search

FubarDevelopment / FtpServer

Portable FTP server written in .NET
http://fubardevelopment.github.io/FtpServer/
MIT License
473 stars 161 forks source link

How can i avoid (or handle) exceptions when clients try to connect without TLS (implicit)? #88

Open mknet3 opened 4 years ago

mknet3 commented 4 years ago

I have FTP with implicit TLS forced configured in this way: 

            var base64 = configuration.GetValue<string>("FtpsServer:Certificate");
            var bytes = Convert.FromBase64String(base64);
            var certificate = new X509Certificate2(bytes);
            services.Configure<AuthTlsOptions>(options =>
            {
                options.ServerCertificate = certificate;
                options.ImplicitFtps = true;
            });

            services
                .AddSingleton(new ImplicitFtpsControlConnectionStreamAdapterOptions(certificate))
                .AddSingleton<IFtpControlStreamAdapter, ImplicitFtpsControlConnectionStreamAdapter>();

            // Ensure that PROT and PBSZ commands are working.
            services.Decorate<IFtpServer>(
                (ftpServer, _) =>
                {
                    ftpServer.ConfigureConnection += (s, e) =>
                    {
                        var serviceProvider = e.Connection.ConnectionServices;
                        var stateMachine = serviceProvider.GetRequiredService<IFtpLoginStateMachine>();
                        var authTlsMechanism = serviceProvider.GetRequiredService<IEnumerable<IAuthenticationMechanism>>()
                            .Single(x => x.CanHandle("TLS"));
                        stateMachine.Activate(authTlsMechanism);
                    };

                    return ftpServer;
                });

But when a client try to connect without TLS, timeout is produced and an exception is thrown:

System.IO.IOException at FubarDev.FtpServer.Authentication.DefaultSslStreamWrapperFactory+<WrapStreamAsync>d__2.MoveNext

Authentication failed because the remote party has closed the transport stream.

This exception generates a lot of noise... how can i handle this exception?

fubar-coder commented 4 years ago

TBH: I don't have a good idea besides explicitly checking for a given exception, but it seems that - in your case - the client timed out and closed the connection. I'll have to take a look if I can improve the situation.