Opened 5 months ago

Closed 5 months ago

Last modified 5 months ago

#12608 closed Bug report (worksforme)

Cannot click "Always trust this certificate in future sessions"

Reported by: Norbert Schlia Owned by:
Priority: normal Component: FileZilla Client
Keywords: Cc:
Component version: Operating system type: Linux
Operating system version: Debian 11

Description

The "Always trust this certificate in future sessions" and "Trust this certificate on the listed alternative hostnames" checkboxes are greyed out and cannot be clicked.

Dialog pops up again next time the site is opened.

Attachments (1)

certificate.png (115.9 KB ) - added by Norbert Schlia 5 months ago.

Download all attachments as: .zip

Change History (6)

by Norbert Schlia, 5 months ago

Attachment: certificate.png added

comment:1 by Norbert Schlia, 5 months ago

Operating system version: Debian 11

comment:2 by Tim Kosse, 5 months ago

Resolution: worksforme
Status: newclosed

Check the other certificates in the chain, one of them must be expired and needs to be renewed.

comment:3 by Norbert Schlia, 5 months ago

Resolution: worksforme
Status: closedreopened

Did not check the chain, it is true, the "DST Root CA X3" certificate has expired as of 30/09/2021.

But this is still a FileZilla bug, it uses an outdated certificate chain, see https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/"

It should use the new "ISRG Root X1" and not the outdated one. The new certificate shows as intermediate instead.

You can check the correct validation path with

openssl s_client -showcerts -servername ftp.oblivion-software.de -connect ftp.oblivion-software.de:21 -starttls ftp </dev/null

This returns the same path as the web server:

openssl s_client -showcerts -servername www.oblivion-software.de -connect www.oblivion-software.de:443 </dev/null

comment:4 by Tim Kosse, 5 months ago

Resolution: worksforme
Status: reopenedclosed

Cannot reproduce.

Make sure you are using the latest version of FileZilla and make sure to delete the expired certificate from your system's trust store.

comment:5 by Norbert Schlia, 5 months ago

Tested with 3.57.0 -> works as expected.
The version that had the problem was 3.52.2 (Bullseye repository package).
On Bookworm the version is 3.56.2, probably you could add it to Bullseye-Backports, if the problem is fixed in this version.

Thanks!

Note: See TracTickets for help on using tickets.