Bug 2182418

Summary: lftp : Connection to site fails with certificate verification error
Product: Red Hat Enterprise Linux 8 Reporter: Ravindra Patil <ravpatil>
Component: lftpAssignee: Michal Ruprich <mruprich>
Status: VERIFIED --- QA Contact: Ondrej Mejzlik <omejzlik>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 8.6CC: mruprich, omejzlik, peter.vreman, sbalasub
Target Milestone: rcKeywords: Triaged
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: lftp-4.8.4-3.el8 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Ravindra Patil 2023-03-28 15:14:48 UTC 
Description of problem:

lftp not working with re-newed certificates

- The certificates were expired for site. 

- We got new Certificates and replaced the files used by Apache (Web Server). 

- The CA Chain is not changed. Only certificate re-newed

- The certificates work everywhere for same site(e.g. various webbrowsers, curl, openssl connect, gnutls-cli) except for lftp.

-  lftp connection works fine on disabling the ssl verification.


Version-Release number of selected component (if applicable):
lftp-4.8.4-2.el8.x86_64.rpm

How reproducible:

- Renew ceritificates and try connect to site through lftp with SSL enabled 

Steps to Reproduce:
1.  Obtain re-newed certificate
2.  Move them to respective locations as per apache configuration
3.  Try connecting over lftp with SSL enabled

# lftp site-name.example.com 

Actual results:

Connection fails with error "Fatal error: Certificate verification: Not trusted: no issuer was found (C4:3F:D4:BD:3C:BA:B7:8C:45:B1:6B:87:3B:C0:7B:A4:CF:32:99:A2)

Expected results:
Secure connection should be established, as it does for other tools like curl, openssl connect etc. 

Additional info:
Possibly hiting https://github.com/lavv17/lftp/issues/641 
Fixed by https://github.com/lavv17/lftp/pull/642.

Similar issue seen on fedora
https://bugzilla.redhat.com/show_bug.cgi?id=1477048