2

When I try to connect to my FTP server to upload a file with FluentFTP I get this:

The remote certificate is invalid according to the validation procedure.

Yet FileZilla works fine with no error or warnings.

Am I doing something wrong and if it's actually a problem with the server how can I ignore this error

Here's my code:

var credentials = new NetworkCredential(Username, Password);
FtpClient client = new FtpClient(Host, credentials)
{
    Port = Port,
    EncryptionMode = FtpEncryptionMode.Explicit
};
client.DataConnectionEncryption = true;

client.Connect();
var result = client.UploadFileAsync(FilePathName, RemotePathName, AllowOverwrite ? FtpExists.Overwrite : FtpExists.Skip, CreateRemoteDirectory, token).GetAwaiter().GetResult();
client.Disconnect();

I also tried adding the event client.ValidateCertificate += Client_ValidateCertificate;

private static void Client_ValidateCertificate(FtpClient control, FtpSslValidationEventArgs e)
{
    e.PolicyErrors = SslPolicyErrors.None;
}

but I couldn't get that to work either I still get the same error.

Here's the output from FileZilla:

Status: Selected port usually in use by a different protocol.
Status: Resolving address of xxxxxxxxxxxxxxxxxxxxxx
Status: Connecting to xxx.xxx.xxx.xxx:xx...
Status: Connection established, waiting for welcome message...
Status: Initializing TLS...
Status: Verifying certificate...
Status: TLS connection established.
Status: Logged in
Status: Retrieving directory listing of "xxxxxxxxxxxxx"...
Status: Directory listing of "xxxxxxxxxxxxx" successful
Martin Prikryl
  • 188,800
  • 56
  • 490
  • 992
LorneCash
  • 1,446
  • 2
  • 16
  • 30

1 Answers1

7

Client_ValidateCertificate needs to manually accept the certificate like this:

private static void Client_ValidateCertificate(FtpClient control, FtpSslValidationEventArgs e)
{
    e.Accept = true;
}

However it's really a bad idea to just blindly accept any Certificate. I ended up doing something like this:

private void Client_ValidateCertificate(FtpClient control, FtpSslValidationEventArgs e)
{
    if (e.PolicyErrors == SslPolicyErrors.None || e.Certificate.GetRawCertDataString() == TrustedRawCertData)
    {
        e.Accept = true;
    }
    else
    {
        throw new Exception($"{e.PolicyErrors}{Environment.NewLine}{GetCertificateDetails(e.Certificate)}");
    }
}
Mark Amery
  • 143,130
  • 81
  • 406
  • 459
LorneCash
  • 1,446
  • 2
  • 16
  • 30
  • Blindly accepting any certificate is as bad as not using an encryption at all. – Martin Prikryl May 15 '17 at 06:18
  • I didn't think the certificate and encryption had anything to do with each other. Doesn't encryption affect files/requests in transit and the certificate verifies who you're taking to? Therefore if you know who you're talking to you can ignore the certificate, but you still want to encryption​ so no one else can intercept your traffic. Please educate me if I'm incorrect. – LorneCash May 15 '17 at 06:29
  • Maybe a better question would have been to ask how to set/change the validation procedure. Again if you have any insite please share. – LorneCash May 15 '17 at 06:32
  • If you blindly accept any certificate, **you do not know**, who are you talking to. You can be easily a victim of [MITM attack](https://en.wikipedia.org/wiki/Man-in-the-middle_attack). – Martin Prikryl May 15 '17 at 06:43
  • You didn't tell us what is the problem with the certificate (what are the details of the `FtpSslValidationEventArgs`), so we cannot provide you a more specific help. – Martin Prikryl May 15 '17 at 06:44
  • I looked all through it and didn't see anything I thought would help. The only thing i could find was this "A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider." I'm wondering if this is a bug on the FluentFTP side because Filezilla doesn't show any problems with verifying the certificate. – LorneCash May 15 '17 at 07:01
  • I didn't think that information would help anyone tell what my problem was since to me it doesn't really mean anything more than "certificate error". If you have any suggestions I should try please lmk. – LorneCash May 15 '17 at 07:21
  • 1
    Are you sure you havn't to told FileZilla to trust the certificate in past? Try to delete (temporary rename) the `C:\Users\username\AppData\Roaming\FileZilla\trustedcerts.xml`. – Martin Prikryl May 15 '17 at 07:31