stackoom
  简体   繁体   中英

Indy TIdFTP SSL unknown certificate

 原文  2020-12-27 13:50:36       delphi/ ssl/ ftp/ indy

Question

I'm using Delphi 10.x and SSL FTP client code, and it works well on one FTP SSL server I'm using from OVH servers. Nevertheless, it does not work on another one, and I do not see why.

I have a 10054 error.

I tested it on ftptest.net and this is OK, see below.

Here is the code related to TLS/SSL that I have added to the standard FTP client code

IdSSLIOHandlerSocketOpenSSL := TIdSSLIOHandlerSocketOpenSSL.Create(nil);
FFtp.IOHandler              := IdSSLIOHandlerSocketOpenSSL;
FFTP.UseTLS                 := utUseExplicitTLS;
FFTP.DataPortProtection     := ftpdpsPrivate;

Here is the LOG file of ftptest.net

Status: Resolving address of s223.panelboxmanager.com

Status: Connecting to 2607:f748:1301:0:184:107:112:57

Status: Connected, waiting for welcome message...

Reply: 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------

Reply: 220-You are user number 3 of 100 allowed.

Reply: 220-Local time is now 15:11. Server port: 21.

Reply: 220-This is a private system - No anonymous login

Reply: 220 You will be disconnected after 2 minutes of inactivity.

Command: CLNT https://ftptest.net on behalf of (Hidden IP)

Reply: 530 You aren't logged in

Command: AUTH TLS

Reply: 234 AUTH TLS OK.

Status: Performing TLS handshake...

Status: TLS handshake successful, verifying certificate...

Status: Received 2 certificates from server.

Status: cert[0]: subject='OU=Domain Control Validated,CN=*.panelboxmanager.com' issuer='C=BE,O=GlobalSign nv-sa,CN=AlphaSSL CA - SHA256 - G2'

Status: cert[1]: subject='C=BE,O=GlobalSign nv-sa,CN=AlphaSSL CA - SHA256 - G2' issuer='C=BE,O=GlobalSign nv-sa,OU=Root CA,CN=GlobalSign Root CA'

Command: USER XXXXX

Reply: 331 User XXXXX OK. Password required

Command: PASS *********

Reply: 230 OK. Current restricted directory is /

Command: SYST

Reply: 215 UNIX Type: L8

Command: FEAT

Reply: 211-Extensions supported:

Reply: EPRT

Reply: IDLE

Reply: MDTM

Reply: SIZE

Reply: MFMT

Reply: REST STREAM

Reply: MLST type*;size*;sizd*;modify*;UNIX.mode*;UNIX.uid*;UNIX.gid*;unique*;

Reply: MLSD

Reply: AUTH TLS

Reply: PBSZ

Reply: PROT

Reply: UTF8

Reply: TVFS

Reply: ESTA

Reply: PASV

Reply: EPSV

Reply: SPSV

Reply: ESTP

Reply: 211 End.

Command: PBSZ 0

Reply: 200 PBSZ=0

Command: PROT P

Reply: 200 Data protection level set to "private"

Command: PWD

Reply: 257 "/" is your current location

Status: Current path is /

Command: TYPE I

Reply: 200 TYPE is now 8-bit binary

Command: EPSV

Reply: 229 Extended Passive mode OK (|||33966|)

Command: MLSD

Status: Data connection established, performing TLS handshake...

Reply: 150 Accepted data connection

Status: TLS handshake successful, verifying certificate...

Status: Received 2 certificates from server.

Status: cert[0]: subject='OU=Domain Control Validated,CN=*.panelboxmanager.com' issuer='C=BE,O=GlobalSign nv-sa,CN=AlphaSSL CA - SHA256 - G2'

Status: cert[1]: subject='C=BE,O=GlobalSign nv-sa,CN=AlphaSSL CA - SHA256 - G2' issuer='C=BE,O=GlobalSign nv-sa,OU=Root CA,CN=GlobalSign Root CA'

Status: TLS session of transfer connection has been resumed.

Listing: type=cdir;sizd=331776;modify=20201227201104;UNIX.mode=0711;UNIX.uid=1432;UNIX.gid=1433;unique=ca06g4e40001; .

Listing: type=pdir;sizd=331776;modify=20201227201104;UNIX.mode=0711;UNIX.uid=1432;UNIX.gid=1433;unique=ca06g4e40001; ..

Listing: type=dir;sizd=4096;modify=20200914031725;UNIX.mode=0700;UNIX.uid=1432;UNIX.gid=1433;unique=ca06g4e40038; .autorespond

Listing: type=file;size=11333;modify=20200731001231;UNIX.mode=0600;UNIX.uid=1432;UNIX.gid=1433;unique=ca06g4e4405e; .bash_history

Listing: type=file;size=33;modify=20091230222848;UNIX.mode=0644;UNIX.uid=1432;UNIX.gid=1433;unique=ca06g4e400a8; .bash_logout

Listing: type=file;size=296;modify=20190608053032;UNIX.mode=0644;UNIX.uid=1432;UNIX.gid=1433;unique=ca06g4e4013e; .bash_profile

Listing: type=file;size=205;modify=20190608052818;UNIX.mode=0644;UNIX.uid=1432;UNIX.gid=1433;unique=ca06g4e40004; .bashrc

Listing: type=dir;sizd=4096;modify=20190608053226;UNIX.mode=0775;UNIX.uid=1432;UNIX.gid=1433;unique=ca06g5100940; .cache

Listing: type=dir;sizd=4096;modify=20180727100540;UNIX.mode=0771;UNIX.uid=1432;UNIX.gid=1433;unique=ca06g4e4003b; .cagefs

Listing: type=dir;sizd=4096;modify=20201215110057;UNIX.mode=0755;UNIX.uid=1432;UNIX.gid=1433;unique=ca06g4e4003d; .cl.selector

Reply: 226-Options: -a -l

Reply: 226 68 matches total

Status: Skipped display of 58 listing lines

Status: Success

1 answers

solution1
 1  2020-12-27 20:36:14

Simply by adding this, it solved the issue:

IdSSLIOHandlerSocketOpenSSL.SSLOptions.Method := sslvTLSv1_2;

Sometime this is very tricky.... also updated ssleay32.dll and libeay32.dll to the latest versions here:

https://indy.fulgan.com/SSL/

I think this line can enable all SSL versions

IdSSLIOHandlerSocketOpenSSL.SSLOptions.SSLVersions := [sslvSSLv2, sslvSSLv23, sslvSSLv3, sslvTLSv1,sslvTLSv1_1,sslvTLSv1_2];

Any comment welcome, if putting this line with all versions could be an issue.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to configure TidFTP with SSL? Delphi Indy verify server certificate SSL Unknown Protocol error with Indy SSL on Delphi 11 Indy TIdFTP "Out of Memory" error when downloading a large file Indy TIdFTP - EIdReplyRFCError - "Can't open data connection" Delphi and Indy with SSL indy ssl delphi server POST with Indy + SSL + Proxy Delphi Indy SSL parameters Delphi and Indy TIdFTP: Copy all files from one folder on the server to another
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM