LFTP: gnutls_handshake: Public key signature verification has failed.

Question

Due to standard lftp from distro ( debian 7 ) not using openssl it will not work with TLS.

Trying to connect to a TLS encrypted FTP server gives me the following error:

gnutls_handshake: Public key signature verification has failed.

Answer 1

The solution is to install lftp manually and compile it with openssl.

Lftp does not come with OpenSSL support by default and it has to be compiled manually to work.

....................................................................

First, install the prerequisites:

apt-get install openssl build-essential libreadline-dev libssl-dev

Grab the lftp source bundle from here: http://lftp.yar.ru/

wget http://lftp.yar.ru/ftp/lftp-4.5.5.tar.gz

tar -xzf lftp*

cd lftp*

Configure it with openssl support:

./configure --prefix=/usr/local --with-openssl=/usr/lib

Make sure you see this line (or something similar) in the autoconf spam:

checking for openssl library... OPENSSL_LIBS="-lssl -lcrypto" OPENSSL_LDFLAGS="-L/usr/lib/lib -R/usr/lib/lib" OPENSSL_CPPFLAGS=-I/usr/lib/include

Now compile it:

make install

....................................................................

 

After this you will have to add the following to the lftp.conf

set ssl:verify-certificate off
set ftp:ssl-force true

....................................................................

Remember when installing manually you will probably have to specify the full path when running it

/usr/local/bin/lftp

....................................................................

Example:

/usr/local/bin/lftp -u "USER,PASSWORD" -p PORT -e "ls; quit" HOSTNAME

 

....................................................................