FTPS(SSL)的证书验证/安装? [英] Certificate validation/installation for FTPS (SSL)?

问题描述

我将FileZilla用作服务器和DNS服务，这样我就不必使用本地计算机IP(但是我在这两种方法上都尝试了以下方法).

I am using FileZilla as the server and a DNS service, so that I wouldn't have to use my local machine IP (but I've tried the following methods on both).

尝试使用System.Net.FtpWebRequest进行工作后，我阅读了一下(包括SO上的几篇文章)，发现该库对SSL的支持还不够.它可以与常规FTP一起使用，但是当我尝试强制使用SSL时，出现了证书验证错误，提示:The remote certificate is invalid according to the validation procedure.

After trying System.Net.FtpWebRequest to work, I've read around (including a few posts on SO) and found out that the SSL support is not very adequate with that library. It was working with regular FTP, but when I tried forcing SSL, I was getting a certificate validation error saying: The remote certificate is invalid according to the validation procedure.

因此，我进行了一些搜索，找到了 Alex FTPS Client 库.这是我写的代码:

So, I've done some searching around and found Alex FTPS Client library. Here's the code I wrote up:

class FTPSWorker
    {
        public static void UploadFile(string sourceFile, string targetFile, string ftpIP, string ftpUser, string ftpPass)
        {
            try
            {
                using (FTPSClient client = new FTPSClient())
                {
                    client.Connect(ftpIP, new NetworkCredential(ftpUser, ftpPass),
                                   ESSLSupportMode.CredentialsRequired | ESSLSupportMode.DataChannelRequested);
                    client.SetTransferMode(ETransferMode.Binary);
                    client.PutFile(sourceFile, targetFile);
                }
            }
            catch (Exception ex)
            {
                MessageBox.Show(ex.Message);
            }
        }

不幸的是，我遇到了完全相同的证书错误.但是，我可以使用FileZilla客户端访问FTP服务器.因此，我认为必须要出具证书.

Unfortunately, I was getting the same exact certificate error. I can, however, access the FTP server perfectly fine using FileZilla client. So, I figured there would have to be a certificate issue.

我应该注意，我的服务器显示以下日志条目:

I should note that my server was showing the following log entries:

Welcome Message
AUTH TLS
234 Using authentication type TLS
SSL connection established
disconnected

客户端(C#WPF应用程序)出现此错误时:

While the client (C# WPF application) was getting this error:

The remote certificate is invalid according to the validation procedure.

如果我使用.NET库和MSDN代码，这绝对是完全相同的错误.

This is absolutely exact same error if I use the .NET library and MSDN code.

我进行了更多的研究，找到了与以下类似的解决方案:

I've done more research and found solutions similar to these:

根据验证，远程证书无效程序

"，远程证书无效根据验证程序.使用Gmail SMTP服务器

但是它们看起来像是危险的黑客程序……并且在它们起作用的同时，除了当前使用的基本是/否之外，是否有办法让认证信息出现并让用户验证/安装它?

But they just seem like risky hacks... And while they do work, is there a way to have certification information to appear and maybe have user validate it/install it besides the basic Yes/No that it's currently using?

我现在的代码(我放弃了Alex的库，回到了默认的.NET):

My code right now (I ditched Alex's library and went back to default .NET):

ServicePointManager.ServerCertificateValidationCallback += new RemoteCertificateValidationCallback(FTPWorker.ValidateServerCertificate);

public class FTPWorker
{
    public static void UploadFile(string sourceFile, string targetFile, string ftpIP, string ftpUser, string ftpPass)
    {
        try
        {
            string filename = "ftp://" + ftpIP + "/test/" + targetFile;
            FtpWebRequest ftpReq = (FtpWebRequest)WebRequest.Create(filename);
            ftpReq.Method = WebRequestMethods.Ftp.UploadFile;
            ftpReq.Credentials = new NetworkCredential(ftpUser, ftpPass);
            ftpReq.UsePassive = true;
            ftpReq.EnableSsl = true;
            ftpReq.UseBinary = true;
            ftpReq.KeepAlive = false;

            byte[] b = File.ReadAllBytes(sourceFile);

            ftpReq.ContentLength = b.Length;

            using (Stream s = ftpReq.GetRequestStream())
            {
                s.Write(b, 0, b.Length);
            }

            FtpWebResponse ftpResp = (FtpWebResponse)ftpReq.GetResponse();

            if (ftpResp != null)
            {
                MessageBox.Show(ftpResp.StatusDescription);
            }
        }
        catch (Exception e)
        {
            MessageBox.Show(e.Message);
        }
    }

    public static bool ValidateServerCertificate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
    {
        if (sslPolicyErrors == SslPolicyErrors.None)
            return true;
        else
        {
            if (System.Windows.Forms.MessageBox.Show("The server certificate is not valid.\nAccept?", 
                   "Certificate Validation", System.Windows.Forms.MessageBoxButtons.YesNo,
                   System.Windows.Forms.MessageBoxIcon.Question) == System.Windows.Forms.DialogResult.Yes)
                return true;
            else
                return false;
        }
    }
}

推荐答案

因此，对于有相同问题的任何人，我最终只是向用户提供有关证书的警告以及基于链接的接受或拒绝的选项我在原始帖子中提供了.为了使证书得到验证，它必须是真实的，而不是本地创建的.因此，这是目前唯一的解决方法.

So, for anyone that had the same issue, I ended up just giving the user a warning regarding the certificate and an option to accept or deny based on the link I provided in my original post. In order for a certificate to be validated, it has to be real and not a locally created one. So, that's the only workaround there is for now.

这篇关于FTPS(SSL)的证书验证/安装?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！