LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 10-12-2009, 11:35 AM   #1
Al_
Member
 
Registered: Jun 2009
Location: Switzerland
Distribution: Ubuntu
Posts: 35

Rep: Reputation: 15
curlftpfs and x509 client certificate


Hi
I like to use curlftpfs to mount a ftp server. It works as long as I do not use client certificates. However, the following command (italic for placeholders):
Code:
$ sudo curlftpfs -v -o cert=/home/john/my_cert.pem -o key=/home/john/my_cert_key.pem -o pass=mycertpass -o ssl -o allow_other -o user=ftpuser ftp://myserver.dyndns.org:1033/ /home/john/mountedftp/
produces this output:
Code:
Enter host password for user 'ftpuser':
* Couldn't find host myserver.dyndns.org in the .netrc file, using defaults
* About to connect() to myserver.dyndns.org port 1033 (#0)
*   Trying ???.???.???.???... * connected
* Connected to myserver.dyndns.org (???.???.???.???) port 1033 (#0)
< 220 (vsFTPd 2.0.7)
> AUTH SSL
< 234 Proceed with negotiation.
* found 140 certificates in /etc/ssl/certs/ca-certificates.crt
* error reading X.509 key or certificate file
* Closing connection #0
Error connecting to ftp: error reading X.509 key or certificate file
In an attempt to find the error, I used curl to list a directory on the ftp server. It works without any complaints. Thus, the server side is ok, certificates are ok, passwords are ok.
Any idea, what is wrong?
Regards
Al_
 
Old 10-25-2012, 10:46 AM   #2
Al_
Member
 
Registered: Jun 2009
Location: Switzerland
Distribution: Ubuntu
Posts: 35

Original Poster
Rep: Reputation: 15
OpenSSL (not gnutls) with curlftpfs?

It's a long time. The issue persists. After digging in the source code of curlftpfs and libcurl, I notice that the error message by curlftpfs ("error reading X.509 key or certificate file") comes from libcurl, specifically from a failed call to gnutls_certificate_set_x509_key_file (gtls.c, line 485). My client certificate is from OpenSSL. I now suspect that curl (by default) uses OpenSSL in libcurl, while curlftpfs uses gnutls. So, curl succeeds, and curlftpfs fails.

Is there a possibility to force curlftpfs to use OpenSSL in libcurl?

Regards

Al_
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
OpenSSL x509: Expecting: CERTIFICATE REQUEST chakkerz Linux - Networking 5 06-10-2010 11:28 AM
ssh with DER x509 certificate umarzuki Linux - Security 3 09-14-2009 08:15 PM
How can I create an X509 .pfx certificate from an existing gpg key pair? stardotstar Linux - Security 0 11-15-2007 06:37 PM
put x509 certificate inside a file feedback Linux - Security 0 04-28-2006 04:08 AM
Help with x509 certificate and freeswan cmisip Linux - Security 3 08-18-2003 11:18 PM


All times are GMT -5. The time now is 01:25 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration