FTPS with PureFTP on Debian Lenny: certificate problems
 

Hi,

Failed trying to get PureFTP to support FTPS on a Debian Lenny system. I have followed the instruction sets:

* http://download.pureftpd.org/pub/pur...doc/README.TLS
* http://www.rasyid.net/2007/07/25/add...tp-in-freebsd/

The certificate has been created with

openssl req -x509 -nodes -config /path/to/openssl.cnf -extensions extname -newkey rsa:1024 -keyout pure-ftpd.pem -out pure-ftpd.pem

and extension has been defined as
[ extname ]
subjectAltName = DNS:ftp.this.domain, DNS:ftp.that.domain
extendedKeyUsage = 1.3.6.1.5.5.7.3.1

Everything is shiny when doing

openssl s_client -connect ftp.this.domain:21 -starttls ftp

But all client connections that are not ordered to ignore certificate checking fail. The best I have gotten out of it is

SSL/TLS error - 0, SSL error - 5, error:00000005:lib(0):func(0):DH lib
Winsock error 10054 (An existing connection was forcibly closed by the remote host. )
SSL Connection not established

Googling has not helped either. So I am stuck.

All ideas and good advice appreciated.