PDA

View Full Version : Client certificate


fxp72
11-25-2018, 05:21 AM
Hello!

I have a proftpd server 1.3.5e (centos 7)
In Site Manager, Client Certificate is selected (the same CA as server certificate), Connection Type - explict SSL (AuthTLS), I connect to server, but but proftpd write to tls.log:

mod_tls/2.6[47626]: TLSv1.2 connection accepted, using cipher ECDHE-RSA-AES256-GCM-SHA384 (256 bits)
mod_tls/2.6[47626]: certificate serial number not printable
mod_tls/2.6[47626]: unable to set client certificate environ variables: Client certificate unavailable

if I set "TLSVerifyClient on" in proftpd config file, I can't connect at all.

proftpd wrote:
mod_tls/2.6[45837]: TLS/TLS-C requested, starting TLS handshake
mod_tls/2.6[45837]: unable to accept TLS connection: protocol error:
(1) error:140890C7:SSL routines:ssl3_get_client_certificate:peer did not return a certificate
mod_tls/2.6[45837]: SSL_shutdown error: SSL:
(1) error:140E0197:SSL routines:SSL_shutdown:shutdown while in init

FlashFXP wrote:
[14:13:49] [R] Connected to example.net
[14:13:49] [R] 220 FTP Server ready.
[14:13:49] [R] AUTH TLS
[14:13:49] [R] 234 AUTH TLS successful
[14:13:50] [R] SSL error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure
[14:13:50] [R] Failed TLSv1.2 negotiation, disconnected
[14:13:50] [R] Connection failed (Connection closed by client)


* FlashFXP v5.4.0, build [3970], [ ]registered, [x]unregistered, [ ]pirated
* OS [ ] Windows 8, [ ] Windows 7, [ ] WinXP, [x] Windows 10
* Running behind hardware router/firewall [x] Yes & Model [Microtic], [ ] No, [ ] Not sure
* Running software firewall [ ] Yes, Name [ ], Ver. [ ], or [x] No
* Running Antivirus [ ] Yes, Name [ ] or [x] No
* Internet Connection [ ] DSL, [x] CABLE, [ ] Other(specify)

msg7086
12-07-2018, 09:28 PM
I tested client certificate a while ago, and never got it working. My best guess is it's broken and won't be fixed in the next few years.