OSError during authenticating to an ftps server with ftplib.FTP_TLS

Question

I'm trying to connect to an ftps (IIS) server with ftplib with the following code:

>>> ftps=FTP_TLS()
>>> ftps.set_debuglevel(2)
>>> ftps.connect(host, port)
*get* '220 Microsoft FTP Service
'
*resp* '220 Microsoft FTP Service'
'220 Microsoft FTP Service'
>>> ftps.login(user, pw)
*cmd* 'AUTH TLS'
*put* 'AUTH TLS
'
*get* '234 AUTH command ok. Expecting TLS Negotiation.
'
*resp* '234 AUTH command ok. Expecting TLS Negotiation.'
Traceback (most recent call last):
  File "", line 1, in 
  File "/usr/local/lib/python3.7/ftplib.py", line 749, in login
    self.auth()
  File "/usr/local/lib/python3.7/ftplib.py", line 761, in auth
    server_hostname=self.host)
  File "/usr/local/lib/python3.7/ssl.py", line 423, in wrap_socket
    session=session
  File "/usr/local/lib/python3.7/ssl.py", line 870, in _create
    self.do_handshake()
  File "/usr/local/lib/python3.7/ssl.py", line 1139, in do_handshake
    self._sslobj.do_handshake()
OSError: [Errno 0] Error

Why do I get the - not too descreptive - exception above?
I'm using Python 3.7.5

I have tried to login with lftp and I could connect to it. The only thing I had to do is disable ssl certificate verification. Can this be the source of the problem for ftplib?

output of lftp:

lftp :~> set ssl:verify-certificate false
lftp :~> open hapuser@192.168.140.225:2121
notice: cannot open /home/jenkins/.netrc: No such file or directory
Password:
---- dns cache hit
lftp hapuser@192.168.140.225:~> ls
---- dns cache hit
---- attempt number 1 (max_retries=1000)
---- Connecting to 192.168.140.225 (192.168.140.225) port 2121
<--- 220 Microsoft FTP Service
---> FEAT
<--- 211-Extended features supported:
<---  LANG EN*
<---  UTF8
<---  AUTH TLS;TLS-C;SSL;TLS-P;
<---  PBSZ
<---  PROT C;P;
<---  CCC
<---  HOST
<---  SIZE
<---  MDTM
<---  REST STREAM
<--- 211 END
---> AUTH TLS
<--- 234 AUTH command ok. Expecting TLS Negotiation.
---> LANG
Certificate: C=HU,ST=.,L=.,O=GDF,OU=.,CN=APP-FS-FTP
 Issued by: DC=hu,DC=egaz-degaz,CN=egaz-degaz-MASTER-DC-CA
WARNING: Certificate verification: Not trusted (AF:7B:B6:5F:D1:EF:C9:CC:AA:18:EF:3E:94:15:EF:DB:77:F5:3D:4D)
WARNING: Certificate verification: Expired (AF:7B:B6:5F:D1:EF:C9:CC:AA:18:EF:3E:94:15:EF:DB:77:F5:3D:4D)
WARNING: Certificate verification: certificate common name doesn't match requested host name ‘192.168.140.225’ (AF:7B:B6:5F:D1:EF:C9:CC:AA:18:EF:3E:94:15:EF:DB:77:F5:3D:4D)
<--- 200 Language is now English, UTF-8 encoding.
---> OPTS UTF8 ON
<--- 200 OPTS UTF8 command successful - UTF8 encoding now ON.
---> HOST 192.168.140.225
<--- 504 Server cannot accept argument.
---> USER hapuser
<--- 331 Password required
---> PASS XXXX
<--- 230-Directory has 111,319,724,032 bytes of disk space available.
<--- 230 User logged in.
---> PWD
<--- 257 "/" is current directory.
---> PBSZ 0
<--- 200 PBSZ command successful.
---> PROT P
<--- 200 PROT command successful.
---> PASV
<--- 227 Entering Passive Mode (192,168,140,225,22,108).
---- Connecting data socket to (192.168.140.225) port 5740
---- Data connection established
0:0 translated to pair 0:0 (0,0)
0 translated to pair 0:0 (0,0)
0:0 translated to pair 0:0 (0,0)
0 translated to pair 0:0 (0,0)
0:0 translated to pair 0:0 (0,0)
0 translated to pair 0:0 (0,0)
---> LIST
<--- 125 Data connection already open; Transfer starting.
Certificate: C=HU,ST=.,L=.,O=GDF,OU=.,CN=APP-FS-FTP
 Issued by: DC=hu,DC=egaz-degaz,CN=egaz-degaz-MASTER-DC-CA
WARNING: Certificate verification: Not trusted (AF:7B:B6:5F:D1:EF:C9:CC:AA:18:EF:3E:94:15:EF:DB:77:F5:3D:4D)
WARNING: Certificate verification: Expired (AF:7B:B6:5F:D1:EF:C9:CC:AA:18:EF:3E:94:15:EF:DB:77:F5:3D:4D)
WARNING: Certificate verification: certificate common name doesn't match requested host name ‘192.168.140.225’ (AF:7B:B6:5F:D1:EF:C9:CC:AA:18:EF:3E:94:15:EF:DB:77:F5:3D:4D)
<--- 226-Directory has 111,319,670,784 bytes of disk space available.
<--- 226 Transfer complete.
drwxrwxrwx   1 owner    group               0 Jul 14 15:07 docuscan
drwxrwxrwx   1 owner    group             112 Jul 14 15:07 Leolvasas
drwxrwxrwx   1 owner    group          662540 Jul 14 15:07 ContactExport
drwxrwxrwx   1 owner    group         1099644 Jul 14 15:07 HAP
drwxrwxrwx   1 owner    group               0 Sep 25  2015 aspnet_client
drwxrwxrwx   1 owner    group               0 May 15  2017 Dgaaa
drwxrwxrwx   1 owner    group               0 Sep 15  2016 EFMH
drwxrwxrwx   1 owner    group               0 Dec  4  2014 EFMH_TESZT
drwxrwxrwx   1 owner    group               0 Mar  6  2015 Flowlogic
drwxrwxrwx   1 owner    group               0 Jul  6  2016 Kimenő_levelek
drwxrwxrwx   1 owner    group               0 Aug 16  2018 Leolvasas_arch
drwxrwxrwx   1 owner    group               0 Jun 12  2017 Logs
drwxrwxrwx   1 owner    group               0 Aug 16  2019 SDszámla
drwxrwxrwx   1 owner    group               0 Jan  3  2017 SDszámla-teszt
drwxrwxrwx   1 owner    group               0 Dec  4  2014 SzlaHitelesites
---- Got EOF on data connection
---- Closing data socket
copy: get hit eof
copy: waiting for put confirmation
copy: put confirmed store
copy: get is finished - all done
---- Closing idle connection
---> QUIT
<--- 221 Goodbye.
---- Closing control socket```

Zooty · Accepted Answer

I tried lots of different things, including using different ssl protocols by doing:

ftps.ssl_version = ssl.PROTOCOL_TLSv1_2

Turns out this line won't have any effect, because it is overwritten by the library default.

Details: Connect to FTP TLS 1.2 Server with ftplib

The solution is to give the SSL version wrapped in a context while constructing FTP_TLS like this:

ctx = ssl._create_stdlib_context(ssl.PROTOCOL_TLSv1_2)
ftps = FTP_TLS(context=ctx)
...

This solved my problem.

OSError during authenticating to an ftps server with ftplib.FTP_TLS

Answers (2)

Related Questions