用于lftp从我网络上的两台计算机将文件上传到远程服务器。使用完全相同的代码,这在一台计算机上运行良好,但在另一台计算机上却不起作用。问题会话和成功会话的记录如下所示。我得到的错误是:
证书验证:证书通用名称与请求的主机名不匹配
谷歌搜索此错误会找到一个似乎对大多数人都有效的解决方案(使用:)set ssl:verify-certificate no。但正如您在下面的记录中看到的那样,这对“问题计算机”不起作用。
由于两台计算机使用相同的 DNS 和路由器上网,我只能假设这可能是由问题计算机上的不同设置引起的。除了lftp设置之外,还希望得到检查其他内容的建议。
问题计算机
原版 Debian 系统 jessie 8.7:3.16.0-4-amd64 #1 SMP Debian 3.16.39-1 (2016-12-30) x86_64 GNU/Linux
lftp正在使用的版本:
$ apt show lftp
Package: lftp
Version: 4.6.0-1+deb8u1
:
:
会话失败(主机名由“示例”替换):
$ lftp
lftp :~> debug
lftp :~> set
set dns:order "inet6 inet"
set file:charset UTF-8
set ftp:timezone ""
set net:max-retries 2
set net:timeout 30
set ssl:verify-certificate no
set xfer:log yes
set xfer:log-file /tmp/lftp.log
set xfer:max-log-size 1048576
set xfer:max-redirections 10
set xfer:verify-command /usr/share/lftp/verify-file
lftp :~> open example.nl
---- using user `[email protected]' and password from ~/.netrc
---- Resolving host address...
---- 2 addresses found: (▮▮▮▮▮▮▮▮, ▮▮▮▮▮▮▮▮)
lftp [email protected]@example.nl:~> dir
---- Connecting to example.nl (▮▮▮▮▮▮▮▮) port 21
**** connect(control_sock): Network is unreachable
---- Closing control socket
---- Connecting to example.nl (▮▮▮▮▮▮▮▮) port 21
<--- 220 ProFTPD 1.3.5b Server ready.
---> FEAT
<--- 211-Features:
<--- CCC
<--- PBSZ
<--- AUTH TLS
<--- MFF modify;UNIX.group;UNIX.mode;
<--- REST STREAM
<--- MLST modify*;perm*;size*;type*;unique*;UNIX.group*;UNIX.mode*;UNIX.owner*;
<--- LANG en-US.UTF-8*
<--- UTF8
<--- EPRT
<--- EPSV
<--- MDTM
<--- SSCN
<--- TVFS
<--- MFMT
<--- SIZE
<--- PROT
<--- 211 End
---> AUTH TLS
<--- 234 AUTH TLS successful
---> LANG
Certificate: OU=Domain Control Validated,OU=PositiveSSL Wildcard,CN=*.zxcs.nl
Issued by: C=GB,ST=Greater Manchester,L=Salford,O=COMODO CA Limited,CN=COMODO RSA Domain Validation Secure Server CA
WARNING: Certificate verification: Not trusted
WARNING: Certificate verification: certificate common name doesn't match requested host name ‘example.nl’
<--- 200 Using default language en_US.UTF-8
---> OPTS UTF8 ON
<--- 200 UTF8 set to on
---> OPTS MLST modify;perm;size;type;UNIX.group;UNIX.mode;UNIX.owner;
<--- 200 OPTS MLST modify;perm;size;type;UNIX.group;UNIX.mode;UNIX.owner;
---> USER [email protected]
<--- 331 Password required for [email protected]
---> PASS XXXX
<--- 230 User [email protected] logged in
---> PWD
<--- 257 "/" is the current directory
---> PBSZ 0
<--- 200 PBSZ 0 successful
---> PROT P
<--- 200 Protection set to Private
---> PASV
<--- 227 Entering Passive Mode (▮▮▮▮▮▮▮▮).
---- Connecting data socket to (▮▮▮▮▮▮▮▮) port 35302
---- Data connection established
---> LIST
<--- 150 Opening ASCII mode data connection for file list
Certificate: OU=Domain Control Validated,OU=PositiveSSL Wildcard,CN=*.zxcs.nl
Issued by: C=GB,ST=Greater Manchester,L=Salford,O=COMODO CA Limited,CN=COMODO RSA Domain Validation Secure Server CA
WARNING: Certificate verification: Not trusted
WARNING: Certificate verification: certificate common name doesn't match requested host name ‘ example.nl’
<--- 425 Unable to build data connection: Operation not permitted
---- Closing data socket
<--- 450 LIST: Operation not permitted
**** extra server response
ls: Fatal error: max-retries exceeded
lftp [email protected]@example.nl:/>
另一台计算机
基于 Debian 的 Raspbian jessie 8.0:4.4.38+ #938 Thu Dec 15 15:17:54 GMT 2016 armv6l GNU/Linux
在这台电脑上,我拥有完全相同的版本lftp:
$ apt show lftp
Package: lftp
Version: 4.6.0-1+deb8u1
:
:
但现在lftp会议没有出现任何问题:
$ lftp
lftp :~> debug
lftp :~> set
set dns:order "inet6 inet"
set file:charset UTF-8
set ftp:timezone ""
set net:max-retries 2
set net:timeout 30
set ssl:verify-certificate no
set xfer:log yes
set xfer:log-file /tmp/lftp.log
set xfer:max-log-size 1048576
set xfer:max-redirections 10
set xfer:verify-command /usr/share/lftp/verify-file
lftp :~> open example.nl
---- using user `[email protected]' and password from ~/.netrc
---- Resolving host address...
---- 2 addresses found: ▮▮▮▮▮▮▮▮, ▮▮▮▮▮▮▮▮
lftp [email protected]@example.nl:~> dir
---- Connecting to example.nl (▮▮▮▮▮▮▮▮) port 21
**** connect(control_sock): Network is unreachable
---- Closing control socket
---- Connecting to example.nl (▮▮▮▮▮▮▮▮) port 21
<--- 220 ProFTPD 1.3.5b Server ready.
---> FEAT
<--- 211-Features:
<--- CCC
<--- PBSZ
<--- AUTH TLS
<--- MFF modify;UNIX.group;UNIX.mode;
<--- REST STREAM
<--- MLST modify*;perm*;size*;type*;unique*;UNIX.group*;UNIX.mode*;UNIX.owner*;
<--- LANG en-US.UTF-8*
<--- UTF8
<--- EPRT
<--- EPSV
<--- MDTM
<--- SSCN
<--- TVFS
<--- MFMT
<--- SIZE
<--- PROT
<--- 211 End
---> AUTH TLS
<--- 234 AUTH TLS successful
---> LANG
Certificate: OU=Domain Control Validated,OU=PositiveSSL Wildcard,CN=*.zxcs.nl
Issued by: C=GB,ST=Greater Manchester,L=Salford,O=COMODO CA Limited,CN=COMODO RSA Domain Validation Secure Server CA
WARNING: Certificate verification: Not trusted
WARNING: Certificate verification: certificate common name doesn't match requested host name ‘example.nl’
<--- 200 Using default language en_US.UTF-8
---> OPTS UTF8 ON
<--- 200 UTF8 set to on
---> OPTS MLST modify;perm;size;type;UNIX.group;UNIX.mode;UNIX.owner;
<--- 200 OPTS MLST modify;perm;size;type;UNIX.group;UNIX.mode;UNIX.owner;
---> USER [email protected]
<--- 331 Password required for [email protected]
---> PASS XXXX
<--- 230 User [email protected] logged in
---> PWD
<--- 257 "/" is the current directory
---> PBSZ 0
<--- 200 PBSZ 0 successful
---> PROT P
<--- 200 Protection set to Private
---> PASV
<--- 227 Entering Passive Mode (▮▮▮▮▮▮▮▮).
---- Connecting data socket to (▮▮▮▮▮▮▮▮) port 35035
---- Data connection established
---> LIST
<--- 150 Opening ASCII mode data connection for file list
Certificate: OU=Domain Control Validated,OU=PositiveSSL Wildcard,CN=*.zxcs.nl
Issued by: C=GB,ST=Greater Manchester,L=Salford,O=COMODO CA Limited,CN=COMODO RSA Domain Validation Secure Server CA
WARNING: Certificate verification: Not trusted
WARNING: Certificate verification: certificate common name doesn't match requested host name ‘example.nl’
---- Got EOF on data connection
---- Closing data socket
drwxr-xr-x 11 ftp ftp 4096 Feb 11 16:56 .
drwxr-xr-x 11 ftp ftp 4096 Feb 11 16:56 ..
drwxr-xr-x 2 ftp ftp 4096 Dec 29 10:48 01.home
lftp [email protected]@example.nl:/>
答案1
正如评论所说,ssl:check-hostname 可以工作。可以在 lftp shell 中通过以下方式设置
set ssl:check-hostname no
答案2
我在 Amazon Linux 2 中遇到了类似的问题,下面的内容帮助了我。
附加文件“/etc/lftp.conf”并再次尝试连接。
vi /etc/lftp.conf并附加如下。
按照如下方式验证。
cat /etc/lftp.conf | grep hostname
set ssl:check-hostname no
答案3
该问题可能是由过时的 SSL 库引起的。
另外,如果它是服务器,则在其配置中ProFTPd添加一条提示。 你看过你的 ftp 服务器的日志吗?TLSOptions NoSessionReuseRequired