Search code examples
pythonsslftpftplib

"OSError: [Errno 0] Error" in sslobj.do_handshake when listing a directory using ftplib on FTPS server

I want to connect to an FTPS server containing some not trusted certificate. When I use simple:

lftp -u user hostname

then after dir command there's an error:

ls: Fatal error: Certificate verification: Not trusted

The problem can be solved in lftp by executing the following command:

lftp -e "set ssl:verify-certificate false" -u user hostname

I'm trying to make the same connection in Python, using for example ftplib module:

import ftplib
ftp = ftplib.FTP_TLS()
ftp.connect(hostname, port)
ftp.login(username, password)
ftp.prot_p()
ftp.dir()

But it raises OSError exception:

Traceback (most recent call last):
  File "/usr/lib/python3.8/code.py", line 90, in runcode
    exec(code, self.locals)
  File "<console>", line 1, in <module>
  File "/usr/lib/python3.8/ftplib.py", line 558, in dir
    self.retrlines(cmd, func)
  File "/usr/lib/python3.8/ftplib.py", line 451, in retrlines
    with self.transfercmd(cmd) as conn, \
  File "/usr/lib/python3.8/ftplib.py", line 382, in transfercmd
    return self.ntransfercmd(cmd, rest)[0]
  File "/usr/lib/python3.8/ftplib.py", line 783, in ntransfercmd
    conn = self.context.wrap_socket(conn,
  File "/usr/lib/python3.8/ssl.py", line 500, in wrap_socket
    return self.sslsocket_class._create(
  File "/usr/lib/python3.8/ssl.py", line 1040, in _create
    self.do_handshake()
  File "/usr/lib/python3.8/ssl.py", line 1309, in do_handshake
    self._sslobj.do_handshake()
OSError: [Errno 0] Error

The problem seems to be similar to te OSError during authenticating to an ftps server with ftplib.FTP_TLS so I also tried to use some other context, like:

import ssl
ctx = ssl._create_stdlib_context(ssl.PROTOCOL_TLSv1_2)
ftp = FTP_TLS(context=ctx)

or

ctx = ssl.ssl._create_unverified_context(ssl.PROTOCOL_TLSv1_2)
ftp = FTP_TLS(context=ctx)

But the error is still the same. Any ideas how to disable certificate verification?

Solution

  • It cannot be a certificate problem, as you are getting error only at dir. The connect succeeds.

    You get a TLS error when opening FTP data connection. It quite possible that the root cause is that the server require TLS session resumption.

    See FTPS with Python ftplib - Session reuse required.