delphi - Indy TIdFTP SSL 未知证书
问题描述
我正在使用 Delphi 10.x 和 SSL FTP 客户端代码,它在我从 OVH 服务器使用的一台 FTP SSL 服务器上运行良好。然而,它不适用于另一个,我不明白为什么。
我有一个 10054 错误。
我在 ftptest.net 上测试过,没问题,见下文。
这是我添加到标准 FTP 客户端代码中的与 TLS/SSL 相关的代码
IdSSLIOHandlerSocketOpenSSL := TIdSSLIOHandlerSocketOpenSSL.Create(nil);
FFtp.IOHandler := IdSSLIOHandlerSocketOpenSSL;
FFTP.UseTLS := utUseExplicitTLS;
FFTP.DataPortProtection := ftpdpsPrivate;
这是 ftptest.net 的 LOG 文件
Status: Resolving address of s223.panelboxmanager.com
Status: Connecting to 2607:f748:1301:0:184:107:112:57
Status: Connected, waiting for welcome message...
Reply: 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
Reply: 220-You are user number 3 of 100 allowed.
Reply: 220-Local time is now 15:11. Server port: 21.
Reply: 220-This is a private system - No anonymous login
Reply: 220 You will be disconnected after 2 minutes of inactivity.
Command: CLNT https://ftptest.net on behalf of (Hidden IP)
Reply: 530 You aren't logged in
Command: AUTH TLS
Reply: 234 AUTH TLS OK.
Status: Performing TLS handshake...
Status: TLS handshake successful, verifying certificate...
Status: Received 2 certificates from server.
Status: cert[0]: subject='OU=Domain Control Validated,CN=*.panelboxmanager.com' issuer='C=BE,O=GlobalSign nv-sa,CN=AlphaSSL CA - SHA256 - G2'
Status: cert[1]: subject='C=BE,O=GlobalSign nv-sa,CN=AlphaSSL CA - SHA256 - G2' issuer='C=BE,O=GlobalSign nv-sa,OU=Root CA,CN=GlobalSign Root CA'
Command: USER XXXXX
Reply: 331 User XXXXX OK. Password required
Command: PASS *********
Reply: 230 OK. Current restricted directory is /
Command: SYST
Reply: 215 UNIX Type: L8
Command: FEAT
Reply: 211-Extensions supported:
Reply: EPRT
Reply: IDLE
Reply: MDTM
Reply: SIZE
Reply: MFMT
Reply: REST STREAM
Reply: MLST type*;size*;sizd*;modify*;UNIX.mode*;UNIX.uid*;UNIX.gid*;unique*;
Reply: MLSD
Reply: AUTH TLS
Reply: PBSZ
Reply: PROT
Reply: UTF8
Reply: TVFS
Reply: ESTA
Reply: PASV
Reply: EPSV
Reply: SPSV
Reply: ESTP
Reply: 211 End.
Command: PBSZ 0
Reply: 200 PBSZ=0
Command: PROT P
Reply: 200 Data protection level set to "private"
Command: PWD
Reply: 257 "/" is your current location
Status: Current path is /
Command: TYPE I
Reply: 200 TYPE is now 8-bit binary
Command: EPSV
Reply: 229 Extended Passive mode OK (|||33966|)
Command: MLSD
Status: Data connection established, performing TLS handshake...
Reply: 150 Accepted data connection
Status: TLS handshake successful, verifying certificate...
Status: Received 2 certificates from server.
Status: cert[0]: subject='OU=Domain Control Validated,CN=*.panelboxmanager.com' issuer='C=BE,O=GlobalSign nv-sa,CN=AlphaSSL CA - SHA256 - G2'
Status: cert[1]: subject='C=BE,O=GlobalSign nv-sa,CN=AlphaSSL CA - SHA256 - G2' issuer='C=BE,O=GlobalSign nv-sa,OU=Root CA,CN=GlobalSign Root CA'
Status: TLS session of transfer connection has been resumed.
Listing: type=cdir;sizd=331776;modify=20201227201104;UNIX.mode=0711;UNIX.uid=1432;UNIX.gid=1433;unique=ca06g4e40001; .
Listing: type=pdir;sizd=331776;modify=20201227201104;UNIX.mode=0711;UNIX.uid=1432;UNIX.gid=1433;unique=ca06g4e40001; ..
Listing: type=dir;sizd=4096;modify=20200914031725;UNIX.mode=0700;UNIX.uid=1432;UNIX.gid=1433;unique=ca06g4e40038; .autorespond
Listing: type=file;size=11333;modify=20200731001231;UNIX.mode=0600;UNIX.uid=1432;UNIX.gid=1433;unique=ca06g4e4405e; .bash_history
Listing: type=file;size=33;modify=20091230222848;UNIX.mode=0644;UNIX.uid=1432;UNIX.gid=1433;unique=ca06g4e400a8; .bash_logout
Listing: type=file;size=296;modify=20190608053032;UNIX.mode=0644;UNIX.uid=1432;UNIX.gid=1433;unique=ca06g4e4013e; .bash_profile
Listing: type=file;size=205;modify=20190608052818;UNIX.mode=0644;UNIX.uid=1432;UNIX.gid=1433;unique=ca06g4e40004; .bashrc
Listing: type=dir;sizd=4096;modify=20190608053226;UNIX.mode=0775;UNIX.uid=1432;UNIX.gid=1433;unique=ca06g5100940; .cache
Listing: type=dir;sizd=4096;modify=20180727100540;UNIX.mode=0771;UNIX.uid=1432;UNIX.gid=1433;unique=ca06g4e4003b; .cagefs
Listing: type=dir;sizd=4096;modify=20201215110057;UNIX.mode=0755;UNIX.uid=1432;UNIX.gid=1433;unique=ca06g4e4003d; .cl.selector
Reply: 226-Options: -a -l
Reply: 226 68 matches total
Status: Skipped display of 58 listing lines
Status: Success
解决方案
只需添加这个,它就解决了这个问题:
IdSSLIOHandlerSocketOpenSSL.SSLOptions.Method := sslvTLSv1_2;
有时这很棘手....还将 ssleay32.dll 和 libeay32.dll 更新为最新版本:
我认为这条线可以启用所有 SSL 版本
IdSSLIOHandlerSocketOpenSSL.SSLOptions.SSLVersions := [sslvSSLv2, sslvSSLv23, sslvSSLv3, sslvTLSv1,sslvTLSv1_1,sslvTLSv1_2];
欢迎任何评论,如果将这条线与所有版本一起放置可能是一个问题。
推荐阅读
- apache-nifi - 管理 apache nifi 自定义处理器中的偏移量
- c# - 如果 curl 大括号为什么要构造函数
- java - 如何在java中使用有时会更改为CSV格式的模式格式化大字符串
- flutter - 如何在 Flutter 中使用带有多行文本的省略号溢出
- javascript - 如果我的键类型为数字,为什么 React 会抱怨我没有唯一键?
- python - 我发生了错误异常:TypeError 元组索引必须是整数或切片,而不是 str(Open CV)?
- javascript - 无法推送嵌套数组中子项的数据子项
- vba - 将表存储在内存中(ArrayList?)
- javascript - Reducer 没有将数据保存到 React Context API 中的状态
- node.js - Gulp 在正常工作一年多后停止工作,现在在命令行中出现“无法识别术语 'gulp'”错误