A connection to a FTP site secured by TLS with a cross-signed certificate in the chain is failing with lftp. For instance, a certificate from Let’s Encrypt will always be considered invalid because of the famous “DST Root CA X3 expiration”. See: https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/ See the upstream issue: https://github.com/lavv17/lftp/issues/641 There’s already a fix merged upstream that will be included in next release: https://github.com/lavv17/lftp/pull/642 The patch can be applied directly to the latest version 4.9.2 as is, which is the current version both in MGA8 and Cauldron. It can be downloaded from GitHub: https://github.com/lavv17/lftp/commit/fd40ee3542d877c37ff129d5c9b02df21d20c6a0.patch I’ve successfully rebuilt the RPM locally on a Mageia 8. I think an update for MGA 8 would be useful... It should be included in Caudron too, as there no release planned anytime soon (4.9.2 has been released in August 2020!).
(In reply to Davy Defaud from comment #0) > A connection to a FTP site secured by TLS with a cross-signed certificate in > the chain is failing with lftp. For instance, a certificate from Let’s > Encrypt will always be considered invalid because of the famous “DST Root CA > X3 expiration”. > See: https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/ > > See the upstream issue: > https://github.com/lavv17/lftp/issues/641 > > There’s already a fix merged upstream that will be included in next release: > https://github.com/lavv17/lftp/pull/642 > > The patch can be applied directly to the latest version 4.9.2 as is, which > is the current version both in MGA8 and Cauldron. It can be downloaded from > GitHub: > > https://github.com/lavv17/lftp/commit/ > fd40ee3542d877c37ff129d5c9b02df21d20c6a0.patch > > I’ve successfully rebuilt the RPM locally on a Mageia 8. I think an update > for MGA 8 would be useful... It should be included in Caudron too, as there > no release planned anytime soon (4.9.2 has been released in August 2020!). Thanks, Davy, Assigning to all packagers collectively, since there is no registered maintainer for this package
CC: (none) => marja11Whiteboard: (none) => MGA8TOOVersion: 8 => CauldronAssignee: bugsquad => pkg-bugs
Suggested advisory: ======================== The updated packages fix lftp certificate chain verification with cross-signed certificates by relying on gnutls functions. References: https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/ https://github.com/lavv17/lftp/issues/641 https://bugs.mageia.org/show_bug.cgi?id=30826 ======================== Updated packages in core/updates_testing: ======================== lftp-4.9.2-2.1.mga8 lftp-scripts-4.9.2-2.1.mga8 lib(64)lftp0-4.9.2-2.1.mga8 lib(64)lftp-devel-4.9.2-2.1.mga8 from SRPM: lftp-4.9.2-2.1.mga8.src.rpm
Whiteboard: MGA8TOO => (none)Assignee: pkg-bugs => qa-bugsStatus: NEW => ASSIGNEDVersion: Cauldron => 8CC: (none) => nicolas.salguero
MGA8-64 Plasma on Acer Aspire 5253 No installation issues Ref bug 23374 for testing, so $ lftp mach1 lftp mach1:~> pwd ftp://mach1 lftp mach1:~> user herman Password: lftp herman@mach1:~> ls drwxr-xr-x 2 root root 4096 Sep 19 2005 2.6.9-11.EL drwxr-xr-x 2 root root 4096 Sep 19 2005 2.6.9-11.ELsmp and a load more...... lftp herman@mach1:~> reget wuustwezel.jpeg 82568 bytes transferred lftp herman@mach1:~> exit [tester8@mach7 ~]$ ls Charts/ Documents/ go/ Pictures/ Templates/ testsqliteupdate Videos/ Desktop/ Downloads/ Music/ qa-testing/ Tester8_0x4F555794_SECRET.asc tmp/ wuustwezel.jpeg Seems good to go.
CC: (none) => herman.viaeneWhiteboard: (none) => MGA8-64-OK
Validating. Advisory in Comment 2.
CC: (none) => andrewsfarm, sysadmin-bugsKeywords: (none) => validated_update
Keywords: (none) => advisoryCC: (none) => davidwhodgins
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGAA-2022-0125.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED