Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

FTP SSL/TLS certificate handling #214

Closed
graxlop opened this issue Feb 23, 2016 · 8 comments
Closed

FTP SSL/TLS certificate handling #214

graxlop opened this issue Feb 23, 2016 · 8 comments

Comments

@graxlop
Copy link

graxlop commented Feb 23, 2016

Hello,

Would you consider the idea of changing how self-signed aka "untrusted" certificates are handled? Currently, they just hardfail if they aren't signed by a trusted certificate authority, but I think it might be a good idea to have a dialog prompting a yes/no with the certificate fingerprint being shown, this would allow users to accept or reject based on checking the fingerprint, rather than blindly trusting the CA system.

I've noticed that many users simply disable all forms of verification (set ssl:verify-certificate false) when they come across a self-signed certificate, so I can only see this as a security improvement.

Thanks
@lavv17
Copy link
Owner

lavv17 commented Feb 24, 2016

Unfortunately, lftp is designed in a fashion of not asking any questions. The only question it asks is about password when logging in (well, maybe for the proxy password too). In these cases the question is expected by the user and is caused by user's action. I don't want lftp to ask questions caused by server's replies.

OTOH, it may be useful to add some certificate details in the error message. Currently they are only output in the debug.

@graxlop
Copy link
Author

graxlop commented Feb 24, 2016

In the case of a self-signed certificate, the user already has to make a decision based on the server's replies, either disable verification (most likely to happen), or choose not to connect at all.

I think it would only be of benefit to provide a yes/no prompt in such cases. Otherwise, you end up in a situation where the user is blindly accepting a self-signed certificate with no way of validating it against the fingerprint.

This type of behavior also prevents secure FTP over TLS when connecting to an IP address directly, as you can't obtain a CA-signed certificate for an IP address.

@lavv17
Copy link
Owner

lavv17 commented Feb 26, 2016

I'll add the certificate fingerprint to the error message and allow disabling strict verification for a single certificate by its fingerprint.

@lavv17
Copy link
Owner

lavv17 commented Mar 14, 2016

Please try 7270538

@graxlop
Copy link
Author

graxlop commented Mar 15, 2016

The fingerprint shows up, but I don't see the option to allow it.

@lavv17
Copy link
Owner

lavv17 commented Mar 16, 2016

set ssl:verify-certificate/FI:NG:ER:PR:IN:T:HE:RE no

@graxlop
Copy link
Author

graxlop commented Mar 20, 2016

Looks good, thanks.

@lavv17 lavv17 closed this as completed Mar 21, 2016
@sebma
Copy link

sebma commented Aug 3, 2023

@lavv17 Thanks, I just added that into my ~/.lftprc.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@lavv17 @sebma @graxlop