getting error: Primary connection and data connection certif
Moderator: Project members
getting error: Primary connection and data connection certif
When downloading from a drftpd server, i am getting some errors on files. the error is: Primary connection and data connection certificates don't match.
When getting this error, it skips the file and moves on to the next file.
Any idea why this happens? LFTP does not do this. I tried the same download with both clients. I am using Fedora 9 with filezilla 3.0.11.1.
When getting this error, it skips the file and moves on to the next file.
Any idea why this happens? LFTP does not do this. I tried the same download with both clients. I am using Fedora 9 with filezilla 3.0.11.1.
Re: getting error: Primary connection and data connection certif
It's a security measure. If control connection and data connection certificates do not match, it is usually a sign of an attacker trying to push malicious files onto you.
Please upgrade to a better server.
Please upgrade to a better server.
Re: getting error: Primary connection and data connection certif
Any way to turn off this security measure? This is a trusted server and I would like to use Filezilla on it.
Re: getting error: Primary connection and data connection certif
No. But you can download the source code of FileZilla, perform the necessary changes (easy to find) and compile a new executable for yourself.
Re: getting error: Primary connection and data connection certif
Any clues on what source file to start looking in?
Re: getting error: Primary connection and data connection certif
Looks like i found it.
{
if (m_implicitTrustedCert.size != cert_list[0].size ||
memcmp(m_implicitTrustedCert.data, cert_list[0].data, cert_list[0].size))
{
m_pOwner->LogMessage(::Error, _("Primary connection and data connection certificates don't match."));
Failure(0, ECONNABORTED);
return FZ_REPLY_ERROR;
}
TrustCurrentCert(true);
if (m_tlsState != conn)
return FZ_REPLY_ERROR;
return FZ_REPLY_OK;
}
I'm just not sure how to disable it. i am no programmer.
{
if (m_implicitTrustedCert.size != cert_list[0].size ||
memcmp(m_implicitTrustedCert.data, cert_list[0].data, cert_list[0].size))
{
m_pOwner->LogMessage(::Error, _("Primary connection and data connection certificates don't match."));
Failure(0, ECONNABORTED);
return FZ_REPLY_ERROR;
}
TrustCurrentCert(true);
if (m_tlsState != conn)
return FZ_REPLY_ERROR;
return FZ_REPLY_OK;
}
I'm just not sure how to disable it. i am no programmer.
Re: getting error: Primary connection and data connection certif
It is not always you have control of what ftp server you are connecting to. There for, saying you should get a better ftp server software is not realy helping.
There are other ftp clients where you can turn off this featur, or ignore its security precautions. As it is for me, I don't realy think there is "sign of an attacker trying to push malicious files onto you". It's just some lazy ftp-admin that don't care about certificates and just cares about the encryption.
I guess I should post this as feature request. There should be a checkbox in the preffernce window where you can disable certificates mismatch. Or better, to have this box per site, in the site manager window. In that way I could just disable those sites I think is safe.
To answer nix4me. It would be safe just to uncomment the "if" clause. I.E. The if line to 6 lines down.
There are other ftp clients where you can turn off this featur, or ignore its security precautions. As it is for me, I don't realy think there is "sign of an attacker trying to push malicious files onto you". It's just some lazy ftp-admin that don't care about certificates and just cares about the encryption.
I guess I should post this as feature request. There should be a checkbox in the preffernce window where you can disable certificates mismatch. Or better, to have this box per site, in the site manager window. In that way I could just disable those sites I think is safe.
To answer nix4me. It would be safe just to uncomment the "if" clause. I.E. The if line to 6 lines down.
Re: getting error: Primary connection and data connection certif
insert the /* */ where I put them.nix4me wrote:I'm just not sure how to disable it. i am no programmer.
Code: Select all
{
/*if (m_implicitTrustedCert.size != cert_list[0].size ||
memcmp(m_implicitTrustedCert.data, cert_list[0].data, cert_list[0].size))
{
m_pOwner->LogMessage(::Error, _("Primary connection and data connection certificates don't match."));
Failure(0, ECONNABORTED);
return FZ_REPLY_ERROR;
}*/
TrustCurrentCert(true);
if (m_tlsState != conn)
return FZ_REPLY_ERROR;
return FZ_REPLY_OK;
}
---OR---
Code: Select all
{
if (m_implicitTrustedCert.size != cert_list[0].size ||
memcmp(m_implicitTrustedCert.data, cert_list[0].data, cert_list[0].size))
{
m_pOwner->LogMessage(::Error, _("Primary connection and data connection certificates don't match."));
/*Failure(0, ECONNABORTED);
return FZ_REPLY_ERROR;*/
}
TrustCurrentCert(true);
if (m_tlsState != conn)
return FZ_REPLY_ERROR;
return FZ_REPLY_OK;
}
Then compile the altered source code..
Re: getting error: Primary connection and data connection certif
That's quite some security vulnerability if you disable it.