Ubuntu 20.04
我使用 lftp 连接到服务器server2.obble.com.au。
我有Error fatal: Certificate verification: Not trusted (93:3C:6D:DE:E9:5C:9C:41:A4:0F:9F:50:49:3D:82:BE:03:AD:87:BF)
读完这个答案https://stackoverflow.com/a/44095714/3206025我补充道
set ssl:ca-file "/etc/ssl/certs/ca-certificates.crt"
在 ~/.lftp/rc 中以及启动 lftp 时,确保正确完成操作。我还检查了文件是否存在:
$ file /etc/ssl/certs/ca-certificates.crt
/etc/ssl/certs/ca-certificates.crt: PEM certificate
但问题依然发生。
$ lftp -c 'set ssl:ca-file "/etc/ssl/certs/ca-certificates.crt"; connect server2.obble.com.au; ls'
ls: Error fatal: Certificate verification: Not trusted (93:3C:6D:DE:E9:5C:9C:41:A4:0F:9F:50:49:3D:82:BE:03:AD:87:BF)
注意:不同于1243144,它描述了类似的行为,但由于服务器配置错误,但按照该问题的说明,我可以确认服务器配置正确,包括已安装叶证书。来自 openssl 的详细输出在这里有点长:
$ openssl s_client -showcerts -connect server2.obble.com.au:443
CONNECTED(00000003)
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R3
verify return:1
depth=0 CN = server2.obble.com.au
verify return:1
---
Certificate chain
0 s:CN = server2.obble.com.au
i:C = US, O = Let's Encrypt, CN = R3
-----BEGIN CERTIFICATE-----
MIIE9TCCA92gAwIBAgISBBU+LXFf7MeujNw5bi0TIXIBMA0GCSqGSIb3DQEBCwUA
MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
EwJSMzAeFw0yMzExMTcxMDM0MTFaFw0yNDAyMTUxMDM0MTBaMB8xHTAbBgNVBAMT
FHNlcnZlcjIub2JibGUuY29tLmF1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEA3xhWV/vULJTkKXV3AxwvWouB4xyVkVij4o5z+Wmgm7nnx8jJ5Bf2vcqv
4RSZxgR1q6JishxSPrNL02KijFQzKHXLityIIQ2ZKM6Xaibg9WqU1kWP49n7x02O
nFPElwpSMG1VT+TOwJ0cVY/pfQft9kBv8bte94wlGHpKPwovms8fSQLxmkVBhlyN
Fm8JHpOV0hVkl6M9ehkUWZz3BN6YxwFv9+69UzlTVwuFGSbzktpmehwh1OpdmHsE
bL6B5HeWvKureQuffjaPW27nwcOqKyApTc/PXnt9sJxHwK/hxm0KEdaJ8O2xGQAG
z9oALKUKF7Ta4SKXmY3yNb6F8ReLuQIDAQABo4ICFjCCAhIwDgYDVR0PAQH/BAQD
AgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAA
MB0GA1UdDgQWBBQicZukk6pDD448WTUsiqiggPR60jAfBgNVHSMEGDAWgBQULrMX
t1hWy65QCUDmH6+dixTCxjBVBggrBgEFBQcBAQRJMEcwIQYIKwYBBQUHMAGGFWh0
dHA6Ly9yMy5vLmxlbmNyLm9yZzAiBggrBgEFBQcwAoYWaHR0cDovL3IzLmkubGVu
Y3Iub3JnLzAfBgNVHREEGDAWghRzZXJ2ZXIyLm9iYmxlLmNvbS5hdTATBgNVHSAE
DDAKMAgGBmeBDAECATCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB2AEiw42vapkc0
D+VqAvqdMOscUgHLVt0sgdm7v6s52IRzAAABi90PVswAAAQDAEcwRQIhALXfrtV5
uvqSUzzLj6gyBxFJZZnsG7MJzztf3lj7aVT4AiAa/Pau/jrHC6R2tAOr8E9SbD+8
8yB/cL7dPDOoC9rgSgB2AO7N0GTV2xrOxVy3nbTNE6Iyh0Z8vOzew1FIWUZxH7Wb
AAABi90PVuwAAAQDAEcwRQIhAOvgeBomAoDPWXbAETf4Cw2XAj+fJ22PcdQzDHoN
ZBtlAiBQ/6NrfFG0Rbuk/ZWwqQ7WbTgZSjAOKHUkObcAB6FtKDANBgkqhkiG9w0B
AQsFAAOCAQEAsFAkjK6L3C5UYvVgHYUH2D0ZAWEh3Uw/U4SgxTa1Zihc46phXT6H
atW09QOnSAOAegOOu2vmqTGPvflgDKZZSjHHewxZFgbzM6pEf8hgQ49W+ut3pjWm
feHek51xflLh8Im6uVdpI1bWxwrsJP42SmO/8gmBbOr/xXWK/kCYI24vovx424wo
q74k1ho7ciHBXQfp+E9wlafhSnH6NwDhAu+vkgPlZjFw2NIEpplYaHn0hWzKFgdS
sbsZcbB0ASEWmRIAaPvuxFC3N2NUyvbs8q1ZXYT9aJcEE5IlogpMK5bMERzJmKmy
Xu2rjoA4PbhbDNzgTMfsmMRo86lU0n/PJQ==
-----END CERTIFICATE-----
1 s:CN = server2.obble.com.au
i:C = US, O = Let's Encrypt, CN = R3
-----BEGIN CERTIFICATE-----
MIIE9TCCA92gAwIBAgISBBU+LXFf7MeujNw5bi0TIXIBMA0GCSqGSIb3DQEBCwUA
MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
EwJSMzAeFw0yMzExMTcxMDM0MTFaFw0yNDAyMTUxMDM0MTBaMB8xHTAbBgNVBAMT
FHNlcnZlcjIub2JibGUuY29tLmF1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEA3xhWV/vULJTkKXV3AxwvWouB4xyVkVij4o5z+Wmgm7nnx8jJ5Bf2vcqv
4RSZxgR1q6JishxSPrNL02KijFQzKHXLityIIQ2ZKM6Xaibg9WqU1kWP49n7x02O
nFPElwpSMG1VT+TOwJ0cVY/pfQft9kBv8bte94wlGHpKPwovms8fSQLxmkVBhlyN
Fm8JHpOV0hVkl6M9ehkUWZz3BN6YxwFv9+69UzlTVwuFGSbzktpmehwh1OpdmHsE
bL6B5HeWvKureQuffjaPW27nwcOqKyApTc/PXnt9sJxHwK/hxm0KEdaJ8O2xGQAG
z9oALKUKF7Ta4SKXmY3yNb6F8ReLuQIDAQABo4ICFjCCAhIwDgYDVR0PAQH/BAQD
AgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAA
MB0GA1UdDgQWBBQicZukk6pDD448WTUsiqiggPR60jAfBgNVHSMEGDAWgBQULrMX
t1hWy65QCUDmH6+dixTCxjBVBggrBgEFBQcBAQRJMEcwIQYIKwYBBQUHMAGGFWh0
dHA6Ly9yMy5vLmxlbmNyLm9yZzAiBggrBgEFBQcwAoYWaHR0cDovL3IzLmkubGVu
Y3Iub3JnLzAfBgNVHREEGDAWghRzZXJ2ZXIyLm9iYmxlLmNvbS5hdTATBgNVHSAE
DDAKMAgGBmeBDAECATCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB2AEiw42vapkc0
D+VqAvqdMOscUgHLVt0sgdm7v6s52IRzAAABi90PVswAAAQDAEcwRQIhALXfrtV5
uvqSUzzLj6gyBxFJZZnsG7MJzztf3lj7aVT4AiAa/Pau/jrHC6R2tAOr8E9SbD+8
8yB/cL7dPDOoC9rgSgB2AO7N0GTV2xrOxVy3nbTNE6Iyh0Z8vOzew1FIWUZxH7Wb
AAABi90PVuwAAAQDAEcwRQIhAOvgeBomAoDPWXbAETf4Cw2XAj+fJ22PcdQzDHoN
ZBtlAiBQ/6NrfFG0Rbuk/ZWwqQ7WbTgZSjAOKHUkObcAB6FtKDANBgkqhkiG9w0B
AQsFAAOCAQEAsFAkjK6L3C5UYvVgHYUH2D0ZAWEh3Uw/U4SgxTa1Zihc46phXT6H
atW09QOnSAOAegOOu2vmqTGPvflgDKZZSjHHewxZFgbzM6pEf8hgQ49W+ut3pjWm
feHek51xflLh8Im6uVdpI1bWxwrsJP42SmO/8gmBbOr/xXWK/kCYI24vovx424wo
q74k1ho7ciHBXQfp+E9wlafhSnH6NwDhAu+vkgPlZjFw2NIEpplYaHn0hWzKFgdS
sbsZcbB0ASEWmRIAaPvuxFC3N2NUyvbs8q1ZXYT9aJcEE5IlogpMK5bMERzJmKmy
Xu2rjoA4PbhbDNzgTMfsmMRo86lU0n/PJQ==
-----END CERTIFICATE-----
2 s:C = US, O = Let's Encrypt, CN = R3
i:C = US, O = Internet Security Research Group, CN = ISRG Root X1
-----BEGIN CERTIFICATE-----
MIIFFjCCAv6gAwIBAgIRAJErCErPDBinU/bWLiWnX1owDQYJKoZIhvcNAQELBQAw
TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjAwOTA0MDAwMDAw
WhcNMjUwOTE1MTYwMDAwWjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg
RW5jcnlwdDELMAkGA1UEAxMCUjMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQC7AhUozPaglNMPEuyNVZLD+ILxmaZ6QoinXSaqtSu5xUyxr45r+XXIo9cP
R5QUVTVXjJ6oojkZ9YI8QqlObvU7wy7bjcCwXPNZOOftz2nwWgsbvsCUJCWH+jdx
sxPnHKzhm+/b5DtFUkWWqcFTzjTIUu61ru2P3mBw4qVUq7ZtDpelQDRrK9O8Zutm
NHz6a4uPVymZ+DAXXbpyb/uBxa3Shlg9F8fnCbvxK/eG3MHacV3URuPMrSXBiLxg
Z3Vms/EY96Jc5lP/Ooi2R6X/ExjqmAl3P51T+c8B5fWmcBcUr2Ok/5mzk53cU6cG
/kiFHaFpriV1uxPMUgP17VGhi9sVAgMBAAGjggEIMIIBBDAOBgNVHQ8BAf8EBAMC
AYYwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMBIGA1UdEwEB/wQIMAYB
Af8CAQAwHQYDVR0OBBYEFBQusxe3WFbLrlAJQOYfr52LFMLGMB8GA1UdIwQYMBaA
FHm0WeZ7tuXkAXOACIjIGlj26ZtuMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcw
AoYWaHR0cDovL3gxLmkubGVuY3Iub3JnLzAnBgNVHR8EIDAeMBygGqAYhhZodHRw
Oi8veDEuYy5sZW5jci5vcmcvMCIGA1UdIAQbMBkwCAYGZ4EMAQIBMA0GCysGAQQB
gt8TAQEBMA0GCSqGSIb3DQEBCwUAA4ICAQCFyk5HPqP3hUSFvNVneLKYY611TR6W
PTNlclQtgaDqw+34IL9fzLdwALduO/ZelN7kIJ+m74uyA+eitRY8kc607TkC53wl
ikfmZW4/RvTZ8M6UK+5UzhK8jCdLuMGYL6KvzXGRSgi3yLgjewQtCPkIVz6D2QQz
CkcheAmCJ8MqyJu5zlzyZMjAvnnAT45tRAxekrsu94sQ4egdRCnbWSDtY7kh+BIm
lJNXoB1lBMEKIq4QDUOXoRgffuDghje1WrG9ML+Hbisq/yFOGwXD9RiX8F6sw6W4
avAuvDszue5L3sz85K+EC4Y/wFVDNvZo4TYXao6Z0f+lQKc0t8DQYzk1OXVu8rp2
yJMC6alLbBfODALZvYH7n7do1AZls4I9d1P4jnkDrQoxB3UqQ9hVl3LEKQ73xF1O
yK5GhDDX8oVfGKF5u+decIsH4YaTw7mP3GFxJSqv3+0lUFJoi5Lc5da149p90Ids
hCExroL1+7mryIkXPeFM5TgO9r0rvZaBFOvV2z0gp35Z0+L4WPlbuEjN/lxPFin+
HlUjr8gRsI3qfJOQFy/9rKIJR0Y/8Omwt/8oTWgy1mdeHmmjk7j1nYsvC9JSQ6Zv
MldlTTKB3zhThV1+XWYp6rjd5JW1zbVWEkLNxE7GJThEUG3szgBVGP7pSWTUTsqX
nLRbwHOoq7hHwg==
-----END CERTIFICATE-----
3 s:C = US, O = Internet Security Research Group, CN = ISRG Root X1
i:O = Digital Signature Trust Co., CN = DST Root CA X3
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIQQAF3ITfU6UK47naqPGQKtzANBgkqhkiG9w0BAQsFADA/
MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
DkRTVCBSb290IENBIFgzMB4XDTIxMDEyMDE5MTQwM1oXDTI0MDkzMDE4MTQwM1ow
TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwggIiMA0GCSqGSIb3DQEB
AQUAA4ICDwAwggIKAoICAQCt6CRz9BQ385ueK1coHIe+3LffOJCMbjzmV6B493XC
ov71am72AE8o295ohmxEk7axY/0UEmu/H9LqMZshftEzPLpI9d1537O4/xLxIZpL
wYqGcWlKZmZsj348cL+tKSIG8+TA5oCu4kuPt5l+lAOf00eXfJlII1PoOK5PCm+D
LtFJV4yAdLbaL9A4jXsDcCEbdfIwPPqPrt3aY6vrFk/CjhFLfs8L6P+1dy70sntK
4EwSJQxwjQMpoOFTJOwT2e4ZvxCzSow/iaNhUd6shweU9GNx7C7ib1uYgeGJXDR5
bHbvO5BieebbpJovJsXQEOEO3tkQjhb7t/eo98flAgeYjzYIlefiN5YNNnWe+w5y
sR2bvAP5SQXYgd0FtCrWQemsAXaVCg/Y39W9Eh81LygXbNKYwagJZHduRze6zqxZ
Xmidf3LWicUGQSk+WT7dJvUkyRGnWqNMQB9GoZm1pzpRboY7nn1ypxIFeFntPlF4
FQsDj43QLwWyPntKHEtzBRL8xurgUBN8Q5N0s8p0544fAQjQMNRbcTa0B7rBMDBc
SLeCO5imfWCKoqMpgsy6vYMEG6KDA0Gh1gXxG8K28Kh8hjtGqEgqiNx2mna/H2ql
PRmP6zjzZN7IKw0KKP/32+IVQtQi0Cdd4Xn+GOdwiK1O5tmLOsbdJ1Fu/7xk9TND
TwIDAQABo4IBRjCCAUIwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw
SwYIKwYBBQUHAQEEPzA9MDsGCCsGAQUFBzAChi9odHRwOi8vYXBwcy5pZGVudHJ1
c3QuY29tL3Jvb3RzL2RzdHJvb3RjYXgzLnA3YzAfBgNVHSMEGDAWgBTEp7Gkeyxx
+tvhS5B1/8QVYIWJEDBUBgNVHSAETTBLMAgGBmeBDAECATA/BgsrBgEEAYLfEwEB
ATAwMC4GCCsGAQUFBwIBFiJodHRwOi8vY3BzLnJvb3QteDEubGV0c2VuY3J5cHQu
b3JnMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuaWRlbnRydXN0LmNvbS9E
U1RST09UQ0FYM0NSTC5jcmwwHQYDVR0OBBYEFHm0WeZ7tuXkAXOACIjIGlj26Ztu
MA0GCSqGSIb3DQEBCwUAA4IBAQAKcwBslm7/DlLQrt2M51oGrS+o44+/yQoDFVDC
5WxCu2+b9LRPwkSICHXM6webFGJueN7sJ7o5XPWioW5WlHAQU7G75K/QosMrAdSW
9MUgNTP52GE24HGNtLi1qoJFlcDyqSMo59ahy2cI2qBDLKobkx/J3vWraV0T9VuG
WCLKTVXkcGdtwlfFRjlBz4pYg1htmf5X6DYO8A4jqv2Il9DjXA6USbW1FzXSLr9O
he8Y4IWS6wY7bCkjCWDcRQJMEhg76fsO3txE+FiYruq9RUWhiF1myv4Q6W+CyBFC
Dfvp7OOGAN6dEOM4+qR9sdjoSYKEBpsr6GtPAQw4dy753ec5
-----END CERTIFICATE-----
---
Server certificate
subject=CN = server2.obble.com.au
issuer=C = US, O = Let's Encrypt, CN = R3
---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 5737 bytes and written 392 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID: 76FA5789029F7A54626DFC849E42C387800CD114AED18E27AEAC122CD4A04AAE
Session-ID-ctx:
Resumption PSK: F2692ECF00C4378E532381442F30DF024C48E832E999AEB6E464E16754C1859AE77F7F3EEBCEA5AD359214890B73B731
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 172800 (seconds)
TLS session ticket:
0000 - 20 b2 6f 76 76 e8 a5 99-a5 26 ab f1 9f 47 ae fa .ovv....&...G..
0010 - 4a 7a 17 a5 22 82 18 a8-2c cf c6 b0 c8 62 76 f7 Jz.."...,....bv.
0020 - 51 4f ac 95 21 0e 87 79-51 9f 73 a4 92 42 03 e7 QO..!..yQ.s..B..
0030 - 18 25 1f fa b0 d5 ca 24-80 45 58 f5 1c ab 81 ae .%.....$.EX.....
0040 - f8 63 83 8b 20 3a f9 01-48 3d b8 55 a3 e2 e5 2c .c.. :..H=.U...,
0050 - 90 db d6 f9 41 00 64 e4-e7 97 78 45 ce b9 b3 e0 ....A.d...xE....
0060 - 39 34 87 47 5a 58 c8 e4-ac e1 cb c7 86 dc 73 61 94.GZX........sa
0070 - fc 05 e9 a5 4a 43 90 10-1b 50 b2 b8 ec b1 9d 0d ....JC...P......
0080 - 11 dd 40 76 5e c5 c0 60-2b 97 86 22 ca 75 35 0e ..@v^..`+..".u5.
0090 - ac ef 24 a0 03 ab 78 a1-12 3f d6 eb 7a 5b bf 72 ..$...x..?..z[.r
00a0 - d3 33 c4 a5 40 32 4e b1-3f aa 4b d4 19 fe 5e 03 .3..@2N.?.K...^.
Start Time: 1701983103
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
Max Early Data: 0
---
read R BLOCK
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID: 388C5DC715E7B6D82F77917204190008C33BB648B073D62D823E32DA2B34BF6B
Session-ID-ctx:
Resumption PSK: 29973D94BC3B08AB1EA5FB0AA09F45FEB7462D76EDCDFDE2D78F134D9204450B773C3AA4D5FCC88E2A8AB8456DE5C245
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 172800 (seconds)
TLS session ticket:
0000 - 20 b2 6f 76 76 e8 a5 99-a5 26 ab f1 9f 47 ae fa .ovv....&...G..
0010 - 29 9c f4 f9 eb 92 d9 00-6a 99 2e 25 91 d4 58 29 ).......j..%..X)
0020 - 6a 20 ae c0 08 21 de a8-16 8c d9 cb e0 7c ab d2 j ...!.......|..
0030 - 98 ea bf f4 0c b4 85 57-87 60 c9 8c 7b 31 1a 55 .......W.`..{1.U
0040 - f9 08 43 f8 e6 0b 60 a1-ab ea 4b e4 4b 76 b4 f7 ..C...`...K.Kv..
0050 - 6e 0c 4f 66 45 64 d9 22-71 b9 c9 33 11 a6 c5 f1 n.OfEd."q..3....
0060 - 97 30 b5 cf 60 1e bd 81-1f 47 7d 4e de 2c 70 7b .0..`....G}N.,p{
0070 - 75 b6 c1 ca f6 c3 c8 14-33 ee 31 15 e7 cc c3 47 u.......3.1....G
0080 - 75 00 62 7e a0 e3 69 06-75 3d c4 aa c7 42 56 fb u.b~..i.u=...BV.
0090 - 39 4c 67 3e ad e7 f8 c1-b7 f8 0e 98 47 f5 36 d3 9Lg>........G.6.
00a0 - 18 b4 b2 65 a7 b5 4b f8-42 7f 80 ad f8 c4 b8 4c ...e..K.B......L
Start Time: 1701983103
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
Max Early Data: 0
---
read R BLOCK
closed
a@thinkpad:~$ openssl s_client -showcerts -connect server2.obble.com.au
^C
a@thinkpad:~$ openssl s_client -starttls ftp -connect server2.obble.com.au:21
CONNECTED(00000003)
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R3
verify return:1
depth=0 CN = server2.obble.com.au
verify return:1
---
Certificate chain
0 s:CN = server2.obble.com.au
i:C = US, O = Let's Encrypt, CN = R3
1 s:C = US, O = Let's Encrypt, CN = R3
i:C = US, O = Internet Security Research Group, CN = ISRG Root X1
2 s:C = US, O = Internet Security Research Group, CN = ISRG Root X1
i:O = Digital Signature Trust Co., CN = DST Root CA X3
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIE9TCCA92gAwIBAgISBBU+LXFf7MeujNw5bi0TIXIBMA0GCSqGSIb3DQEBCwUA
MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
EwJSMzAeFw0yMzExMTcxMDM0MTFaFw0yNDAyMTUxMDM0MTBaMB8xHTAbBgNVBAMT
FHNlcnZlcjIub2JibGUuY29tLmF1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEA3xhWV/vULJTkKXV3AxwvWouB4xyVkVij4o5z+Wmgm7nnx8jJ5Bf2vcqv
4RSZxgR1q6JishxSPrNL02KijFQzKHXLityIIQ2ZKM6Xaibg9WqU1kWP49n7x02O
nFPElwpSMG1VT+TOwJ0cVY/pfQft9kBv8bte94wlGHpKPwovms8fSQLxmkVBhlyN
Fm8JHpOV0hVkl6M9ehkUWZz3BN6YxwFv9+69UzlTVwuFGSbzktpmehwh1OpdmHsE
bL6B5HeWvKureQuffjaPW27nwcOqKyApTc/PXnt9sJxHwK/hxm0KEdaJ8O2xGQAG
z9oALKUKF7Ta4SKXmY3yNb6F8ReLuQIDAQABo4ICFjCCAhIwDgYDVR0PAQH/BAQD
AgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAA
MB0GA1UdDgQWBBQicZukk6pDD448WTUsiqiggPR60jAfBgNVHSMEGDAWgBQULrMX
t1hWy65QCUDmH6+dixTCxjBVBggrBgEFBQcBAQRJMEcwIQYIKwYBBQUHMAGGFWh0
dHA6Ly9yMy5vLmxlbmNyLm9yZzAiBggrBgEFBQcwAoYWaHR0cDovL3IzLmkubGVu
Y3Iub3JnLzAfBgNVHREEGDAWghRzZXJ2ZXIyLm9iYmxlLmNvbS5hdTATBgNVHSAE
DDAKMAgGBmeBDAECATCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB2AEiw42vapkc0
D+VqAvqdMOscUgHLVt0sgdm7v6s52IRzAAABi90PVswAAAQDAEcwRQIhALXfrtV5
uvqSUzzLj6gyBxFJZZnsG7MJzztf3lj7aVT4AiAa/Pau/jrHC6R2tAOr8E9SbD+8
8yB/cL7dPDOoC9rgSgB2AO7N0GTV2xrOxVy3nbTNE6Iyh0Z8vOzew1FIWUZxH7Wb
AAABi90PVuwAAAQDAEcwRQIhAOvgeBomAoDPWXbAETf4Cw2XAj+fJ22PcdQzDHoN
ZBtlAiBQ/6NrfFG0Rbuk/ZWwqQ7WbTgZSjAOKHUkObcAB6FtKDANBgkqhkiG9w0B
AQsFAAOCAQEAsFAkjK6L3C5UYvVgHYUH2D0ZAWEh3Uw/U4SgxTa1Zihc46phXT6H
atW09QOnSAOAegOOu2vmqTGPvflgDKZZSjHHewxZFgbzM6pEf8hgQ49W+ut3pjWm
feHek51xflLh8Im6uVdpI1bWxwrsJP42SmO/8gmBbOr/xXWK/kCYI24vovx424wo
q74k1ho7ciHBXQfp+E9wlafhSnH6NwDhAu+vkgPlZjFw2NIEpplYaHn0hWzKFgdS
sbsZcbB0ASEWmRIAaPvuxFC3N2NUyvbs8q1ZXYT9aJcEE5IlogpMK5bMERzJmKmy
Xu2rjoA4PbhbDNzgTMfsmMRo86lU0n/PJQ==
-----END CERTIFICATE-----
subject=CN = server2.obble.com.au
issuer=C = US, O = Let's Encrypt, CN = R3
---
No client certificate CA names sent
Peer signing digest: SHA512
Peer signature type: RSA
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 4993 bytes and written 448 bytes
Verification: OK
---
New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Session-ID: 18ACFB2483C8A9E1D6C4C60186273BCE2FD68D7127811263A267A3CF1BB7BAA2
Session-ID-ctx:
Master-Key: F60FDA071D6CCFAAF4A80CC15B5062962A8EB51B88014C49E92BB55B4ABE36DB6777546F4F299157323D0625A944495B
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 3600 (seconds)
TLS session ticket:
0000 - 3d ff 1f 0f ec 33 c0 de-8b c9 48 e7 50 28 a8 d7 =....3....H.P(..
0010 - e8 81 6c 75 97 4a 13 24-53 8e 37 b4 41 c2 9a 37 ..lu.J.$S.7.A..7
0020 - f3 d4 c0 b7 3f d5 5e 2e-85 d0 dc 23 32 27 15 16 ....?.^....#2'..
0030 - 57 e8 b8 6d 9a 6d 09 d8-1e 03 b0 f0 8c 24 47 62 W..m.m.......$Gb
0040 - c9 3f 7a 52 c0 b8 09 8d-c8 47 29 35 c6 b2 4e ad .?zR.....G)5..N.
0050 - 5e 69 2b 55 52 85 e3 84-ac 09 04 c0 9e 7c b4 99 ^i+UR........|..
0060 - b7 81 7d c3 25 53 98 61-41 66 ba 5f bc d5 4a 28 ..}.%S.aAf._..J(
0070 - 0b 87 a4 3b 6e 74 36 17-ce 31 37 3e e3 8e 6a 0e ...;nt6..17>..j.
0080 - de b6 ae 66 fe 8a 78 ee-eb ce 66 56 d1 43 32 42 ...f..x...fV.C2B
0090 - 1a 92 cf 3c 59 65 8a 0d-69 e5 ff fb 23 58 d9 7c ...<Ye..i...#X.|
00a0 - ab 94 cf a6 2a 64 56 70-a4 b8 01 b8 c1 58 c6 6a ....*dVp.....X.j
00b0 - a2 20 aa 79 d8 cc 46 84-d0 aa 84 a9 5e d2 56 86 . .y..F.....^.V.
Start Time: 1701983122
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
---
220 You will be disconnected after 15 minutes of inactivity.
答案1
这是一个lftp 中的错误这是在最新版本的 Ubuntu 中已修复但不是在 20.04。