0

I am trying to upload files to an FTP server (FTPS). Running the following code produces the exception:

The remote certificate is invalid according to the validation procedure.

The code: 

static void Main(string[] args)
{
    FTPFactory ftp = new FTPFactory();

    ftp.setDebug(true);
    ftp.setRemoteHost("ftps.host");
    //Connect to SSL Port (5920)
    ftp.setRemotePort(5920);
    ftp.loginWithoutUser();

    string cmd = "AUTH SSL";
    ftp.sendCommand(cmd);

    //Create SSL Stream
        ftp.getSslStream();
        ftp.setUseStream(true);
    //Login  FTP Secure
    //     ftp.setRemoteUser(Settings.Default.TargetFtpSecureUser);
    ftp.setRemoteUser("user");
    //  ftp.setRemotePass(Settings.Default.TargetFtpSecurePass);
    ftp.setRemotePass("pass");
    ftp.login();

    //Set ASCII Mode
    ftp.setBinaryMode(false);


    //Upload file

    // Send Argument if you want
    // cmd = "site arg1 arg2";
    // ftp.sendCommand(cmd);

    ftp.upload("", false);
    ftp.uploadSecure(@"Filepath", false);

    ftp.close();
}
catch (Exception e)
{
    Console.WriteLine("Caught Error :" + e.Message);
}
}

this is the FTPFactory class:

using System;
using System.Net.Sockets;

namespace FTP_DLL
{
    public class FTPFactory
    {
        public FTPFactory();

        public void chdir(string dirName);
        public void close();
        public Socket createDataSocket();
        public void deleteRemoteFile(string fileName);
        public void download(string remFileName);
        public void download(string remFileName, bool resume);
        public void download(string remFileName, string locFileName);
        public void download(string remFileName, string locFileName, bool resume);
        public string[] getFileList(string mask);
        public long getFileSize(string fileName);
        public string getRemoteHost();
        public string getRemotePath();
        public int getRemotePort();
        public void getSslStream();
        public void getSslStream(Socket Csocket);
        public void login();
        public void loginWithoutUser();
        public void mkdir(string dirName);
        public void renameRemoteFile(string oldFileName, string newFileName);
        public void rmdir(string dirName);
        public void sendCommand(string command);
        public void setBinaryMode(bool mode);
        public void setDebug(bool debug);
        public void setRemoteHost(string remoteHost);
        public void setRemotePass(string remotePass);
        public void setRemotePath(string remotePath);
        public void setRemotePort(int remotePort);
        public void setRemoteUser(string remoteUser);
        public void setUseStream(bool value);
        public void upload(string fileName, bool resume);
        public void uploadSecure(string fileName, bool resume);
    }
}
Joel Coehoorn
  • 399,467
  • 113
  • 570
  • 794
David Munsa
  • 885
  • 1
  • 16
  • 30

2 Answers2

0

I would recommend taking a look at this article

From what it sounds like, the issue is that the FTP server is taking a look at your application's certificate, and not accepting it. As they explain in the article, there are plugins that allow you to get/make a certificate for your app that complies with your FTP server.

Dylan Corriveau
  • 2,561
  • 4
  • 29
  • 36
0

I don't see anything that indicates this is a client certificate problem. Are you sure that the certificate on the server matches the DNS name or IP address you are using and is not expired?

I am not familiar with the FTPFactory class that you are using. You should include a link to the web site for it.

However, if the underlying class used to perform the SSL connection is part of the .NET Framework, you can probably change the certificate validation behavior by setting ServicePointManager.ServerCertificateValidationCallback to a delegate like the one below. Other libraries may have a mechanism for overriding certificate validation behavior as well.

While this is fine for testing, I do not recommend bypassing certificate validation in production code. The certificate being presented by the server should be fixed instead.

    public static bool ServicePointManager_ServerCertificateValidationCallback(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
    {
        bool allowCertificate = true;

        if (sslPolicyErrors != SslPolicyErrors.None)
        {
            Console.WriteLine("Accepting the certificate with errors:");
            if ((sslPolicyErrors & SslPolicyErrors.RemoteCertificateNameMismatch) == SslPolicyErrors.RemoteCertificateNameMismatch)
            {
                Console.WriteLine("\tThe certificate subject {0} does not match.", certificate.Subject);
            }

            if ((sslPolicyErrors & SslPolicyErrors.RemoteCertificateChainErrors) == SslPolicyErrors.RemoteCertificateChainErrors)
            {
                Console.WriteLine("\tThe certificate chain has the following errors:");
                foreach (X509ChainStatus chainStatus in chain.ChainStatus)
                {
                    Console.WriteLine("\t\t{0}", chainStatus.StatusInformation);

                    if (chainStatus.Status == X509ChainStatusFlags.Revoked)
                    {
                        allowCertificate = false;
                    }
                }
            }

            if ((sslPolicyErrors & SslPolicyErrors.RemoteCertificateNotAvailable) == SslPolicyErrors.RemoteCertificateNotAvailable)
            {
                Console.WriteLine("No certificate available.");
                allowCertificate = false;
            }

            Console.WriteLine();
        }

        return allowCertificate;
    }
JamieSee
  • 12,696
  • 2
  • 31
  • 47