FTPWebRequest & SSL  
Author Message
mohanit





PostPosted: .NET Framework Networking and Communication, FTPWebRequest & SSL Top

Hi,

I'm trying to do FTP over SSL (Explicit).

When i try to access the Response like this
response = (FtpWebResponse)request.GetResponse();

I'm getting the error
Remote certificate was verified as invalid by the user.

I'm able to login to the same ftp server & list the directory without using the SSL but when I use SSL i'm getting the error.

I'm adding part of the tracing log file containing the error. Can anyone tell me how to fix the error

Thanks
Mohan

System.Net Information: 0 : [2512] SecureChannel#50510248 - Remote certificate has errors:
System.Net Information: 0 : [2512] SecureChannel#50510248 - A certificate chain processed correctly, but terminated in a root certificate which is not trusted by the trust provider.

System.Net Information: 0 : [2512] SecureChannel#50510248 - Remote certificate was verified as invalid by the user.
System.Net.Sockets Verbose: 0 : [2512] Socket#7588182::Dispose()
System.Net Information: 0 : [2512] FtpWebRequest#32977404::(Releasing FTP connection#5923895.)
System.Net Error: 0 : [2512] Exception in the FtpWebRequest#32977404::GetResponse - The remote certificate is invalid according to the validation procedure.
System.Net Error: 0 : [2512] at System.Net.FtpWebRequest.SyncRequestCallback(Object obj)
at System.Net.FtpWebRequest.RequestCallback(Object obj)
at System.Net.CommandStream.Abort(Exception e)
at System.Net.FtpWebRequest.FinishRequestStage(RequestStage stage)
at System.Net.FtpWebRequest.GetResponse()
System.Net Verbose: 0 : [2512] Exiting FtpWebRequest#32977404::GetResponse()



.NET Development22  
 
 
mohanit





PostPosted: .NET Framework Networking and Communication, FTPWebRequest & SSL Top

When I'm using SmartFTp or FireFtp i'm able to access the SSL ftp server but it does not work when I try to access it in c#....

This is the code i'm using....

using System;
using System.Collections.Generic;
using System.Text;
using System.Net;
using System.IO;
using System.Net.Security;
using System.Security.Policy;
using System.Security.Cryptography.X509Certificates;
using System.Security.Cryptography;
namespace CheckFTP
{
class Program1
{
static void Main(string[] args)
{
try
{
FtpWebResponse response = null;
// The serverUri parameter should start with the ftp:// scheme.
UriBuilder uriBuilder = new UriBuilder();
uriBuilder.Host = "something.com";
if (Uri.CheckSchemeName(Uri.UriSchemeFtp))
{
uriBuilder.Scheme = Uri.UriSchemeFtp;
}

Uri serverUri = new Uri(uriBuilder.ToString());

// Get the object used to communicate with the server.
FtpWebRequest request = (FtpWebRequest)HttpWebRequest.Create(serverUri);
request.KeepAlive = false;
request.Method = WebRequestMethods.Ftp.ListDirectoryDetails;
request.Credentials = new NetworkCredential("username", "password");
request.EnableSsl = true;
//X509CertificateCollection ClientCertificates = new X509CertificateCollection();
//ClientCertificates = request.ClientCertificates;


request.UsePassive = true;
request.UseBinary = true;
request.Proxy = null;

// Get the ServicePoint object used for this request, and limit it to one connection.
// In a real-world application you might use the default number of connections (2),
// or select a value that works best for your application.

ServicePoint sp = request.ServicePoint;
Console.WriteLine("ServicePoint connections = {0}.", sp.ConnectionLimit);
sp.ConnectionLimit = 1;

try
{

response = (FtpWebResponse)request.GetResponse();
}
catch (Exception ex1)
{
Console.WriteLine(ex1.ToString());

}

Console.WriteLine("The content length is {0}", response.ContentLength);
// The following streams are used to read the data returned from the server.
Stream responseStream = null;
StreamReader readStream = null;
try
{
responseStream = response.GetResponseStream();
readStream = new StreamReader(responseStream, System.Text.Encoding.UTF8);

if (readStream != null)
{
// Display the data received from the server.
Console.WriteLine(readStream.ReadToEnd());
}
Console.WriteLine("List status: {0}", response.StatusDescription);
}
finally
{
if (readStream != null)
{
readStream.Close();
}
if (response != null)
{
response.Close();
}
}
}

catch (Exception ex1)
{
Console.WriteLine(ex1.ToString());

}
}
}
}


 
 
Durgaprasad Gorti





PostPosted: .NET Framework Networking and Communication, FTPWebRequest & SSL Top

The server certificate you are using is not trusted by your machine
So the SSL is failing. To get a chance to override the behavior
use
ServicePointManager.ServerCertificateValidationCallback
something along the lines of

//Hook a callback to verify the remote certificate
ServicePointManager.ServerCertificateValidationCallback =
new RemoteCertificateValidationCallback(MyCertValidationCb);

public static bool MyCertValidationCb(
object sender,
X509Certificate certificate,
X509Chain chain,
SslPolicyErrors sslPolicyErrors)
{
if ((sslPolicyErrors & SslPolicyErrors.RemoteCertificateChainErrors)
== SslPolicyErrors.RemoteCertificateChainErrors)
{
return false;
}
else if ((sslPolicyErrors & SslPolicyErrors.RemoteCertificateNameMismatch)
== SslPolicyErrors.RemoteCertificateNameMismatch)
{
Zone z;
z = Zone.CreateFromUrl(((HttpWebRequest)sender).RequestUri.ToString());
if (z.SecurityZone == System.Security.SecurityZone.Intranet
|| z.SecurityZone == System.Security.SecurityZone.MyComputer)
{
return true;
}
return false;
}
return false;
}
}



 
 
mohanit





PostPosted: .NET Framework Networking and Communication, FTPWebRequest & SSL Top

Thanks Durgaprasad...I added the callback that you had given & changed the 1st if condition to return true...since it always failed on the 1st condition...now i get the directory listing...is that the right way to fix the pblm or is there any config changes that are need on the client/server so that it gets validated properly...

btw, I still get the error message in the trace log..."A certificate chain processed correctly, but terminated in a root certificate which is not trusted by the trust provider." How do I fix this

System.Net Information: 0 : [3312] SecureChannel#11679222 - Remote certificate has errors:
System.Net Information: 0 : [3312] SecureChannel#11679222 - A certificate chain processed correctly, but terminated in a root certificate which is not trusted by the trust provider.

System.Net Information: 0 : [3312] SecureChannel#11679222 - Remote certificate was verified as valid by the user.
System.Net Verbose: 0 : [3312] Exiting FtpWebRequest#28068188::GetResponse()
System.Net.Sockets Verbose: 0 : [3312] Socket#34160229::Receive()
System.Net.Sockets Verbose: 0 : [3312] Data from Socket#34160229::Receive
System.Net.Sockets Verbose: 0 : [3312] 00000000 : 17 03 01 00 60 : ....`
System.Net.Sockets Verbose: 0 : [3312] Exiting Socket#34160229::Receive() -> 5#5
System.Net.Sockets Verbose: 0 : [3312] Socket#34160229::Receive()
System.Net.Sockets Verbose: 0 : [3312] Data from Socket#34160229::Receive

Thanks
Mohan

 
 
Durgaprasad Gorti





PostPosted: .NET Framework Networking and Communication, FTPWebRequest & SSL Top

What this means is that the issuer of the cert from the server is not trusted.
You should not, for security reasons, trust those certs unless you know exactly what it is you are doing.
What you need to do is to look at the cert, find out what the issuer is, and add that issuer to the
"Trusted Root Cert Authorities" using MMC / Certificates snap in



 
 
mohanit





PostPosted: .NET Framework Networking and Communication, FTPWebRequest & SSL Top

Thanks Durgaprasad....I now know how to add the Trusted Root Cert Authorities from the Certificate though i didnt actually add it & test it...