I am trying to connect to a ftps site that I know has an invalid certificate
and the following exs script
{:ok, ftp_client} = :ftp.open(host,[verbose: true,debug: :trace, timeout: 4000, tls: [verify: :verify_none, client_reuse_sessions: false, log_level: :debug] ])
:ftp.user(ftp_client, username, password)
res = :ftp.nlist(ftp_client)
IO.inspect(res)
fails after
reading (134 bytes) TLS 1.2 Record Protocol, application_data
with
{:error, {:ssl_connect_failed, :closed}}
(<0.101.0>) returned from ftp:accept_data_connection/1 -> {error,
{ssl_connect_failed,
closed}}
(<0.101.0>) returned from ftp:handle_ctrl_result/2 -> {stop,normal,
{state,
{ssl,
{sslsocket,
{gen_tcp,
#Port<0.6>,
tls_connection,
undefined},
[<0.132.0>,
<0.131.0>]}},
{tcp,#Port<0.7>},
[{verify,verify_none},
{client_reuse_sessions,
false},
{log_level,debug}],
true,"/tmp",
ftp_server_default,
false,passive,60000,
<<>>,
{<<>>,[],start},
"150 Opening data channel for directory listing of \"/\"\r\n",
<0.95.0>,undefined,
{dir,[]},
inet,[],[],[],ignore,
infinity,false,false}}
The host is an IP address;
both curl (with -k) and lftp (with set ssl:verify-certificate no) can list the site and both return
an expired and self-signed certificate.
I was supposing that {verify,verify_none} does the same, but it is not…perhaps a more complete tls configuration ?
