FTPS无法在具有自认证证书的android设备上连接

Question

我在具有Raspbian的Raspberry PI上具有FTP服务器。我使用vsftpd，端口990和GreenLock cetificate。

当我尝试从android设备连接时，我收到一条有关证书版本错误的消息。

在GreenLock之前，我使用ssl-cert-snakeoil，但有一段时间我无法连接到ftp。

我不知道哪里出了问题。在android设备上，我测试了ftps连接，并遇到了相同的错误。 Notepad ++和Goodsync正常连接到FTPS。

错误消息：

我的vsftpd.conf：

listen=YES
#
# Allow anonymous FTP? (Beware - allowed by default if you comment this out).
anonymous_enable=NO
#
# Uncomment this to allow local users to log in.
local_enable=YES
#
# Uncomment this to enable any form of FTP write command.
write_enable=YES

allow_writeable_chroot=YES
chroot_local_user=YES

local_umask=0002
anon_upload_enable=NO
anon_mkdir_write_enable=NO
file_open_mode=0777
#
# Activate logging of uploads/downloads.
xferlog_enable=YES
xferlog_file=/var/log/vsftpd.log

#
# You may change the default value for timing out an idle session.
idle_session_timeout=600
#
#This is a welcome message responce from your server
ftpd_banner=Welcome to my FTP
#
# SSL
ssl_enable=YES
#this selects the cipher type
ssl_ciphers=HIGH

rsa_cert_file=/home/pi/.acme.sh/domain.com/domain.com.cer
rsa_private_key_file=/home/pi/.acme.sh/domain.com/domain.com.key


#rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
#rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key

allow_anon_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES

implicit_ssl=YES
listen_port=990
#
#choose according to your preference
force_local_data_ssl=YES
#
#choose according to your preference
force_local_logins_ssl=YES
#
#enable this if you enable ssl.
ssl_tlsv1=YES
ssl_sslv2=YES
ssl_sslv3=YES

#
#give the correct path to your currently generated *.pem file
#rsa_cert_file=/etc/ssl/private/vsftpd.pem
#rsa_private_key_file=/etc/ssl/private/vsftpd.pem 
#the *.pem file contains both the key and cert
#rsa_private_key_file=/etc/vsftpd/vsftpd.pem
#
pasv_enable=YES
pasv_min_port=3000
pasv_max_port=3009
pasv_addr_resolve=YES
pasv_address=domain.com
#
#Some mobile clients require this
require_ssl_reuse=NO

user_sub_token=$USER

userlist_enable=YES
userlist_file=/etc/vsftpd.userlist
userlist_deny=NO

编辑：

现在我有了该配置（我再次这样做是为了提高透明度）

listen=YES
listen_port=990

allow_anon_ssl=NO
anonymous_enable=NO
anon_upload_enable=NO
anon_mkdir_write_enable=NO

force_anon_data_ssl=NO
force_anon_logins_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES

file_open_mode=0777
local_umask=0002

ssl_enable=YES
ssl_ciphers=HIGH
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
require_ssl_reuse=NO

rsa_cert_file=/home/pi/.acme.sh/domain.com/domain.com.cer
rsa_private_key_file=/home/pi/.acme.sh/domain.com/domain.com.key

pasv_enable=YES
pasv_min_port=3000
pasv_max_port=3009
pasv_addr_resolve=YES
pasv_address=domain.com

local_enable=YES
user_sub_token=$USER
userlist_enable=YES
userlist_file=/etc/vsftpd.userlist
userlist_deny=NO

write_enable=YES
allow_writeable_chroot=YES
chroot_local_user=YES
user_sub_token=$USER

xferlog_std_format=NO
xferlog_enable=YES
vsftpd_log_file=/var/log/vsftpd.log
log_ftp_protocol=YES
debug_ssl=YES

并尝试通过FileZilla连接到ftps之后，在程序中我有日志：

Status: Connecting to XX.XX.XX.170:990...
Status: Connection established, initializing TLS...
Error:  GnuTLS error -15: An unexpected TLS packet was received.
Status: Connection attempt failed with "ECONNABORTED - Connection aborted".
Error:  Could not connect to server
Status: Waiting to retry...
Status: Resolving address of domain.com
Status: Connecting to XX.XX.XX.170:990...
Status: Connection established, initializing TLS...
Error:  GnuTLS error -15: An unexpected TLS packet was received.
Status: Connection attempt failed with "ECONNABORTED - Connection aborted".
Error:  Could not connect to server

vsftpd日志：

Fri Dec 20 11:19:15 2019 [pid 2051] CONNECT: Client "XX.XXX.XXX.10"
Fri Dec 20 11:19:15 2019 [pid 2051] FTP response: Client "XX.XXX.XXX.10", "220 (vsFTPd 3.0.3)"
Fri Dec 20 11:19:15 2019 [pid 2051] FTP command: Client "XX.XXX.XXX.10", "????????}??DM#M???):??????"
Fri Dec 20 11:19:15 2019 [pid 2051] FTP response: Client "XX.XXX.XXX.10", "530 Please login with USER and PASS."
Fri Dec 20 11:19:15 2019 [pid 2051] FTP command: Client "XX.XXX.XXX.10", "+????????EC?}Z?<??:?????????,???"
Fri Dec 20 11:19:15 2019 [pid 2051] FTP response: Client "XX.XXX.XXX.10", "530 Please login with USER and PASS."
Fri Dec 20 11:19:15 2019 [pid 2051] FTP command: Client "XX.XXX.XXX.10", "???+?????0?????/?????5?????/???????9?????3????????????????"
Fri Dec 20 11:19:15 2019 [pid 2051] FTP response: Client "XX.XXX.XXX.10", "530 Please login with USER and PASS."
Fri Dec 20 11:19:15 2019 [pid 2051] FTP command: Client "XX.XXX.XXX.10", "??????????????????????????????? ?????"
Fri Dec 20 11:19:15 2019 [pid 2051] FTP response: Client "XX.XXX.XXX.10", "530 Please login with USER and PASS."
Fri Dec 20 11:19:15 2019 [pid 2051] FTP command: Client "XX.XXX.XXX.10", "???????????????????????????????????#???3???????A???<4?.P?J?D?T???V???1?=/L9X^????????T???D?06                                         ????K???R??????????+>~???/???G???"
Fri Dec 20 11:19:15 2019 [pid 2051] FTP response: Client "XX.XXX.XXX.10", "530 Please login with USER and PASS."
Fri Dec 20 11:19:20 2019 [pid 2056] CONNECT: Client "XX.XXX.XXX.10"
Fri Dec 20 11:19:20 2019 [pid 2056] FTP response: Client "XX.XXX.XXX.10", "220 (vsFTPd 3.0.3)"
Fri Dec 20 11:19:20 2019 [pid 2056] FTP command: Client "XX.XXX.XXX.10", "????????}???:??L??O??M%???8??Y/B[6????????L??:?????????,???"
Fri Dec 20 11:19:20 2019 [pid 2056] FTP response: Client "XX.XXX.XXX.10", "530 Please login with USER and PASS."
Fri Dec 20 11:19:20 2019 [pid 2056] FTP command: Client "XX.XXX.XXX.10", "???+?????0?????/?????5?????/???????9?????3????????????????"
Fri Dec 20 11:19:20 2019 [pid 2056] FTP response: Client "XX.XXX.XXX.10", "530 Please login with USER and PASS."
Fri Dec 20 11:19:20 2019 [pid 2056] FTP command: Client "XX.XXX.XXX.10", "??????????????????????????????? ?????"
Fri Dec 20 11:19:20 2019 [pid 2056] FTP response: Client "XX.XXX.XXX.10", "530 Please login with USER and PASS."

我认为这是隐含/显式的问题。我不希望在设备上未安装证书的情况下与服务器连接。我知道这将是显式模式？