Help answer threads with 0 replies.
Go Back > Forums > Linux Forums > Linux - Server
User Name
Linux - Server This forum is for the discussion of Linux Software used in a server related context.


  Search this Thread
Old 10-12-2009, 11:35 AM   #1
Registered: Jun 2009
Location: Switzerland
Distribution: Ubuntu
Posts: 35

Rep: Reputation: 15
curlftpfs and x509 client certificate

I like to use curlftpfs to mount a ftp server. It works as long as I do not use client certificates. However, the following command (italic for placeholders):
$ sudo curlftpfs -v -o cert=/home/john/my_cert.pem -o key=/home/john/my_cert_key.pem -o pass=mycertpass -o ssl -o allow_other -o user=ftpuser /home/john/mountedftp/
produces this output:
Enter host password for user 'ftpuser':
* Couldn't find host in the .netrc file, using defaults
* About to connect() to port 1033 (#0)
*   Trying ???.???.???.???... * connected
* Connected to (???.???.???.???) port 1033 (#0)
< 220 (vsFTPd 2.0.7)
< 234 Proceed with negotiation.
* found 140 certificates in /etc/ssl/certs/ca-certificates.crt
* error reading X.509 key or certificate file
* Closing connection #0
Error connecting to ftp: error reading X.509 key or certificate file
In an attempt to find the error, I used curl to list a directory on the ftp server. It works without any complaints. Thus, the server side is ok, certificates are ok, passwords are ok.
Any idea, what is wrong?
Old 10-25-2012, 10:46 AM   #2
Registered: Jun 2009
Location: Switzerland
Distribution: Ubuntu
Posts: 35

Original Poster
Rep: Reputation: 15
OpenSSL (not gnutls) with curlftpfs?

It's a long time. The issue persists. After digging in the source code of curlftpfs and libcurl, I notice that the error message by curlftpfs ("error reading X.509 key or certificate file") comes from libcurl, specifically from a failed call to gnutls_certificate_set_x509_key_file (gtls.c, line 485). My client certificate is from OpenSSL. I now suspect that curl (by default) uses OpenSSL in libcurl, while curlftpfs uses gnutls. So, curl succeeds, and curlftpfs fails.

Is there a possibility to force curlftpfs to use OpenSSL in libcurl?




Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
OpenSSL x509: Expecting: CERTIFICATE REQUEST chakkerz Linux - Networking 5 06-10-2010 11:28 AM
ssh with DER x509 certificate umarzuki Linux - Security 3 09-14-2009 08:15 PM
How can I create an X509 .pfx certificate from an existing gpg key pair? stardotstar Linux - Security 0 11-15-2007 06:37 PM
put x509 certificate inside a file feedback Linux - Security 0 04-28-2006 04:08 AM
Help with x509 certificate and freeswan cmisip Linux - Security 3 08-18-2003 11:18 PM

All times are GMT -5. The time now is 12:06 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration