Re: same Error even with later version
@gireesh: Do you mean that versions before 5.9.3 work for you and later versions do not?
A session log file is always useful.
A session log file is always useful.
- martin
Post a reply
Before posting, please read how to report bug or request support effectively.
Bug reports without an attached log file are usually useless.
Topic review
- gireesh
same Error even with later version
Hi, I am still experiencing same issue with 5.16.4 rc. please let me know if you need details such as logs etc.
Thanks Gireesh
Thanks Gireesh
- Makc666
Thank you Martin!
Just for history:
https://winscp.net/tracker/1490
Also added the link to the first post.
Just for history:
https://winscp.net/tracker/1490
Also added the link to the first post.
- martin
Thanks for testing! I do not need any more tests.
- Makc666
Martin,
the one you sent me works well (v5.10 Dev Build 7191 2016-12-16).
I tested withOUT
Do you need some other tests from me to do with this case?
Thanks!
the one you sent me works well (v5.10 Dev Build 7191 2016-12-16).
I tested withOUT
-passphrase and -passphrase=pass.
Do you need some other tests from me to do with this case?
Thanks!
- martin
I'm sending you an email with a development version of WinSCP to the address you have used to register on this forum.
- Makc666
Martin, here is the archive with the certificates and scripts to test.
One certificate with NO password.
Second certificate with password. Password it "test" - also it is listed in .txt file inside archive.
Put proper version of
to folders:
One more comment.
When you try to use that .PFX file with NO password in WinSCP.exe v5.9.3 you will get a windows with "Client certificate passphrase" request (attached).
If you do the same in WinSCP.exe v5.9.1 there will be no problems.
One certificate with NO password.
Second certificate with password. Password it "test" - also it is listed in .txt file inside archive.
Put proper version of
WinSCP.com
WinSCP.exe
to folders:
WinSCP v5.9.1
WinSCP v5.9.3
One more comment.
When you try to use that .PFX file with NO password in WinSCP.exe v5.9.3 you will get a windows with "Client certificate passphrase" request (attached).
If you do the same in WinSCP.exe v5.9.1 there will be no problems.
- martin
Can you provide me a sample certificate for testing?
- Makc666
Martin, you need any more information from me to look into this one?
- Makc666
And one more note.
According to:
https://winscp.net/eng/docs/history
5.9.3
Support for non-ASCII passphrases to client certificate files (.pfx/.p12 format). 1461
https://winscp.net/tracker/1461#c1
This can be connected with this change.
According to:
https://winscp.net/eng/docs/history
5.9.3
Support for non-ASCII passphrases to client certificate files (.pfx/.p12 format). 1461
https://winscp.net/tracker/1461#c1
This can be connected with this change.
- Makc666
Here are two logs.
One from WinSCP 5.9.1 and other from WinSCP 5.9.3.
The only difference is WinSCP version.
No other changes.
Note at lines:
WinSCP_v5-9-1_Good.txt
WinSCP_v5-9-3_Bad.txt
One from WinSCP 5.9.1 and other from WinSCP 5.9.3.
The only difference is WinSCP version.
No other changes.
Note at lines:
WinSCP_v5-9-1_Good.txt
. 2016-12-08 15:05:30.507 User name: USERNAME (Password: Yes, Key file: No)
...
no such line
...
. 2016-12-08 15:05:31.904 Server asks for authentication with a client certificate.
. 2016-12-08 15:05:32.402 Verifying certificate for "Cert_CA_NAME" with fingerprint 11:22:33:11:22:33:11:22:33:11:22:33:11:22:33:11:22:33:11:22 and 19 failures
* 2016-12-08 15:05:32.403 WARNING! Giving up security and accepting any certificate as configured!
. 2016-12-08 15:05:32.403 Using TLSv1.2, cipher TLSv1/SSLv3: AES128-SHA, 2048 bit RSA, AES128-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA1
. 2016-12-08 15:05:32.403 TLS connection established. Waiting for welcome message...
WinSCP_v5-9-3_Bad.txt
. 2016-12-08 14:54:43.010 User name: USERNAME (Password: Yes, Key file: No, Passphrase: No)
...
. 2016-12-08 14:54:53.013 Certificate is encrypted, need passphrase
...
. 2016-12-08 14:55:04.381 Server asks for authentication with a client certificate.
. 2016-12-08 14:55:04.744 Disconnected from server
- Makc666
WinSCP 5.9.3 broke .pfx or .p12 files without passphrase / Certificate is encrypted, need passphrase
P.S. Martin created https://winscp.net/tracker/1490
No problems with WinSCP 5.9.1.
After upgrading to WinSCP 5.9.3 the problem appeared.
Rolling back to WinSCP 5.9.1 solves the problem.
I have a pkcs12 file which has private key and certificate with chain certificates in it.
It was created using the command:
While executing this command NO password was entered.
So I have
I start like:
FTPS_Script.txt has something like:
It is working perfect in WinSCP 5.9.1.
After upgrading to WinSCP 5.9.3 it doesn't work any more.
WinSCP begins to write message in LOG file:
I will attach two logs file in next message.
<you_cert_file_with_chain>.pem file looks like:
No problems with WinSCP 5.9.1.
After upgrading to WinSCP 5.9.3 the problem appeared.
Rolling back to WinSCP 5.9.1 solves the problem.
I have a pkcs12 file which has private key and certificate with chain certificates in it.
It was created using the command:
openssl pkcs12 -export -inkey <private_key_file>.key -in <you_cert_file_with_chain>.pem -out certificate_client_nopass.pkcs12.pfx -name <some_friendly_name_here>
While executing this command NO password was entered.
So I have
certificate_client_nopass.pkcs12.pfx file which is not encrypted with the password.
I start like:
winscp.com /ini=nul /script="FTPS_Script.txt"
FTPS_Script.txt has something like:
open ftpes://user:pass@ip:port/ -passive=on -explicit -certificate="*" -clientcert="certificate_client_nopass.pkcs12.pfx" -rawsettings CacheDirectories=0 CacheDirectoryChanges=0 FtpForcePasvIp2=0 FtpPingInterval=10 FtpListAll=1 SslSessionReuse=0 MinTlsVersion=12 -timeout=999
It is working perfect in WinSCP 5.9.1.
After upgrading to WinSCP 5.9.3 it doesn't work any more.
WinSCP begins to write message in LOG file:
. 2016-12-08 14:54:43.011 Certificate is encrypted, need passphrase
I will attach two logs file in next message.
<you_cert_file_with_chain>.pem file looks like:
subject=/L=Moscow/ST=Moscow/C=RU/O=Maxim/OU=Test/CN=test.com
issuer=/C=US/O=COMPANE/OU=Service Association/CN=External CA
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
subject=/C=US/O=COMPANE/OU=Service Association/CN=External CA
issuer=/C=US/O=COMPANE/OU=Service Association/CN=Root CA
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
subject=/C=US/O=COMPANE/OU=Service Association/CN=Root CA
issuer=/C=US/O=COMPANE/OU=Service Association/CN=Root CA
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----