-
-
Notifications
You must be signed in to change notification settings - Fork 286
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Interoperability with ProFTP TLSOptions NoCertRequest option. Client certificate prompt keeps showing up #9674
Comments
Can you let us know the IP address which will allow us to debug the SSL handshake that causes the prompt for the client certificate. |
Replying to [comment:2 dkocher]:
`178.254.6.69`, Port `21` |
|
The server is misconfigured and asking for a client certificate to authenticate
Please contact the server adminstrator. |
Replying to [comment:8 dkocher]:
I am the administrator. And, after tripple-checking every configuration line, I can assure you: the server's configured quite fine. To be honest, I don't know much about FTP, about TLS or where the heck that line you're citing above came from. But the way I understand it: No. The server is not asking for a certificate, it's just offering to read one, in case there is any. I fixed the issue server side using -Some FTP clients* are known to be buggy when handling a server's certificate request. This option causes the server not to include such a request during an SSL handshake. So, i.m.h.o. this is a bug. And since TLS mutual authentication has been in Cyberduck for over 2 years, yet the bug started showing up just now, it's a regression. |
Milestone renamed |
Ticket retargeted after milestone closed |
Milestone renamed |
Ticket retargeted after milestone closed |
Replying to [comment:4 c_scheurle]:
IP address does not seem to be reachable anymore. Any chance to provide a valid IP or open the firewall for our IP? I would like to track down this issue. |
Replying to [comment:14 yla]:
Unfortunately, my server isn't of any use in testing this issue: [comment:9 c_scheurle] wrote: > I fixed the issue server side using `TLSOptions NoCertRequest`. I'm doing a lot of work on the server right now (remote-editing files), so I'm afraid switching this off again is not an option (apart from the fact that the server belongs to my production system, is protected by a dynamic firewall and uses geo-blocking, so no idea how useful it'd be, anyway). :/ => Can't you use XAMPP (at least the version on my Mac included ProFTP) for local testing? |
You possibly need to unset the |
Milestone renamed |
Yesterday, I updated Cyberduck to the newest version (Version 5.1.0 (20872). Unfortunately, I don’t know which version I updated from, I hadn’t used (or updated) Cyberduck for a few weeks.
Anyway, everything used to work fine and now, it doesn’t: when I ftps into my server (psa-proftpd 1.3.4c-debian7.0.build115130626.18), Cyberduck keeps asking:
After clicking
Disconnect
I’m successfully logged into the server, but I’m being asked for a certificate almost every time I want to upload some file, which makes editing remote files utterly exhausting.In the server config
TLSVerifyClient
is set tooff
.SettingTLSOptions NoCertRequest
doesn’t change anythingThe contents of Cyberduck's log drawer and the complete debug log are attached below.
Attachments
debug.log
(55.0 KiB)drawer.log
(0.7 KiB)The text was updated successfully, but these errors were encountered: