使用ftplib.FTP_TLS对ftps服务器进行身份验证期间出现OSError
问题描述:
我正在尝试使用以下代码使用ftplib连接到ftps(IIS)服务器:
I'm trying to connect to an ftps (IIS) server with ftplib with the following code:
>>> ftps=FTP_TLS()
>>> ftps.set_debuglevel(2)
>>> ftps.connect(host, port)
*get* '220 Microsoft FTP Service\n'
*resp* '220 Microsoft FTP Service'
'220 Microsoft FTP Service'
>>> ftps.login(user, pw)
*cmd* 'AUTH TLS'
*put* 'AUTH TLS\r\n'
*get* '234 AUTH command ok. Expecting TLS Negotiation.\n'
*resp* '234 AUTH command ok. Expecting TLS Negotiation.'
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/local/lib/python3.7/ftplib.py", line 749, in login
self.auth()
File "/usr/local/lib/python3.7/ftplib.py", line 761, in auth
server_hostname=self.host)
File "/usr/local/lib/python3.7/ssl.py", line 423, in wrap_socket
session=session
File "/usr/local/lib/python3.7/ssl.py", line 870, in _create
self.do_handshake()
File "/usr/local/lib/python3.7/ssl.py", line 1139, in do_handshake
self._sslobj.do_handshake()
OSError: [Errno 0] Error
为什么我会收到-不太说明性的上述异常?
我正在使用Python 3.7.5
Why do I get the - not too descreptive - exception above?
I'm using Python 3.7.5
我尝试用lftp登录,我可以连接到它.我唯一要做的就是禁用ssl证书验证.这可能是ftplib问题的根源吗?
I have tried to login with lftp and I could connect to it. The only thing I had to do is disable ssl certificate verification. Can this be the source of the problem for ftplib?
lftp的输出:
lftp :~> set ssl:verify-certificate false
lftp :~> open hapuser@192.168.140.225:2121
notice: cannot open /home/jenkins/.netrc: No such file or directory
Password:
---- dns cache hit
lftp hapuser@192.168.140.225:~> ls
---- dns cache hit
---- attempt number 1 (max_retries=1000)
---- Connecting to 192.168.140.225 (192.168.140.225) port 2121
<--- 220 Microsoft FTP Service
---> FEAT
<--- 211-Extended features supported:
<--- LANG EN*
<--- UTF8
<--- AUTH TLS;TLS-C;SSL;TLS-P;
<--- PBSZ
<--- PROT C;P;
<--- CCC
<--- HOST
<--- SIZE
<--- MDTM
<--- REST STREAM
<--- 211 END
---> AUTH TLS
<--- 234 AUTH command ok. Expecting TLS Negotiation.
---> LANG
Certificate: C=HU,ST=.,L=.,O=GDF,OU=.,CN=APP-FS-FTP
Issued by: DC=hu,DC=egaz-degaz,CN=egaz-degaz-MASTER-DC-CA
WARNING: Certificate verification: Not trusted (AF:7B:B6:5F:D1:EF:C9:CC:AA:18:EF:3E:94:15:EF:DB:77:F5:3D:4D)
WARNING: Certificate verification: Expired (AF:7B:B6:5F:D1:EF:C9:CC:AA:18:EF:3E:94:15:EF:DB:77:F5:3D:4D)
WARNING: Certificate verification: certificate common name doesn't match requested host name ‘192.168.140.225’ (AF:7B:B6:5F:D1:EF:C9:CC:AA:18:EF:3E:94:15:EF:DB:77:F5:3D:4D)
<--- 200 Language is now English, UTF-8 encoding.
---> OPTS UTF8 ON
<--- 200 OPTS UTF8 command successful - UTF8 encoding now ON.
---> HOST 192.168.140.225
<--- 504 Server cannot accept argument.
---> USER hapuser
<--- 331 Password required
---> PASS XXXX
<--- 230-Directory has 111,319,724,032 bytes of disk space available.
<--- 230 User logged in.
---> PWD
<--- 257 "/" is current directory.
---> PBSZ 0
<--- 200 PBSZ command successful.
---> PROT P
<--- 200 PROT command successful.
---> PASV
<--- 227 Entering Passive Mode (192,168,140,225,22,108).
---- Connecting data socket to (192.168.140.225) port 5740
---- Data connection established
0:0 translated to pair 0:0 (0,0)
0 translated to pair 0:0 (0,0)
0:0 translated to pair 0:0 (0,0)
0 translated to pair 0:0 (0,0)
0:0 translated to pair 0:0 (0,0)
0 translated to pair 0:0 (0,0)
---> LIST
<--- 125 Data connection already open; Transfer starting.
Certificate: C=HU,ST=.,L=.,O=GDF,OU=.,CN=APP-FS-FTP
Issued by: DC=hu,DC=egaz-degaz,CN=egaz-degaz-MASTER-DC-CA
WARNING: Certificate verification: Not trusted (AF:7B:B6:5F:D1:EF:C9:CC:AA:18:EF:3E:94:15:EF:DB:77:F5:3D:4D)
WARNING: Certificate verification: Expired (AF:7B:B6:5F:D1:EF:C9:CC:AA:18:EF:3E:94:15:EF:DB:77:F5:3D:4D)
WARNING: Certificate verification: certificate common name doesn't match requested host name ‘192.168.140.225’ (AF:7B:B6:5F:D1:EF:C9:CC:AA:18:EF:3E:94:15:EF:DB:77:F5:3D:4D)
<--- 226-Directory has 111,319,670,784 bytes of disk space available.
<--- 226 Transfer complete.
drwxrwxrwx 1 owner group 0 Jul 14 15:07 docuscan
drwxrwxrwx 1 owner group 112 Jul 14 15:07 Leolvasas
drwxrwxrwx 1 owner group 662540 Jul 14 15:07 ContactExport
drwxrwxrwx 1 owner group 1099644 Jul 14 15:07 HAP
drwxrwxrwx 1 owner group 0 Sep 25 2015 aspnet_client
drwxrwxrwx 1 owner group 0 May 15 2017 Dgaaa
drwxrwxrwx 1 owner group 0 Sep 15 2016 EFMH
drwxrwxrwx 1 owner group 0 Dec 4 2014 EFMH_TESZT
drwxrwxrwx 1 owner group 0 Mar 6 2015 Flowlogic
drwxrwxrwx 1 owner group 0 Jul 6 2016 Kimenő_levelek
drwxrwxrwx 1 owner group 0 Aug 16 2018 Leolvasas_arch
drwxrwxrwx 1 owner group 0 Jun 12 2017 Logs
drwxrwxrwx 1 owner group 0 Aug 16 2019 SDszámla
drwxrwxrwx 1 owner group 0 Jan 3 2017 SDszámla-teszt
drwxrwxrwx 1 owner group 0 Dec 4 2014 SzlaHitelesites
---- Got EOF on data connection
---- Closing data socket
copy: get hit eof
copy: waiting for put confirmation
copy: put confirmed store
copy: get is finished - all done
---- Closing idle connection
---> QUIT
<--- 221 Goodbye.
---- Closing control socket```
答
我尝试了许多不同的操作,包括通过以下操作使用了不同的ssl协议:
I tried lots of different things, including using different ssl protocols by doing:
ftps.ssl_version = ssl.PROTOCOL_TLSv1_2
结果证明这行没有任何作用,因为它被库的默认值覆盖.
Turns out this line won't have any effect, because it is overwritten by the library default.
详细信息:使用ftplib连接到FTP TLS 1.2服务器
解决方案是在构造如下的 FTP_TLS 时,将SSL版本包装在上下文中:
The solution is to give the SSL version wrapped in a context while constructing FTP_TLS like this:
ctx = ssl._create_stdlib_context(ssl.PROTOCOL_TLSv1_2)
ftps = FTP_TLS(context=ctx)
...
这解决了我的问题.