The other day I had to configure a box that had to fetch some files from another machine and transfer those files from the DMZ to an external bank. While I usually use SFTP for that, in that specific case i had no choice and had to use FTP/SSL. First thing that hurted me is that to fetch the certificate/private key that the bank created for me, I had to use Internet Explorer on a Windows machine ! Ouch ... (yeah, they use activex on the page you have to login to for the certificate request, you *can't* use openssl yourself to send them the CSR ...) bad, bad .. and also funny that they point you to an https website to read the documentation, in which they say how to import they Root CA (which obvsiouly you had to import yourself first to read the same manual ...) .. From that time i knew i'd have troubles ..
Okay, exporting the SSL certificate/private key from Internet Exploder, using openssl to convert to PEM and i had those ready to be used on my CentOS 5.4 VM. Lftp seems good for such task and supports ssl too .. After having configured my \~/.lftprc with the correct value (like ssl:key-file and ssl:cert-file) I wasn't able to connect : the message was : "Fatal error: gnutls_handshake: A TLS fatal alert has been received" . Hmm, strange. I decided to test with the RPMforge version (which is built against OpenSSL and not Gnutls) and that one worked correctly (without having changed the conf files). Okay it's now working but does that mean that the lftp package from 5.x doesn't work in ssl mode with a client certificate ? I've downgraded the package to the one present in the 5.x branch (before the 5.4) : lftp-3.5.1-2.fc6 instead of lftp-3.7.11-4.el5 and it worked perfectly with the same config files too. Sounds like a bug to me and not a config issue so i opened an bug upstreamand on the CentOS mantis system. Let's see how it goes. In the meantime (if you have the same issue) you can either downgrade to the lftp version you'll find in the 5.3 tree or update to the version from RPMforge.