search

morris / vinyl-ftp

Blazing fast vinyl adapter for FTP
Other
388 stars 31 forks source link

Error: unable to verify the first certificate #51

Open Djuka opened 8 years ago

Djuka commented 8 years ago

Now I realise this might not be the issue of vinyl-ftp, but I am having a hard time understanding what is happening here. I have FTP configuration:

// config-ftp.js

module.exports = {
    host: 'ftp.xxxx.xx',
    user: 'yyyy@xxxx.xx',
    password: 'somepwd',
    parallel: 10,
    secure: true,
    secureOptions: true,
    log: require('gulp-util').log
};

Here is the task (just in case):

var gulp = require('gulp'),
    ftp = require('vinyl-ftp'),
    config = require('config-ftp');

gulp.task('deploy', function () {

    var conn = ftp.create(config);

    return gulp.src('build/**', {
            base: './',
            buffer: false
        })
        .pipe(conn.newer('/'))
        .pipe(conn.dest('/'));

});

This is the error I get:

ERROR Error: unable to verify the first certificate
    at Error (native)
    at TLSSocket.<anonymous> (_tls_wrap.js:1016:38)
    at emitNone (events.js:67:13)
    at TLSSocket.emit (events.js:166:7)
    at TLSSocket._finishInit (_tls_wrap.js:585:8) (UNABLE_TO_VERIFY_LEAF_SIGNATURE)
morris commented 8 years ago

Looks like TLS is not available or misconfigured at the target host. Does it work with regular FTP clients when forcing a TLS connection?

pablomaurer commented 8 years ago

I have the same issue and it works with regular ftp client (winscp).

Server config vsftpd:

ssl_tlsv: enabled
ssl_v2: disabled
ssl_v1: disabled
certificates: from letsencrypt
allow_anon_ssl: false
allow_anon: false
pasv_enable: true
pasv_adress: wan-ip

maybe with trial and error changing the server settings, I will find out whats causing the problem.

Error

Error: unable to verify the first certificate
    at Error (native)
    at TLSSocket.<anonymous> (_tls_wrap.js:1065:38)
    at emitNone (events.js:80:13)
    at TLSSocket.emit (events.js:179:7)
    at TLSSocket._init.ssl.onclienthello.ssl.oncertcb.TLSSocket._finishInit (_tls_wrap.js:593:8)
    at TLSWrap.ssl.onclienthello.ssl.oncertcb.ssl.onnewsession.ssl.onhandshakedone (_tls_wrap.js:425:38)

Fix

Got it working, i had to set secureOptions: {rejectUnauthorized: false}, although my certificates are valid.