使用 ftplib.FTP_TLS 对 ftps 服务器进行身份验证时出现 OSError
OSError during authenticating to an ftps server with ftplib.FTP_TLS
我正在尝试使用以下代码通过 ftplib 连接到 ftps (IIS) 服务器:
>>> ftps=FTP_TLS()
>>> ftps.set_debuglevel(2)
>>> ftps.connect(host, port)
*get* '220 Microsoft FTP Service\n'
*resp* '220 Microsoft FTP Service'
'220 Microsoft FTP Service'
>>> ftps.login(user, pw)
*cmd* 'AUTH TLS'
*put* 'AUTH TLS\r\n'
*get* '234 AUTH command ok. Expecting TLS Negotiation.\n'
*resp* '234 AUTH command ok. Expecting TLS Negotiation.'
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/local/lib/python3.7/ftplib.py", line 749, in login
self.auth()
File "/usr/local/lib/python3.7/ftplib.py", line 761, in auth
server_hostname=self.host)
File "/usr/local/lib/python3.7/ssl.py", line 423, in wrap_socket
session=session
File "/usr/local/lib/python3.7/ssl.py", line 870, in _create
self.do_handshake()
File "/usr/local/lib/python3.7/ssl.py", line 1139, in do_handshake
self._sslobj.do_handshake()
OSError: [Errno 0] Error
为什么我会得到上面的 - 不太具有破坏性 - 异常?
我正在使用 Python 3.7.5
我已尝试使用 lftp 登录,但我可以连接到它。我唯一要做的就是禁用 ssl 证书验证。这可能是 ftplib 问题的根源吗?
lftp 的输出:
lftp :~> set ssl:verify-certificate false
lftp :~> open hapuser@192.168.140.225:2121
notice: cannot open /home/jenkins/.netrc: No such file or directory
Password:
---- dns cache hit
lftp hapuser@192.168.140.225:~> ls
---- dns cache hit
---- attempt number 1 (max_retries=1000)
---- Connecting to 192.168.140.225 (192.168.140.225) port 2121
<--- 220 Microsoft FTP Service
---> FEAT
<--- 211-Extended features supported:
<--- LANG EN*
<--- UTF8
<--- AUTH TLS;TLS-C;SSL;TLS-P;
<--- PBSZ
<--- PROT C;P;
<--- CCC
<--- HOST
<--- SIZE
<--- MDTM
<--- REST STREAM
<--- 211 END
---> AUTH TLS
<--- 234 AUTH command ok. Expecting TLS Negotiation.
---> LANG
Certificate: C=HU,ST=.,L=.,O=GDF,OU=.,CN=APP-FS-FTP
Issued by: DC=hu,DC=egaz-degaz,CN=egaz-degaz-MASTER-DC-CA
WARNING: Certificate verification: Not trusted (AF:7B:B6:5F:D1:EF:C9:CC:AA:18:EF:3E:94:15:EF:DB:77:F5:3D:4D)
WARNING: Certificate verification: Expired (AF:7B:B6:5F:D1:EF:C9:CC:AA:18:EF:3E:94:15:EF:DB:77:F5:3D:4D)
WARNING: Certificate verification: certificate common name doesn't match requested host name ‘192.168.140.225’ (AF:7B:B6:5F:D1:EF:C9:CC:AA:18:EF:3E:94:15:EF:DB:77:F5:3D:4D)
<--- 200 Language is now English, UTF-8 encoding.
---> OPTS UTF8 ON
<--- 200 OPTS UTF8 command successful - UTF8 encoding now ON.
---> HOST 192.168.140.225
<--- 504 Server cannot accept argument.
---> USER hapuser
<--- 331 Password required
---> PASS XXXX
<--- 230-Directory has 111,319,724,032 bytes of disk space available.
<--- 230 User logged in.
---> PWD
<--- 257 "/" is current directory.
---> PBSZ 0
<--- 200 PBSZ command successful.
---> PROT P
<--- 200 PROT command successful.
---> PASV
<--- 227 Entering Passive Mode (192,168,140,225,22,108).
---- Connecting data socket to (192.168.140.225) port 5740
---- Data connection established
0:0 translated to pair 0:0 (0,0)
0 translated to pair 0:0 (0,0)
0:0 translated to pair 0:0 (0,0)
0 translated to pair 0:0 (0,0)
0:0 translated to pair 0:0 (0,0)
0 translated to pair 0:0 (0,0)
---> LIST
<--- 125 Data connection already open; Transfer starting.
Certificate: C=HU,ST=.,L=.,O=GDF,OU=.,CN=APP-FS-FTP
Issued by: DC=hu,DC=egaz-degaz,CN=egaz-degaz-MASTER-DC-CA
WARNING: Certificate verification: Not trusted (AF:7B:B6:5F:D1:EF:C9:CC:AA:18:EF:3E:94:15:EF:DB:77:F5:3D:4D)
WARNING: Certificate verification: Expired (AF:7B:B6:5F:D1:EF:C9:CC:AA:18:EF:3E:94:15:EF:DB:77:F5:3D:4D)
WARNING: Certificate verification: certificate common name doesn't match requested host name ‘192.168.140.225’ (AF:7B:B6:5F:D1:EF:C9:CC:AA:18:EF:3E:94:15:EF:DB:77:F5:3D:4D)
<--- 226-Directory has 111,319,670,784 bytes of disk space available.
<--- 226 Transfer complete.
drwxrwxrwx 1 owner group 0 Jul 14 15:07 docuscan
drwxrwxrwx 1 owner group 112 Jul 14 15:07 Leolvasas
drwxrwxrwx 1 owner group 662540 Jul 14 15:07 ContactExport
drwxrwxrwx 1 owner group 1099644 Jul 14 15:07 HAP
drwxrwxrwx 1 owner group 0 Sep 25 2015 aspnet_client
drwxrwxrwx 1 owner group 0 May 15 2017 Dgaaa
drwxrwxrwx 1 owner group 0 Sep 15 2016 EFMH
drwxrwxrwx 1 owner group 0 Dec 4 2014 EFMH_TESZT
drwxrwxrwx 1 owner group 0 Mar 6 2015 Flowlogic
drwxrwxrwx 1 owner group 0 Jul 6 2016 Kimenő_levelek
drwxrwxrwx 1 owner group 0 Aug 16 2018 Leolvasas_arch
drwxrwxrwx 1 owner group 0 Jun 12 2017 Logs
drwxrwxrwx 1 owner group 0 Aug 16 2019 SDszámla
drwxrwxrwx 1 owner group 0 Jan 3 2017 SDszámla-teszt
drwxrwxrwx 1 owner group 0 Dec 4 2014 SzlaHitelesites
---- Got EOF on data connection
---- Closing data socket
copy: get hit eof
copy: waiting for put confirmation
copy: put confirmed store
copy: get is finished - all done
---- Closing idle connection
---> QUIT
<--- 221 Goodbye.
---- Closing control socket```
这是一个 OS 相关的错误
OSError: [Errno 0] Error
这意味着它是由您的系统引起的。
这可能与客户端和服务器之间的一些firewall/NAT/Proxy干扰有关。
您可以尝试关闭您的防火墙,看看能否解决。您还应该查看您的 Antivirus,看看它是否阻止了任何东西。
我尝试了很多不同的事情,包括通过以下方式使用不同的 ssl 协议:
ftps.ssl_version = ssl.PROTOCOL_TLSv1_2
原来这一行不会有任何效果,因为它被库默认覆盖。
详情:
解决方案是在构造 FTP_TLS 时将 SSL 版本包装在上下文中,如下所示:
ctx = ssl._create_stdlib_context(ssl.PROTOCOL_TLSv1_2)
ftps = FTP_TLS(context=ctx)
...
这解决了我的问题。
我正在尝试使用以下代码通过 ftplib 连接到 ftps (IIS) 服务器:
>>> ftps=FTP_TLS()
>>> ftps.set_debuglevel(2)
>>> ftps.connect(host, port)
*get* '220 Microsoft FTP Service\n'
*resp* '220 Microsoft FTP Service'
'220 Microsoft FTP Service'
>>> ftps.login(user, pw)
*cmd* 'AUTH TLS'
*put* 'AUTH TLS\r\n'
*get* '234 AUTH command ok. Expecting TLS Negotiation.\n'
*resp* '234 AUTH command ok. Expecting TLS Negotiation.'
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/local/lib/python3.7/ftplib.py", line 749, in login
self.auth()
File "/usr/local/lib/python3.7/ftplib.py", line 761, in auth
server_hostname=self.host)
File "/usr/local/lib/python3.7/ssl.py", line 423, in wrap_socket
session=session
File "/usr/local/lib/python3.7/ssl.py", line 870, in _create
self.do_handshake()
File "/usr/local/lib/python3.7/ssl.py", line 1139, in do_handshake
self._sslobj.do_handshake()
OSError: [Errno 0] Error
为什么我会得到上面的 - 不太具有破坏性 - 异常?
我正在使用 Python 3.7.5
我已尝试使用 lftp 登录,但我可以连接到它。我唯一要做的就是禁用 ssl 证书验证。这可能是 ftplib 问题的根源吗?
lftp 的输出:
lftp :~> set ssl:verify-certificate false
lftp :~> open hapuser@192.168.140.225:2121
notice: cannot open /home/jenkins/.netrc: No such file or directory
Password:
---- dns cache hit
lftp hapuser@192.168.140.225:~> ls
---- dns cache hit
---- attempt number 1 (max_retries=1000)
---- Connecting to 192.168.140.225 (192.168.140.225) port 2121
<--- 220 Microsoft FTP Service
---> FEAT
<--- 211-Extended features supported:
<--- LANG EN*
<--- UTF8
<--- AUTH TLS;TLS-C;SSL;TLS-P;
<--- PBSZ
<--- PROT C;P;
<--- CCC
<--- HOST
<--- SIZE
<--- MDTM
<--- REST STREAM
<--- 211 END
---> AUTH TLS
<--- 234 AUTH command ok. Expecting TLS Negotiation.
---> LANG
Certificate: C=HU,ST=.,L=.,O=GDF,OU=.,CN=APP-FS-FTP
Issued by: DC=hu,DC=egaz-degaz,CN=egaz-degaz-MASTER-DC-CA
WARNING: Certificate verification: Not trusted (AF:7B:B6:5F:D1:EF:C9:CC:AA:18:EF:3E:94:15:EF:DB:77:F5:3D:4D)
WARNING: Certificate verification: Expired (AF:7B:B6:5F:D1:EF:C9:CC:AA:18:EF:3E:94:15:EF:DB:77:F5:3D:4D)
WARNING: Certificate verification: certificate common name doesn't match requested host name ‘192.168.140.225’ (AF:7B:B6:5F:D1:EF:C9:CC:AA:18:EF:3E:94:15:EF:DB:77:F5:3D:4D)
<--- 200 Language is now English, UTF-8 encoding.
---> OPTS UTF8 ON
<--- 200 OPTS UTF8 command successful - UTF8 encoding now ON.
---> HOST 192.168.140.225
<--- 504 Server cannot accept argument.
---> USER hapuser
<--- 331 Password required
---> PASS XXXX
<--- 230-Directory has 111,319,724,032 bytes of disk space available.
<--- 230 User logged in.
---> PWD
<--- 257 "/" is current directory.
---> PBSZ 0
<--- 200 PBSZ command successful.
---> PROT P
<--- 200 PROT command successful.
---> PASV
<--- 227 Entering Passive Mode (192,168,140,225,22,108).
---- Connecting data socket to (192.168.140.225) port 5740
---- Data connection established
0:0 translated to pair 0:0 (0,0)
0 translated to pair 0:0 (0,0)
0:0 translated to pair 0:0 (0,0)
0 translated to pair 0:0 (0,0)
0:0 translated to pair 0:0 (0,0)
0 translated to pair 0:0 (0,0)
---> LIST
<--- 125 Data connection already open; Transfer starting.
Certificate: C=HU,ST=.,L=.,O=GDF,OU=.,CN=APP-FS-FTP
Issued by: DC=hu,DC=egaz-degaz,CN=egaz-degaz-MASTER-DC-CA
WARNING: Certificate verification: Not trusted (AF:7B:B6:5F:D1:EF:C9:CC:AA:18:EF:3E:94:15:EF:DB:77:F5:3D:4D)
WARNING: Certificate verification: Expired (AF:7B:B6:5F:D1:EF:C9:CC:AA:18:EF:3E:94:15:EF:DB:77:F5:3D:4D)
WARNING: Certificate verification: certificate common name doesn't match requested host name ‘192.168.140.225’ (AF:7B:B6:5F:D1:EF:C9:CC:AA:18:EF:3E:94:15:EF:DB:77:F5:3D:4D)
<--- 226-Directory has 111,319,670,784 bytes of disk space available.
<--- 226 Transfer complete.
drwxrwxrwx 1 owner group 0 Jul 14 15:07 docuscan
drwxrwxrwx 1 owner group 112 Jul 14 15:07 Leolvasas
drwxrwxrwx 1 owner group 662540 Jul 14 15:07 ContactExport
drwxrwxrwx 1 owner group 1099644 Jul 14 15:07 HAP
drwxrwxrwx 1 owner group 0 Sep 25 2015 aspnet_client
drwxrwxrwx 1 owner group 0 May 15 2017 Dgaaa
drwxrwxrwx 1 owner group 0 Sep 15 2016 EFMH
drwxrwxrwx 1 owner group 0 Dec 4 2014 EFMH_TESZT
drwxrwxrwx 1 owner group 0 Mar 6 2015 Flowlogic
drwxrwxrwx 1 owner group 0 Jul 6 2016 Kimenő_levelek
drwxrwxrwx 1 owner group 0 Aug 16 2018 Leolvasas_arch
drwxrwxrwx 1 owner group 0 Jun 12 2017 Logs
drwxrwxrwx 1 owner group 0 Aug 16 2019 SDszámla
drwxrwxrwx 1 owner group 0 Jan 3 2017 SDszámla-teszt
drwxrwxrwx 1 owner group 0 Dec 4 2014 SzlaHitelesites
---- Got EOF on data connection
---- Closing data socket
copy: get hit eof
copy: waiting for put confirmation
copy: put confirmed store
copy: get is finished - all done
---- Closing idle connection
---> QUIT
<--- 221 Goodbye.
---- Closing control socket```
这是一个 OS 相关的错误
OSError: [Errno 0] Error
这意味着它是由您的系统引起的。
这可能与客户端和服务器之间的一些firewall/NAT/Proxy干扰有关。
您可以尝试关闭您的防火墙,看看能否解决。您还应该查看您的 Antivirus,看看它是否阻止了任何东西。
我尝试了很多不同的事情,包括通过以下方式使用不同的 ssl 协议:
ftps.ssl_version = ssl.PROTOCOL_TLSv1_2
原来这一行不会有任何效果,因为它被库默认覆盖。
详情:
解决方案是在构造 FTP_TLS 时将 SSL 版本包装在上下文中,如下所示:
ctx = ssl._create_stdlib_context(ssl.PROTOCOL_TLSv1_2)
ftps = FTP_TLS(context=ctx)
...
这解决了我的问题。