ssl 在 vsftpd 中不工作;写:错误号=32

tag-icon tag-icon openssl ssl vsftpd
ssl 在 vsftpd 中不工作;写:错误号=32

这是我尝试过的:

1) vsftpd.pem created using the following self-signed certificate: 
openssl req -x509 -nodes -newkey rsa:4096 -keyout $certname -out $certname -days 365
2) owner/permissions: root/0600
3) vsftpd config:
pam_service_name=vsftpd
ssl_enable=YES
rsa_cert_file=/etc/ssl/private/vsftpd.pem
rsa_private_key_file=/etc/ssl/private/vsftpd.pem
#ssl_ciphers=HIGH
ssl_ciphers=TLSv1.2
allow_anon_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES
require_ssl_reuse=NO
pasv_min_port=40000
pasv_max_port=40010
anon_mkdir_write_enable=NO
anon_root=/srv/ftp
anon_upload_enable=NO
chroot_local_user=NO
ftpd_banner=Welcome message
idle_session_timeout=900
log_ftp_protocol=YES
max_clients=10
max_per_ip=3
pasv_enable=YES
ssl_sslv2=NO
ssl_sslv3=YES
ssl_tlsv1=YES
xferlog_enable=YES
debug_ssl=YES

我知道所有配置都是正确的;我似乎找不到问题所在。这是我运行以下命令时得到的结果(xxx.xxx.xxx.xxx代表本地IP地址,我也尝试过使用localhost,结果是相同的):

openssl s_client -connect xxx.xxx.xxx.xxx:21 -showcerts -starttls ftp
CONNECTED(00000003)
write:errno=32
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 72 bytes and written 10 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : 0000
    Session-ID:
    Session-ID-ctx:
    Master-Key:
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1561132486
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---

当我运行 strace 时,我一开始就得到以下信息:

strace /usr/sbin/vsftpd /etc/vsftpd.conf
sapr3pr:/etc/ssl/private # strace /usr/sbin/vsftpd /etc/vsftpd.conf
execve("/usr/sbin/vsftpd", ["/usr/sbin/vsftpd", "/etc/vsftpd.conf"], [/* 62 vars */]) = 0
brk(0)                                  = 0x55a42f75a000
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7faf6a044000
access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=120628, ...}) = 0
mmap(NULL, 120628, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7faf6a026000
close(3)                                = 0

'没有这样的文件或目录' !!??这意味着什么?配置文件中创建的文件的路径是正确的:

配置文件:

ls -ltrha /etc/ssl/private/
total 16K
drwxr-xr-x 1 root root   72 Feb 25  2018 ..
lrwxrwxrwx 1 root root   22 Jun 21 11:40 vsftpd.pem -> 20190621_CERT.pem
drwx------ 1 root root   90 Jun 21 11:40 .
-rw------- 1 root root 5.4K Jun 21 11:43 20190621_CERT.pem

注意:软链接或直接链接产生相同的结果。

将不胜感激一些意见。谢谢。

相关内容