R.A. Epigonos et al.

[Linux] lftpが出すCertificate verificationエラーを回避

lftp が "Fatal error: Certificate verification: Not trusted "というエラーを出すサーバのみそれを回避する。グローバルに ssl:verify-certificate no とするよりはマシ。

lftpのエラー出力


$ lftp -d -c " \
	set -a; \
	open YYYYYYYYYYYYYYYYYYY@ftp.XXXXXXXXXXXXXXXXXXXXXXXXX.jp; \
	rm -r .; \
	mirror --no-perms --reverse --delete --only-newer --verbose /path/to/XXXXXXXXXXXXXXXXXX.jp/ .; \
	exit; \
";
(snip)
rm: Fatal error: Certificate verification: Not trusted (XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX)
mirror: Fatal error: Certificate verification: Not trusted (XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX)
1 error detected

問題のあるサーバのみ回避


$ lftp -d -c " \
	set ssl:verify-certificate/XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX no; \
	set -a; \
	open YYYYYYYYYYYYYYYYYYY@ftp.XXXXXXXXXXXXXXXXXXXXXXXXX.jp; \
	rm -r .; \
	mirror --no-perms --reverse --delete --only-newer --verbose /path/to/XXXXXXXXXXXXXXXXXX.jp/ .; \
	exit; \
";
(snip)

opensslで証明書を表示、保存


$ echo "quit;" | openssl s_client -showcerts -connect ftp.XXXXXXXXXXXXXXXXXXXXXXXXX.jp:21 -starttls ftp | openssl x509 > ~/.lftp/ca-path/ftp.XXXXXXXXXXXXXXXXXXXXXXXXX.jp.21.crt
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R3
verify return:1
depth=0 CN = *.XXXXXXXXXXXXXXXXXXXXXXXXX.jp
verify return:1
220 Hello. XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.
DONE

ソーシャルブックマーク

  1. はてなブックマーク
  2. Google Bookmarks
  3. del.icio.us

ChangeLog

  1. Posted: 2007-08-21T14:47:27+09:00
  2. Modified: 2007-08-21T14:47:27+09:00
  3. Generated: 2022-09-29T23:09:10+09:00