python - 使用 ftplib.FTP_TLS 对 ftps 服务器进行身份验证期间出现 OSError
问题描述
我正在尝试使用以下代码使用 ftplib 连接到 ftps (IIS) 服务器:
>>> ftps=FTP_TLS()
>>> ftps.set_debuglevel(2)
>>> ftps.connect(host, port)
*get* '220 Microsoft FTP Service\n'
*resp* '220 Microsoft FTP Service'
'220 Microsoft FTP Service'
>>> ftps.login(user, pw)
*cmd* 'AUTH TLS'
*put* 'AUTH TLS\r\n'
*get* '234 AUTH command ok. Expecting TLS Negotiation.\n'
*resp* '234 AUTH command ok. Expecting TLS Negotiation.'
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/local/lib/python3.7/ftplib.py", line 749, in login
self.auth()
File "/usr/local/lib/python3.7/ftplib.py", line 761, in auth
server_hostname=self.host)
File "/usr/local/lib/python3.7/ssl.py", line 423, in wrap_socket
session=session
File "/usr/local/lib/python3.7/ssl.py", line 870, in _create
self.do_handshake()
File "/usr/local/lib/python3.7/ssl.py", line 1139, in do_handshake
self._sslobj.do_handshake()
OSError: [Errno 0] Error
为什么我会得到上面的 - 不太具有说服力的 - 异常?
我正在使用 Python 3.7.5
我尝试使用 lftp 登录,我可以连接到它。我唯一要做的就是禁用 ssl 证书验证。这可能是 ftplib 问题的根源吗?
lftp的输出:
lftp :~> set ssl:verify-certificate false
lftp :~> open hapuser@192.168.140.225:2121
notice: cannot open /home/jenkins/.netrc: No such file or directory
Password:
---- dns cache hit
lftp hapuser@192.168.140.225:~> ls
---- dns cache hit
---- attempt number 1 (max_retries=1000)
---- Connecting to 192.168.140.225 (192.168.140.225) port 2121
<--- 220 Microsoft FTP Service
---> FEAT
<--- 211-Extended features supported:
<--- LANG EN*
<--- UTF8
<--- AUTH TLS;TLS-C;SSL;TLS-P;
<--- PBSZ
<--- PROT C;P;
<--- CCC
<--- HOST
<--- SIZE
<--- MDTM
<--- REST STREAM
<--- 211 END
---> AUTH TLS
<--- 234 AUTH command ok. Expecting TLS Negotiation.
---> LANG
Certificate: C=HU,ST=.,L=.,O=GDF,OU=.,CN=APP-FS-FTP
Issued by: DC=hu,DC=egaz-degaz,CN=egaz-degaz-MASTER-DC-CA
WARNING: Certificate verification: Not trusted (AF:7B:B6:5F:D1:EF:C9:CC:AA:18:EF:3E:94:15:EF:DB:77:F5:3D:4D)
WARNING: Certificate verification: Expired (AF:7B:B6:5F:D1:EF:C9:CC:AA:18:EF:3E:94:15:EF:DB:77:F5:3D:4D)
WARNING: Certificate verification: certificate common name doesn't match requested host name ‘192.168.140.225’ (AF:7B:B6:5F:D1:EF:C9:CC:AA:18:EF:3E:94:15:EF:DB:77:F5:3D:4D)
<--- 200 Language is now English, UTF-8 encoding.
---> OPTS UTF8 ON
<--- 200 OPTS UTF8 command successful - UTF8 encoding now ON.
---> HOST 192.168.140.225
<--- 504 Server cannot accept argument.
---> USER hapuser
<--- 331 Password required
---> PASS XXXX
<--- 230-Directory has 111,319,724,032 bytes of disk space available.
<--- 230 User logged in.
---> PWD
<--- 257 "/" is current directory.
---> PBSZ 0
<--- 200 PBSZ command successful.
---> PROT P
<--- 200 PROT command successful.
---> PASV
<--- 227 Entering Passive Mode (192,168,140,225,22,108).
---- Connecting data socket to (192.168.140.225) port 5740
---- Data connection established
0:0 translated to pair 0:0 (0,0)
0 translated to pair 0:0 (0,0)
0:0 translated to pair 0:0 (0,0)
0 translated to pair 0:0 (0,0)
0:0 translated to pair 0:0 (0,0)
0 translated to pair 0:0 (0,0)
---> LIST
<--- 125 Data connection already open; Transfer starting.
Certificate: C=HU,ST=.,L=.,O=GDF,OU=.,CN=APP-FS-FTP
Issued by: DC=hu,DC=egaz-degaz,CN=egaz-degaz-MASTER-DC-CA
WARNING: Certificate verification: Not trusted (AF:7B:B6:5F:D1:EF:C9:CC:AA:18:EF:3E:94:15:EF:DB:77:F5:3D:4D)
WARNING: Certificate verification: Expired (AF:7B:B6:5F:D1:EF:C9:CC:AA:18:EF:3E:94:15:EF:DB:77:F5:3D:4D)
WARNING: Certificate verification: certificate common name doesn't match requested host name ‘192.168.140.225’ (AF:7B:B6:5F:D1:EF:C9:CC:AA:18:EF:3E:94:15:EF:DB:77:F5:3D:4D)
<--- 226-Directory has 111,319,670,784 bytes of disk space available.
<--- 226 Transfer complete.
drwxrwxrwx 1 owner group 0 Jul 14 15:07 docuscan
drwxrwxrwx 1 owner group 112 Jul 14 15:07 Leolvasas
drwxrwxrwx 1 owner group 662540 Jul 14 15:07 ContactExport
drwxrwxrwx 1 owner group 1099644 Jul 14 15:07 HAP
drwxrwxrwx 1 owner group 0 Sep 25 2015 aspnet_client
drwxrwxrwx 1 owner group 0 May 15 2017 Dgaaa
drwxrwxrwx 1 owner group 0 Sep 15 2016 EFMH
drwxrwxrwx 1 owner group 0 Dec 4 2014 EFMH_TESZT
drwxrwxrwx 1 owner group 0 Mar 6 2015 Flowlogic
drwxrwxrwx 1 owner group 0 Jul 6 2016 Kimenő_levelek
drwxrwxrwx 1 owner group 0 Aug 16 2018 Leolvasas_arch
drwxrwxrwx 1 owner group 0 Jun 12 2017 Logs
drwxrwxrwx 1 owner group 0 Aug 16 2019 SDszámla
drwxrwxrwx 1 owner group 0 Jan 3 2017 SDszámla-teszt
drwxrwxrwx 1 owner group 0 Dec 4 2014 SzlaHitelesites
---- Got EOF on data connection
---- Closing data socket
copy: get hit eof
copy: waiting for put confirmation
copy: put confirmed store
copy: get is finished - all done
---- Closing idle connection
---> QUIT
<--- 221 Goodbye.
---- Closing control socket```
解决方案
我尝试了很多不同的东西,包括通过以下方式使用不同的 ssl 协议:
ftps.ssl_version = ssl.PROTOCOL_TLSv1_2
原来这一行不会有任何影响,因为它被库默认值覆盖。
详细信息:使用 ftplib 连接到 FTP TLS 1.2 服务器
解决方案是在构造时将 SSL 版本包装在上下文中FTP_TLS
:
ctx = ssl._create_stdlib_context(ssl.PROTOCOL_TLSv1_2)
ftps = FTP_TLS(context=ctx)
...
这解决了我的问题。
推荐阅读
- python - 从 pandas.read_csv() 中删除重复的列
- java - 如何使用 crawler4J 从网站获取所有图像
- java - 如何将 PrinterWriter OutputStream 的值存储为变量?
- php - 使用 pin 登录,但显示“Welcome $username”
- angular - 当canActivate返回false时如何重定向另一个组件?
- angular - 如何将离子选择值从 1 循环到 api 中的数字?
- http - MultipartEntityBuilder 包 org.apache.http.entity.mime 不存在
- jquery - Sharepoint 2010:跟踪链接到文档内容类型的点击:使用 jQuery 在自定义列表中存储和更新值。
- java - 如何在 Linux 上使用 Java 程序导出路径?
- mysql - 是“在 (1,2,3) 中设置 a = 2 和 b”有效的 mysql 语法