Also I do have verify
> certificate disabled on the lftp side.
>
> In addition, this same error occurs using WS_FTP from Windows using
> their "Ipswitch" built in client side certificate.
>
> I would like to figure out how to make this work without requiring the
> above option...


This post might be relevant:

http://fixunix.com/openssl/219808-re...ation-bug.html

Is the self-signed certificate configured to use by lftp:

set ssl:key-file "/path/to/gm_ftp/client.key.pem"
set ssl:cert-file "/path/to/gm_ftp/client.cert.pem"

the same certificates as those trusted by mod_tls:

# Certificate Authority (CA) that the server trusts.
TLSCACertificateFile /etc/proftpd/ca.crt

That might be another potential source of mismatch.

> openssl-0.9.7a-43.17.el4_6.1 that comes with RHEL4 Update 6.


OK. There were some verification bugs in older OpenSSL releases (e.g.
0.9.5); this version rules those bugs out.

Cheers,
TJ

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

The hardest thing of all to see is what is really there.

-J.A. Baker

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
ProFTPD Users List
Unsubscribe problems?
http://www.proftpd.org/list-unsub.html