Mailinglist Archive: opensuse (856 mails)

< Previous Next >
Re: [opensuse] vsftpd and SSL failure WITH SOME PROGRESS
On 10/3/2016 11:40 PM, Admin Beckspaced wrote:

hello marc,

still kind of lost? i know how it feels being stuck with software problems ...
Yep, frustrating to say the least!

a few things that come to my mind.

if you're not really a SSL/TLS certificate pro i would recommend to give a test certificate a try.
this way you can narrow down errors or at least be sure that there's nothing wrong with the certificate.
OK, I tried a test certificate as well, got one from the site you recommended earlier, no joy! Same error messages when I use it.


in my vsftpd config i have SSL version 2 and 3 disabled.
please check yours, in the error log above it says sslv2/v3 error
if you disable ssl v2/3 in vsftpd how should one be able to connect?
I disabled both as well, no joy.

make sure openssl allows self signed certificates. there must be another --param for that too?
I cannot find any parameters for openssl that is used to allow/disallow self signed certificates.

importing certificates into windows. also here some problems are possible.

because with the certificate authority (CA) certificate you need to tell windows that this is a CA cert
the 'normal' cert. the one that got signed by your CA, can be installed with the default settings
Understood, but I don't think the test certificate was a self signed one and Windows FTP clients still complained when I was trying to use the test cert as well.

another thing ...

the permissions on the certificates for vsftpd must be very strict!
0600 / 0400 by root, otherwise vsftpd will complain
I double checked the permissions on the certificates and tried both variations as you suggested. No joy.

also ....

the 'home' folder of the system user, the folder which vsftpd is going to use,
Yep it is....

have fun debugging and best of luck ;)
Oh I am having fun alright! LOL Kinda on the shady side of being bemused... Now where is Lady Luck hiding these days?

greetings
becki


Ever onward... And thanks again for trying to help, this is a puzzler! Marc...


--
"The Truth is out there" - Spooky

--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >
List Navigation
Follow Ups