Alexander V. Lukyanov | 3 Apr 06:20 2007
Picon

Re: ERROR: Certificate verification: unable to get local issuer certificate

On Mon, Apr 02, 2007 at 11:32:47AM -0400, lu.guanqing <at> bell.ca wrote:
> Certificate depth: 0; subject: /C=CA/ST=QUEBEC/L=MONTREAL/O=CONNEXIM/OU=Gestion
Serveurs/CN=blxch2.qc.bell.ca; issuer: /C=CA/ST=QUEBEC/L=MONTREAL/O=CONNEXIM/OU=Gestion
Serveurs/CN=Certification Authority/emailAddress=katy.belanger <at> connexim.ca
> ERROR: Certificate verification: unable to get local issuer certificate
> ls: Erreur fatale: SSL connect: unable to get local issuer certificate
> 
> I put both 
> 
> set ssl:verify-certificate no

See if there is a more specific setting (like ssl:verify-certificate/blxch2) using:

	lftp> set -a|grep verify-certificate

--

-- 
   Alexander.

Tobias Burnus | 2 Apr 20:28 2007
Picon

lftp: Support recursive get

Hi,

first, I would like to thank you for lftp which is a great program.
(Especially, SFTP support is great. I didn't know about that feature
until a second ago.)

However, lftp misses a feature which ncftp has: Recursive get.

For instance I want to download ftp://dante.ctan.org/pub/tex/fonts/lm/fonts/

In ncftp I can do:
   ncftp ftp://dante.ctan.org/pub/tex/fonts/lm/
ncftp /pub/tex/fonts/lm > get -R fonts/

which transfers all 1043 files.

If I try it in lftp, I get the error:
lftp dante.ctan.org:/pub/tex/fonts/lm> get fonts/
get: Access failed: 550 fonts/: Not a regular file
and -r or -R is not available.

Tobias

Stauber Jürg (KISX 1 | 3 Apr 10:40 2007

FW: lftp + ssl

I like to use lftp in a script. But this way I'm not able to answer the request for the passpahrase.  So how can I pass the requested passphrase trough a script ?
 

Besten Dank und freundliche Grüsse
jürg Stauber


Justin Piszcz | 3 Apr 13:52 2007

Re: FW: lftp + ssl

lftp ftp://login:pass <at> ip:port/ -e "your command here; exit"

On Tue, 3 Apr 2007, Stauber Jürg (KISX 1) wrote:

> I like to use lftp in a script. But this way I'm not able to answer the request for the passpahrase.  So how can I
pass the requested passphrase trough a script ?
>
>
> Besten Dank und freundliche Grüsse
> jürg Stauber
>
>
>
lu.guanqing | 3 Apr 15:14 2007
Picon

What is lftp ftps mode?

Hi Alex:

 

  As I talked with you about lftp, it works with ftp mode. That is, it utilizes the default ports (20,21). However, my client persists in using lftp ftps mode, which utilizes ports (989,990).

 

  On the server, I add three lines as following as restart the vsftpd service:

 

## three directives are added in the /etc/vsftpd/vsftpd.conf on the server

## ftps for lftp added by glu 02/04/2007

connect_from_port_20=YES

listen_port=990

ftp_data_port=989

 

root <at> scTEST:/etc/vsftpd$ service vsftpd restart

Shutting down vsftpd: [  OK  ]

Starting vsftpd for vsftpd: [  OK  ]

 

On the client, I'm failed when I try to connect to the server.

 

[scu <at> bl2c7b scu]$ lftp ftps://blxch2

lftp blxch2:~> debug 5

lftp blxch2:~> user sctest1

Mot de passe:

lftp sctest1 <at> blxch2:~> ls

---- Connexion à blxch2 (142.117.32.223) port 990

**** Erreur de socket (Connexion refusée) - reconnexion

---- Connexion à blxch2 (142.117.32.223) port 990

**** Erreur de socket (Connexion refusée) - reconnexion

 

What's wrong?

 

   Thanks in advance.

 

   Guanqing

 

 

-----Original Message-----
From: Alexander V. Lukyanov [mailto:lav <at> netis.ru]
Sent: Tuesday, April 03, 2007 12:20 AM
To: Lu, Guanqing (J3206)
Cc: Doucerain, Jerome (520031); lftp <at> uniyar.ac.ru
Subject: Re: ERROR: Certificate verification: unable to get local issuer certificate

 

On Mon, Apr 02, 2007 at 11:32:47AM -0400, lu.guanqing <at> bell.ca wrote:

> Certificate depth: 0; subject: /C=CA/ST=QUEBEC/L=MONTREAL/O=CONNEXIM/OU=Gestion Serveurs/CN=blxch2.qc.bell.ca; issuer: /C=CA/ST=QUEBEC/L=MONTREAL/O=CONNEXIM/OU=Gestion Serveurs/CN=Certification Authority/emailAddress=katy.belanger <at> connexim.ca

> ERROR: Certificate verification: unable to get local issuer certificate

> ls: Erreur fatale: SSL connect: unable to get local issuer certificate

>

> I put both

>

> set ssl:verify-certificate no

 

See if there is a more specific setting (like ssl:verify-certificate/blxch2) using:

 

      lftp> set -a|grep verify-certificate

 

--

   Alexander.

lu.guanqing | 3 Apr 15:06 2007
Picon

RE: ERROR: Certificate verification: unable to get local issuer certificate

Hi, Alex

 

  Thank you very much, this problem is resolved in half.

 

  I can use lftp now but with following warning on yellow.

 

[scu <at> bl2c7b scu]$ lftp sctest1 <at> blxch2

Mot de passe:

lftp sctest1 <at> blxch2:~> debug 5             

lftp sctest1 <at> blxch2:~> ls

---- Connexion à blxch2 (142.117.32.223) port 21

<--- 220 (vsFTPd 2.0.5)       

---> AUTH TLS

<--- 234 Proceed with negotiation.

Certificate depth: 0; subject: /C=CA/ST=QUEBEC/L=MONTREAL/O=CONNEXIM/OU=Gestion Serveurs/CN=blxch2.xtx.gdu.ca; issuer: /C=CA/ST=QUEBEC/L=MONTREAL/O=CONNEXIM/OU=Gestion Serveurs/CN=Certification

WARNING: Certificate verification: unable to get local issuer certificate

WARNING: Certificate verification: certificate not trusted

WARNING: Certificate verification: unable to verify the first certificate

---> USER sctest1

<--- 331 Please specify the password.

---> PASS XXXX

<--- 230 Login successful.           

---> PWD

<--- 257 "/home/sctest1"

---> PBSZ 0

<--- 200 PBSZ set to 0.

---> PROT P

<--- 200 PROT now Private.

---> PORT 142,117,32,206,156,148

<--- 200 PORT command successful. Consider using PASV.

---> LIST

<--- 150 Here comes the directory listing.

Certificate depth: 0; subject: /C=CA/ST=QUEBEC/L=MONTREAL/O=CONNEXIM/OU=Gestion Serveurs/CN=blxch2.xtx.gdu.ca; issuer: /C=CA/ST=QUEBEC/L=MONTREAL/O=CONNEXIM/OU=Gestion Serveurs/CN=Certification

WARNING: Certificate verification: unable to get local issuer certificate

WARNING: Certificate verification: certificate not trusted

WARNING: Certificate verification: unable to verify the first certificate

drwxrwxr-x    5 501      516          4096 Mar 28 13:19 Ingenico

-rw-rw-r--    1 501      516       6915025 Aug 01  2006 OptimalInv20060801060001.txt

drwxrwxr-x    2 501      516          4096 Jul 25  2006 Phoenix Scrpts

-rw-rw-rw-    1 501      516           466 Aug 04  2006 ProviderRecontst.ctl

-rw-rw-r--    1 501      516           371 Nov 10  2005 backup

drwxr-xr-x    3 501      516          4096 Oct 18  2005 cnit341e

drwxrwxr-x    3 501      516          4096 Oct 18  2005 cnit35e

-rwxrwxrwx    1 501      516          1646 Aug 10  2006 cxprovider_get_recon.sh

-rw-------    1 501      100          1614 Aug 09  2005 dead.letter

-rw-r--r--    1 501      516          1014 Oct 11  2005 email.log

drwxr-xr-x    2 501      516          4096 Sep 15  2005 ftpcxmecf

drwxr-xr-x    2 501      516          4096 Oct 10  2005 ftpcxmenv

drwxr-xr-x    3 501      516          4096 Feb 23  2006 ftpcxmrec

-rw-r--r--    1 501      516             0 Oct 11  2005 mail.log

drwxr-xr-x    4 501      516          4096 Oct 19  2005 optimal

drwxrwxr-x    2 501      516          4096 Jul 25  2006 phoenix.scripts

-rw-rw-r--    1 501      516          2124 Aug 04  2006 provider.log

-rw-rw-r--    1 501      516          1975 Aug 04  2006 providerrecon.bad

-rw-rw-r--    1 501      516       6915025 Aug 01  2006 providerrecon.txt

-rw-rw-r--    1 501      516           102 Nov 11  2005 restaure

-rw-rw-r--    1 501      516           512 Nov 10  2005 restaure.sql

-rw-r--r--    1 501      516      100700788 Oct 05  2005 sc.log.1

-rw-r--r--    1 501      516          1010 Jul 27  2006 scheduler.log

-rw-r--r--    1 501      516          1202 Jul 27  2006 server.log

-rw-r-----    1 501      516            73 Aug 01  2006 test1

drwxr-xr-x    2 501      516          4096 Jul 25  2006 transfert

drwxr-xr-x    3 501      502          4096 Apr 20  2005 unix

<--- 226 Directory send OK.

 

lftp sctest1 <at> blxch2:~> set -a |grep verify-certificate

set ssl:verify-certificate off

lftp sctest1 <at> blxch2:~> quit

---> QUIT

 

 

   Best regards

 

   Guanqing

 

-----Original Message-----
From: Alexander V. Lukyanov [mailto:lav <at> netis.ru]
Sent: Tuesday, April 03, 2007 12:20 AM
To: Lu, Guanqing (J3206)
Cc: Doucerain, Jerome (520031); lftp <at> uniyar.ac.ru
Subject: Re: ERROR: Certificate verification: unable to get local issuer certificate

 

On Mon, Apr 02, 2007 at 11:32:47AM -0400, lu.guanqing <at> bell.ca wrote:

> Certificate depth: 0; subject: /C=CA/ST=QUEBEC/L=MONTREAL/O=CONNEXIM/OU=Gestion Serveurs/CN=blxch2.qc.bell.ca; issuer: /C=CA/ST=QUEBEC/L=MONTREAL/O=CONNEXIM/OU=Gestion Serveurs/CN=Certification Authority/emailAddress=katy.belanger <at> connexim.ca

> ERROR: Certificate verification: unable to get local issuer certificate

> ls: Erreur fatale: SSL connect: unable to get local issuer certificate

>

> I put both

>

> set ssl:verify-certificate no

 

See if there is a more specific setting (like ssl:verify-certificate/blxch2) using:

 

      lftp> set -a|grep verify-certificate

 

--

   Alexander.

ras-eric | 3 Apr 18:30 2007
Picon

Re: lftp: Support recursive get

Use the mirror command:
> mirror fonts/
see the manpage for all options...

ras-eric

On 4/2/07, Tobias Burnus < burnus <at> net-b.de> wrote:
Hi,

first, I would like to thank you for lftp which is a great program.
(Especially, SFTP support is great. I didn't know about that feature
until a second ago.)

However, lftp misses a feature which ncftp has: Recursive get.

For instance I want to download ftp://dante.ctan.org/pub/tex/fonts/lm/fonts/

In ncftp I can do:
   ncftp ftp://dante.ctan.org/pub/tex/fonts/lm/
ncftp /pub/tex/fonts/lm > get -R fonts/

which transfers all 1043 files.

If I try it in lftp, I get the error:
lftp dante.ctan.org:/pub/tex/fonts/lm> get fonts/
get: Access failed: 550 fonts/: Not a regular file
and -r or -R is not available.

Tobias

lu.guanqing | 3 Apr 17:21 2007
Picon

How to configure ftps protocol?

 

Hi, Alex:

 

It works well with lftp sftp. However, my client want to have lftp ftps:

My lftp client does not recognize ftps even though I installed the most recent lftp-3.5.10.

 

 

root <at> scDEV:/$ /usr/local/bin/lftp ftps://blxch2

lftp: ftps - not supported protocol

root <at> scDEV:/$ lftp ftps://blxch2

lftp blxch2:~> user sctest1

Password:

lftp sctest1 <at> blxch2:~> debug 5

lftp sctest1 <at> blxch2:~> ls

---- Connecting to blxch2 (142.117.32.223) port 990

ls: Fatal error: SSL connect: unknown protocol

 

root <at> scDEV:/root/patches/lftp-3.5.10$ /usr/local/bin/lftp --version

LFTP | Version 3.5.10 | Copyright (c) 1996-2006 Alexander V. Lukyanov

 

LFTP is free software, covered by the GNU General Public License, and you are

welcome to change it and/or distribute copies of it under certain conditions.

There is absolutely no warranty for LFTP.  See COPYING for details.

 

Send bug reports and questions to <lftp <at> uniyar.ac.ru>.

 

Libraries used: Readline 4.3, Expat 1.95.5

 

    When I put the following line in the /etc/lftp.conf

 

      set ftps:initial-prot C

 

root <at> scDEV:/$ /usr/local/bin/lftp ftps://blxch2

lftp: ftps - not supported protocol

root <at> scDEV:/$ lftp ftps://blxch2

lftp blxch2:~> user sctest1

Password:

lftp sctest1 <at> blxch2:~> debug 5

lftp sctest1 <at> blxch2:~> ls

      ls: Fatal error: SSL connect: unknown protocol

 

     Any idea?

 

     Thanks

 

      Guanqing

 

-----Original Message-----
From: Alexander V. Lukyanov [mailto:lav <at> netis.ru]
Sent: Tuesday, April 03, 2007 12:20 AM
To: Lu, Guanqing (J3206)
Cc: Doucerain, Jerome (520031); lftp <at> uniyar.ac.ru
Subject: Re: ERROR: Certificate verification: unable to get local issuer certificate

 

On Mon, Apr 02, 2007 at 11:32:47AM -0400, lu.guanqing <at> bell.ca wrote:

> Certificate depth: 0; subject: /C=CA/ST=QUEBEC/L=MONTREAL/O=CONNEXIM/OU=Gestion Serveurs/CN=blxch2.qc.bell.ca; issuer: /C=CA/ST=QUEBEC/L=MONTREAL/O=CONNEXIM/OU=Gestion Serveurs/CN=Certification Authority/emailAddress=katy.belanger <at> connexim.ca

> ERROR: Certificate verification: unable to get local issuer certificate

> ls: Erreur fatale: SSL connect: unable to get local issuer certificate

>

> I put both

>

> set ssl:verify-certificate no

 

See if there is a more specific setting (like ssl:verify-certificate/blxch2) using:

 

      lftp> set -a|grep verify-certificate

 

--

   Alexander.

lu.guanqing | 3 Apr 20:49 2007
Picon

RE: ERROR: Certificate verification: unable to get local issuer certificate

Hi, Alex:

 

  On the server, I install most recently released version vsftpd-2.0.5 and add following directives and restart vsftpd:

 

## openssl for lftp added by glu 30/03/2007

ssl_enable=yes

force_local_data_ssl=YES

force_local_logins_ssl=YES

rsa_cert_file=/usr/share/ssl/certs/blxch2.pem

rsa_private_key_file=/usr/share/ssl/certs/blxch2.key

allow_anon_ssl=yes

##log_ftp_protocol=yes

vsftpd_log_file=/var/log/vsftpd.log

## ftps for lftp added by glu 02/04/2007

connect_from_port_20=YES

listen_port=990

ftp_data_port=989

 

  On lftp client, I install most recently released version lftp-3.5.10 and configured with openssl; I also add following directives in the /etc/lftp.conf

 

## lftp added by glu 29/03/2007

set ftp:ssl-allow on

set ssl:verify-certificate off

set ftp:ssl-protect-data on

set ftp:passive off

set ftps:initial-prot "C"

 

  With those new installations and configurations, lftp with ftps mode recognizes the directive ftps:initial-prot. However, it always says “SSL_connect: unknown protocol” with every possibility such as “C”, “S”, “E”, “P” or “”.

 

root <at> scDEV:/root/patches/lftp-3.5.10$lftp ftps://blxch2

lftp blxch2:~> user sctest1

Password:

lftp sctest1 <at> blxch2:~> debug 5

lftp sctest1 <at> blxch2:~> ls

---- Connecting to blxch2 (142.117.32.223) port 990

**** SSL_connect: unknown protocol

ls: Fatal error: SSL_connect: unknown protocol

lftp sctest1 <at> blxch2:~> set -a |grep ftps

set ftps:initial-prot ""

lftp sctest1 <at> blxch2:~> set ftps:initial-prot "C"

lftp sctest1 <at> blxch2:~> ls

---- Connecting to blxch2 (142.117.32.223) port 990

**** SSL_connect: unknown protocol

ls: Fatal error: SSL_connect: unknown protocol

lftp sctest1 <at> blxch2:~> set ftps:initial-prot "F"

F: must be one of: C, S, E, P, or empty.

lftp sctest1 <at> blxch2:~>  set ftps:initial-prot "S"

lftp sctest1 <at> blxch2:~> ls

---- Connecting to blxch2 (142.117.32.223) port 990

**** SSL_connect: unknown protocol

ls: Fatal error: SSL_connect: unknown protocol

lftp sctest1 <at> blxch2:~>  set ftps:initial-prot "E"

lftp sctest1 <at> blxch2:~> ls

---- Connecting to blxch2 (142.117.32.223) port 990

**** SSL_connect: unknown protocol

ls: Fatal error: SSL_connect: unknown protocol

lftp sctest1 <at> blxch2:~>  set ftps:initial-prot "P"

lftp sctest1 <at> blxch2:~> ls

---- Connecting to blxch2 (142.117.32.223) port 990

**** SSL_connect: unknown protocol

ls: Fatal error: SSL_connect: unknown protocol

 

 

   What should I do next, do you have any idea?

 

   Thanks in advance!

 

Guanqing

 

-----Original Message-----
From: Alexander V. Lukyanov [mailto:lav <at> netis.ru]
Sent: Tuesday, April 03, 2007 12:20 AM
To: Lu, Guanqing (J3206)
Cc: Doucerain, Jerome (520031); lftp <at> uniyar.ac.ru
Subject: Re: ERROR: Certificate verification: unable to get local issuer certificate

 

On Mon, Apr 02, 2007 at 11:32:47AM -0400, lu.guanqing <at> bell.ca wrote:

> Certificate depth: 0; subject: /C=CA/ST=QUEBEC/L=MONTREAL/O=CONNEXIM/OU=Gestion Serveurs/CN=blxch2.qc.bell.ca; issuer: /C=CA/ST=QUEBEC/L=MONTREAL/O=CONNEXIM/OU=Gestion Serveurs/CN=Certification Authority/emailAddress=katy.belanger <at> connexim.ca

> ERROR: Certificate verification: unable to get local issuer certificate

> ls: Erreur fatale: SSL connect: unable to get local issuer certificate

>

> I put both

>

> set ssl:verify-certificate no

 

See if there is a more specific setting (like ssl:verify-certificate/blxch2) using:

 

      lftp> set -a|grep verify-certificate

 

--

   Alexander.

Stauber Jürg (KISX 1 | 4 Apr 10:18 2007

RE: FW: lftp + ssl

Hi Justin,
I asked how to enter the passphrase for the certificate not the password.
I think I forgott to write that I'm using TLS ! 

Besten Dank und freundliche Grüsse
J.Stauber / KISX 1

-----Original Message-----
From: Justin Piszcz [mailto:jpiszcz <at> lucidpixels.com] 
Sent: Tuesday, April 03, 2007 1:52 PM
To: Stauber Jürg (KISX 1)
Cc: lftp <at> uniyar.ac.ru
Subject: Re: FW: lftp + ssl

lftp ftp://login:pass <at> ip:port/ -e "your command here; exit"

On Tue, 3 Apr 2007, Stauber Jürg (KISX 1) wrote:

> I like to use lftp in a script. But this way I'm not able to answer the request for the passpahrase.  So how can I
pass the requested passphrase trough a script ?
>
>
> Besten Dank und freundliche Grüsse
> jürg Stauber
>
>
>


Gmane