general discussions and major version announcements for the lftp ftp client

Alexander V. Lukyanov | 3 Apr 2007 06:20

Re: ERROR: Certificate verification: unable to get local issuer certificate

On Mon, Apr 02, 2007 at 11:32:47AM -0400, lu.guanqing <at> bell.ca wrote:
> Certificate depth: 0; subject: /C=CA/ST=QUEBEC/L=MONTREAL/O=CONNEXIM/OU=Gestion
Serveurs/CN=blxch2.qc.bell.ca; issuer: /C=CA/ST=QUEBEC/L=MONTREAL/O=CONNEXIM/OU=Gestion
Serveurs/CN=Certification Authority/emailAddress=katy.belanger <at> connexim.ca
> ERROR: Certificate verification: unable to get local issuer certificate
> ls: Erreur fatale: SSL connect: unable to get local issuer certificate
> 
> I put both 
> 
> set ssl:verify-certificate no

See if there is a more specific setting (like ssl:verify-certificate/blxch2) using:

	lftp> set -a|grep verify-certificate

--

-- 
   Alexander.

headers

Tobias Burnus | 2 Apr 2007 20:28

lftp: Support recursive get

Hi,

first, I would like to thank you for lftp which is a great program.
(Especially, SFTP support is great. I didn't know about that feature
until a second ago.)

However, lftp misses a feature which ncftp has: Recursive get.

For instance I want to download ftp://dante.ctan.org/pub/tex/fonts/lm/fonts/

In ncftp I can do:
   ncftp ftp://dante.ctan.org/pub/tex/fonts/lm/
ncftp /pub/tex/fonts/lm > get -R fonts/

which transfers all 1043 files.

If I try it in lftp, I get the error:
lftp dante.ctan.org:/pub/tex/fonts/lm> get fonts/
get: Access failed: 550 fonts/: Not a regular file
and -r or -R is not available.

Tobias

headers

Stauber Jürg (KISX 1 | 3 Apr 2007 10:40

FW: lftp + ssl

I like to use lftp in a script. But this way I'm not able to answer the request for the passpahrase. So how can I pass the requested passphrase trough a script ?

Besten Dank und freundliche Grüsse
jürg Stauber

headers

Justin Piszcz | 3 Apr 2007 13:52

Re: FW: lftp + ssl

lftp ftp://login:pass <at> ip:port/ -e "your command here; exit"

On Tue, 3 Apr 2007, Stauber Jürg (KISX 1) wrote:

> I like to use lftp in a script. But this way I'm not able to answer the request for the passpahrase.  So how can I
pass the requested passphrase trough a script ?
>
>
> Besten Dank und freundliche Grüsse
> jürg Stauber
>
>
>

headers

lu.guanqing | 3 Apr 2007 15:14

What is lftp ftps mode?

Hi Alex:

As I talked with you about lftp, it works with ftp mode. That is, it utilizes the default ports (20,21). However, my client persists in using lftp ftps mode, which utilizes ports (989,990).

On the server, I add three lines as following as restart the vsftpd service:

## three directives are added in the /etc/vsftpd/vsftpd.conf on the server

## ftps for lftp added by glu 02/04/2007

connect_from_port_20=YES

listen_port=990

ftp_data_port=989

root <at> scTEST:/etc/vsftpd$ service vsftpd restart

Shutting down vsftpd: [ OK ]

Starting vsftpd for vsftpd: [ OK ]

On the client, I'm failed when I try to connect to the server.

[scu <at> bl2c7b scu]$ lftp ftps://blxch2

lftp blxch2:~> debug 5

lftp blxch2:~> user sctest1

Mot de passe:

lftp sctest1 <at> blxch2:~> ls

---- Connexion à blxch2 (142.117.32.223) port 990

**** Erreur de socket (Connexion refusée) - reconnexion

---- Connexion à blxch2 (142.117.32.223) port 990

**** Erreur de socket (Connexion refusée) - reconnexion

What's wrong?

Thanks in advance.

Guanqing

-----Original Message-----
From: Alexander V. Lukyanov [mailto:lav <at> netis.ru]
Sent: Tuesday, April 03, 2007 12:20 AM
To: Lu, Guanqing (J3206)
Cc: Doucerain, Jerome (520031); lftp <at> uniyar.ac.ru
Subject: Re: ERROR: Certificate verification: unable to get local issuer certificate

On Mon, Apr 02, 2007 at 11:32:47AM -0400, lu.guanqing <at> bell.ca wrote:

> Certificate depth: 0; subject: /C=CA/ST=QUEBEC/L=MONTREAL/O=CONNEXIM/OU=Gestion Serveurs/CN=blxch2.qc.bell.ca; issuer: /C=CA/ST=QUEBEC/L=MONTREAL/O=CONNEXIM/OU=Gestion Serveurs/CN=Certification Authority/emailAddress=katy.belanger <at> connexim.ca

> ERROR: Certificate verification: unable to get local issuer certificate

> ls: Erreur fatale: SSL connect: unable to get local issuer certificate

>

> I put both

>

> set ssl:verify-certificate no

See if there is a more specific setting (like ssl:verify-certificate/blxch2) using:

lftp> set -a|grep verify-certificate

--

Alexander.

headers

lu.guanqing | 3 Apr 2007 15:06

RE: ERROR: Certificate verification: unable to get local issuer certificate

Hi, Alex

Thank you very much, this problem is resolved in half.

I can use lftp now but with following warning on yellow.

[scu <at> bl2c7b scu]$ lftp sctest1 <at> blxch2

Mot de passe:

lftp sctest1 <at> blxch2:~> debug 5

lftp sctest1 <at> blxch2:~> ls

---- Connexion à blxch2 (142.117.32.223) port 21

<--- 220 (vsFTPd 2.0.5)

---> AUTH TLS

<--- 234 Proceed with negotiation.

Certificate depth: 0; subject: /C=CA/ST=QUEBEC/L=MONTREAL/O=CONNEXIM/OU=Gestion Serveurs/CN=blxch2.xtx.gdu.ca; issuer: /C=CA/ST=QUEBEC/L=MONTREAL/O=CONNEXIM/OU=Gestion Serveurs/CN=Certification

WARNING: Certificate verification: unable to get local issuer certificate

WARNING: Certificate verification: certificate not trusted

WARNING: Certificate verification: unable to verify the first certificate

---> USER sctest1

<--- 331 Please specify the password.

---> PASS XXXX

<--- 230 Login successful.

---> PWD

<--- 257 "/home/sctest1"

---> PBSZ 0

<--- 200 PBSZ set to 0.

---> PROT P

<--- 200 PROT now Private.

---> PORT 142,117,32,206,156,148

<--- 200 PORT command successful. Consider using PASV.

---> LIST

<--- 150 Here comes the directory listing.

Certificate depth: 0; subject: /C=CA/ST=QUEBEC/L=MONTREAL/O=CONNEXIM/OU=Gestion Serveurs/CN=blxch2.xtx.gdu.ca; issuer: /C=CA/ST=QUEBEC/L=MONTREAL/O=CONNEXIM/OU=Gestion Serveurs/CN=Certification

WARNING: Certificate verification: unable to get local issuer certificate

WARNING: Certificate verification: certificate not trusted

WARNING: Certificate verification: unable to verify the first certificate

drwxrwxr-x 5 501 516 4096 Mar 28 13:19 Ingenico

-rw-rw-r-- 1 501 516 6915025 Aug 01 2006 OptimalInv20060801060001.txt

drwxrwxr-x 2 501 516 4096 Jul 25 2006 Phoenix Scrpts

-rw-rw-rw- 1 501 516 466 Aug 04 2006 ProviderRecontst.ctl

-rw-rw-r-- 1 501 516 371 Nov 10 2005 backup

drwxr-xr-x 3 501 516 4096 Oct 18 2005 cnit341e

drwxrwxr-x 3 501 516 4096 Oct 18 2005 cnit35e

-rwxrwxrwx 1 501 516 1646 Aug 10 2006 cxprovider_get_recon.sh

-rw------- 1 501 100 1614 Aug 09 2005 dead.letter

-rw-r--r-- 1 501 516 1014 Oct 11 2005 email.log

drwxr-xr-x 2 501 516 4096 Sep 15 2005 ftpcxmecf

drwxr-xr-x 2 501 516 4096 Oct 10 2005 ftpcxmenv

drwxr-xr-x 3 501 516 4096 Feb 23 2006 ftpcxmrec

-rw-r--r-- 1 501 516 0 Oct 11 2005 mail.log

drwxr-xr-x 4 501 516 4096 Oct 19 2005 optimal

drwxrwxr-x 2 501 516 4096 Jul 25 2006 phoenix.scripts

-rw-rw-r-- 1 501 516 2124 Aug 04 2006 provider.log

-rw-rw-r-- 1 501 516 1975 Aug 04 2006 providerrecon.bad

-rw-rw-r-- 1 501 516 6915025 Aug 01 2006 providerrecon.txt

-rw-rw-r-- 1 501 516 102 Nov 11 2005 restaure

-rw-rw-r-- 1 501 516 512 Nov 10 2005 restaure.sql

-rw-r--r-- 1 501 516 100700788 Oct 05 2005 sc.log.1

-rw-r--r-- 1 501 516 1010 Jul 27 2006 scheduler.log

-rw-r--r-- 1 501 516 1202 Jul 27 2006 server.log

-rw-r----- 1 501 516 73 Aug 01 2006 test1

drwxr-xr-x 2 501 516 4096 Jul 25 2006 transfert

drwxr-xr-x 3 501 502 4096 Apr 20 2005 unix

<--- 226 Directory send OK.

lftp sctest1 <at> blxch2:~> set -a |grep verify-certificate

set ssl:verify-certificate off

lftp sctest1 <at> blxch2:~> quit

---> QUIT

Best regards

Guanqing

-----Original Message-----
From: Alexander V. Lukyanov [mailto:lav <at> netis.ru]
Sent: Tuesday, April 03, 2007 12:20 AM
To: Lu, Guanqing (J3206)
Cc: Doucerain, Jerome (520031); lftp <at> uniyar.ac.ru
Subject: Re: ERROR: Certificate verification: unable to get local issuer certificate

On Mon, Apr 02, 2007 at 11:32:47AM -0400, lu.guanqing <at> bell.ca wrote:

> Certificate depth: 0; subject: /C=CA/ST=QUEBEC/L=MONTREAL/O=CONNEXIM/OU=Gestion Serveurs/CN=blxch2.qc.bell.ca; issuer: /C=CA/ST=QUEBEC/L=MONTREAL/O=CONNEXIM/OU=Gestion Serveurs/CN=Certification Authority/emailAddress=katy.belanger <at> connexim.ca

> ERROR: Certificate verification: unable to get local issuer certificate

> ls: Erreur fatale: SSL connect: unable to get local issuer certificate

>

> I put both

>

> set ssl:verify-certificate no

See if there is a more specific setting (like ssl:verify-certificate/blxch2) using:

lftp> set -a|grep verify-certificate

--

Alexander.

headers

ras-eric | 3 Apr 2007 18:30

Re: lftp: Support recursive get

Use the mirror command:
> mirror fonts/
see the manpage for all options...

ras-eric

On 4/2/07, Tobias Burnus < burnus <at> net-b.de> wrote:

Hi,

first, I would like to thank you for lftp which is a great program.
(Especially, SFTP support is great. I didn't know about that feature
until a second ago.)

However, lftp misses a feature which ncftp has: Recursive get.

For instance I want to download ftp://dante.ctan.org/pub/tex/fonts/lm/fonts/

In ncftp I can do:
ncftp ftp://dante.ctan.org/pub/tex/fonts/lm/
ncftp /pub/tex/fonts/lm > get -R fonts/

which transfers all 1043 files.

If I try it in lftp, I get the error:
lftp dante.ctan.org:/pub/tex/fonts/lm> get fonts/
get: Access failed: 550 fonts/: Not a regular file
and -r or -R is not available.

Tobias

headers

lu.guanqing | 3 Apr 2007 17:21

How to configure ftps protocol?

Hi, Alex:

It works well with lftp sftp. However, my client want to have lftp ftps:

My lftp client does not recognize ftps even though I installed the most recent lftp-3.5.10.

root <at> scDEV:/$ /usr/local/bin/lftp ftps://blxch2

lftp: ftps - not supported protocol

root <at> scDEV:/$ lftp ftps://blxch2

lftp blxch2:~> user sctest1

Password:

lftp sctest1 <at> blxch2:~> debug 5

lftp sctest1 <at> blxch2:~> ls

---- Connecting to blxch2 (142.117.32.223) port 990

ls: Fatal error: SSL connect: unknown protocol

root <at> scDEV:/root/patches/lftp-3.5.10$ /usr/local/bin/lftp --version

LFTP is free software, covered by the GNU General Public License, and you are

welcome to change it and/or distribute copies of it under certain conditions.

There is absolutely no warranty for LFTP. See COPYING for details.

Send bug reports and questions to <lftp <at> uniyar.ac.ru>.

Libraries used: Readline 4.3, Expat 1.95.5

When I put the following line in the /etc/lftp.conf

set ftps:initial-prot C

root <at> scDEV:/$ /usr/local/bin/lftp ftps://blxch2

lftp: ftps - not supported protocol

root <at> scDEV:/$ lftp ftps://blxch2

lftp blxch2:~> user sctest1

Password:

lftp sctest1 <at> blxch2:~> debug 5

lftp sctest1 <at> blxch2:~> ls

ls: Fatal error: SSL connect: unknown protocol

Any idea?

Thanks

Guanqing

-----Original Message-----
From: Alexander V. Lukyanov [mailto:lav <at> netis.ru]
Sent: Tuesday, April 03, 2007 12:20 AM
To: Lu, Guanqing (J3206)
Cc: Doucerain, Jerome (520031); lftp <at> uniyar.ac.ru
Subject: Re: ERROR: Certificate verification: unable to get local issuer certificate

On Mon, Apr 02, 2007 at 11:32:47AM -0400, lu.guanqing <at> bell.ca wrote:

> Certificate depth: 0; subject: /C=CA/ST=QUEBEC/L=MONTREAL/O=CONNEXIM/OU=Gestion Serveurs/CN=blxch2.qc.bell.ca; issuer: /C=CA/ST=QUEBEC/L=MONTREAL/O=CONNEXIM/OU=Gestion Serveurs/CN=Certification Authority/emailAddress=katy.belanger <at> connexim.ca

> ERROR: Certificate verification: unable to get local issuer certificate

> ls: Erreur fatale: SSL connect: unable to get local issuer certificate

>

> I put both

>

> set ssl:verify-certificate no

See if there is a more specific setting (like ssl:verify-certificate/blxch2) using:

lftp> set -a|grep verify-certificate

--

Alexander.

headers

lu.guanqing | 3 Apr 2007 20:49

RE: ERROR: Certificate verification: unable to get local issuer certificate

Hi, Alex:

On the server, I install most recently released version vsftpd-2.0.5 and add following directives and restart vsftpd:

## openssl for lftp added by glu 30/03/2007

ssl_enable=yes

force_local_data_ssl=YES

force_local_logins_ssl=YES

rsa_cert_file=/usr/share/ssl/certs/blxch2.pem

rsa_private_key_file=/usr/share/ssl/certs/blxch2.key

allow_anon_ssl=yes

##log_ftp_protocol=yes

vsftpd_log_file=/var/log/vsftpd.log

## ftps for lftp added by glu 02/04/2007

connect_from_port_20=YES

listen_port=990

ftp_data_port=989

On lftp client, I install most recently released version lftp-3.5.10 and configured with openssl; I also add following directives in the /etc/lftp.conf

## lftp added by glu 29/03/2007

set ftp:ssl-allow on

set ssl:verify-certificate off

set ftp:ssl-protect-data on

set ftp:passive off

set ftps:initial-prot "C"

With those new installations and configurations, lftp with ftps mode recognizes the directive ftps:initial-prot. However, it always says “SSL_connect: unknown protocol” with every possibility such as “C”, “S”, “E”, “P” or “”.

root <at> scDEV:/root/patches/lftp-3.5.10$lftp ftps://blxch2

lftp blxch2:~> user sctest1

Password:

lftp sctest1 <at> blxch2:~> debug 5

lftp sctest1 <at> blxch2:~> ls

---- Connecting to blxch2 (142.117.32.223) port 990

**** SSL_connect: unknown protocol

ls: Fatal error: SSL_connect: unknown protocol

lftp sctest1 <at> blxch2:~> set -a |grep ftps

set ftps:initial-prot ""

lftp sctest1 <at> blxch2:~> set ftps:initial-prot "C"

lftp sctest1 <at> blxch2:~> ls

---- Connecting to blxch2 (142.117.32.223) port 990

**** SSL_connect: unknown protocol

ls: Fatal error: SSL_connect: unknown protocol

lftp sctest1 <at> blxch2:~> set ftps:initial-prot "F"

F: must be one of: C, S, E, P, or empty.

lftp sctest1 <at> blxch2:~> set ftps:initial-prot "S"

lftp sctest1 <at> blxch2:~> ls

---- Connecting to blxch2 (142.117.32.223) port 990

**** SSL_connect: unknown protocol

ls: Fatal error: SSL_connect: unknown protocol

lftp sctest1 <at> blxch2:~> set ftps:initial-prot "E"

lftp sctest1 <at> blxch2:~> ls

---- Connecting to blxch2 (142.117.32.223) port 990

**** SSL_connect: unknown protocol

ls: Fatal error: SSL_connect: unknown protocol

lftp sctest1 <at> blxch2:~> set ftps:initial-prot "P"

lftp sctest1 <at> blxch2:~> ls

---- Connecting to blxch2 (142.117.32.223) port 990

**** SSL_connect: unknown protocol

ls: Fatal error: SSL_connect: unknown protocol

What should I do next, do you have any idea?

Thanks in advance!

Guanqing

-----Original Message-----
From: Alexander V. Lukyanov [mailto:lav <at> netis.ru]
Sent: Tuesday, April 03, 2007 12:20 AM
To: Lu, Guanqing (J3206)
Cc: Doucerain, Jerome (520031); lftp <at> uniyar.ac.ru
Subject: Re: ERROR: Certificate verification: unable to get local issuer certificate

On Mon, Apr 02, 2007 at 11:32:47AM -0400, lu.guanqing <at> bell.ca wrote:

> Certificate depth: 0; subject: /C=CA/ST=QUEBEC/L=MONTREAL/O=CONNEXIM/OU=Gestion Serveurs/CN=blxch2.qc.bell.ca; issuer: /C=CA/ST=QUEBEC/L=MONTREAL/O=CONNEXIM/OU=Gestion Serveurs/CN=Certification Authority/emailAddress=katy.belanger <at> connexim.ca

> ERROR: Certificate verification: unable to get local issuer certificate

> ls: Erreur fatale: SSL connect: unable to get local issuer certificate

>

> I put both

>

> set ssl:verify-certificate no

See if there is a more specific setting (like ssl:verify-certificate/blxch2) using:

lftp> set -a|grep verify-certificate

--

Alexander.

headers

Stauber Jürg (KISX 1 | 4 Apr 2007 10:18

RE: FW: lftp + ssl

Hi Justin,
I asked how to enter the passphrase for the certificate not the password.
I think I forgott to write that I'm using TLS ! 

Besten Dank und freundliche Grüsse
J.Stauber / KISX 1

-----Original Message-----
From: Justin Piszcz [mailto:jpiszcz <at> lucidpixels.com] 
Sent: Tuesday, April 03, 2007 1:52 PM
To: Stauber Jürg (KISX 1)
Cc: lftp <at> uniyar.ac.ru
Subject: Re: FW: lftp + ssl

lftp ftp://login:pass <at> ip:port/ -e "your command here; exit"

On Tue, 3 Apr 2007, Stauber Jürg (KISX 1) wrote:

> I like to use lftp in a script. But this way I'm not able to answer the request for the passpahrase.  So how can I
pass the requested passphrase trough a script ?
>
>
> Besten Dank und freundliche Grüsse
> jürg Stauber
>
>
>

23	May 2013
19	April 2013
27	March 2013
50	February 2013
46	January 2013
18	December 2012
11	November 2012
13	October 2012
12	September 2012
29	August 2012
32	July 2012
20	June 2012
17	May 2012
9	April 2012
21	March 2012
8	February 2012
20	January 2012
30	December 2011
52	November 2011
33	October 2011
46	September 2011
27	August 2011
15	July 2011
40	June 2011
15	May 2011
29	April 2011
13	March 2011
16	February 2011
7	January 2011
4	December 2010
9	November 2010
14	October 2010
5	September 2010
11	August 2010
17	July 2010
6	June 2010
4	May 2010
48	April 2010
25	March 2010
25	February 2010
16	January 2010
23	December 2009
26	November 2009
29	October 2009
27	September 2009
17	August 2009
21	July 2009
38	June 2009
34	May 2009
22	April 2009
15	March 2009
28	February 2009
8	January 2009
11	December 2008
38	November 2008
15	October 2008
15	September 2008
16	August 2008
25	July 2008
27	June 2008
41	May 2008
20	April 2008
15	March 2008
27	February 2008
24	January 2008
15	December 2007
36	November 2007
53	October 2007
30	September 2007
68	August 2007
25	July 2007
32	June 2007
14	May 2007
27	April 2007
16	March 2007
13	February 2007
20	January 2007
29	December 2006
17	November 2006
38	October 2006
21	September 2006
61	August 2006
17	July 2006
14	June 2006
23	May 2006
41	April 2006
26	March 2006
22	February 2006
19	January 2006
59	December 2005
38	November 2005
2	October 2005
1	June 2005
1	April 2004
1	February 2004
2	December 2003
2	November 2003
3	August 2003
3	May 2003
1	April 2003
2	March 2003
3	February 2003

Mon	Tue	Wed	Thu	Fri	Sat	Sun

						1
2	3	4	5	6	7	8
9	10	11	12	13	14	15
16	17	18	19	20	21	22
23	24	25	26	27	28	29
30