A vendor I grab a file from is changing from FTP to FTP over SSL.
I am trying to update my code from net/ftp to net/ftptls
The new host I need to connect to is not certified and my script reports back this error.
hostname was not match with the server certificate
The vendor will not fix this.
Looking at /usr/lib/ruby/1.8/net/ftptls.rb I thought it wouldn't be too hard to monkey-patch FTPTLS to ignore the untrusted host.
I tried changing verify_mode to OpenSSL::SSL::VERIFY_NONE and commenting out the post_connection_check` line.
neither worked.
Any thoughts on how to do this?
require 'socket'
require 'openssl'
require 'net/ftp'
module Net
class FTPTLS < FTP
def connect(host, port=FTP_PORT)
@hostname = host
super
end
def login(user = "anonymous", passwd = nil, acct = nil)
store = OpenSSL::X509::Store.new
store.set_default_paths
ctx = OpenSSL::SSL::SSLContext.new('SSLv23')
ctx.cert_store = store
ctx.verify_mode = OpenSSL::SSL::VERIFY_PEER
ctx.key = nil
ctx.cert = nil
voidcmd("AUTH TLS")
@sock = OpenSSL::SSL::SSLSocket.new(@sock, ctx)
@sock.connect
@sock.post_connection_check(@hostname)
super(user, passwd, acct)
voidcmd("PBSZ 0")
end
end
end
This may be the world's slowest answer, but I ran across your question and it helped my fix it myself, so I wanted to post for posterity.
You were very close, you just need to also comment out #post_connection_check.
What I did, rather than monkeypatching ruby itself, was bring a copy of this into /lib of my project.
module Net
class FTPTLS < FTP
def connect(host, port=FTP_PORT)
@hostname = host
super
end
def login(user = "anonymous", params = {:password => nil, :acct => nil, :ignore_cert => false})
store = OpenSSL::X509::Store.new
store.set_default_paths
ctx = OpenSSL::SSL::SSLContext.new('SSLv23')
ctx.cert_store = store
ctx.verify_mode = params[:ignore_cert] ? OpenSSL::SSL::VERIFY_NONE : OpenSSL::SSL::VERIFY_PEER
ctx.key = nil
ctx.cert = nil
voidcmd("AUTH TLS")
@sock = OpenSSL::SSL::SSLSocket.new(@sock, ctx)
@sock.connect
@sock.post_connection_check(@hostname) unless params[:ignore_cert]
super(user, params[:password], params[:acct])
voidcmd("PBSZ 0")
end
end
end
I also cleaned up the param passing a bit. You would use this like so:
require 'ftptls' # Use my local version, not net/ftptls
@ftp_connection = Net::FTPTLS.new()
@ftp_connection.passive = true
@ftp_connection.connect(host, 21)
@ftp_connection.login('user', :password => 'pass', :ignore_cert => true)
HTH
I know this is probably too late for Poul but I found the double-bag-ftps gem to be sufficient and easy to use when I had to do something similar.
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 再贱就再见 的文章《Connect to uncertified host via FTP over TLS/SSL》','https://www.manongdao.com/article-684207.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}