FTPS Specify hostkey Feature add

[visch]

I have an FTPS server I'm trying to connect to, but it has an expired cert. I'd like to specify the host key I expect the server to have when I connect to it so I can make this work without waiting on the vendor to update the cert (yes there will be a seperate conversation here).

I don't see a way to specify a hostkey.

With winscp I'd run something like open ftps://username:password@IP -hostkey="df:73:83:3d:62:3c:86:30:d3:92:dk:c6:34:23:22:dd:00:73:cd:5a"

Is there a way to do this now or do we need to add a feature? Thank you!

[lurch]

I had a look at the FTPFS code and it looks like it uses https://docs.python.org/3/library/ftplib.html#ftplib.FTP_TLS under the hood.

Seems like there's no built-in support in FTPFS yet for what you're asking for, and (personally) I don't know enough about SSL/TLS to know whether what you're asking for would be easy to add?

[visch]

I had a look at the FTPFS code and it looks like it uses https://docs.python.org/3/library/ftplib.html#ftplib.FTP_TLS under the hood.

Seems like there's no built-in support in FTPFS yet for what you're asking for, and (personally) I don't know enough about SSL/TLS to know whether what you're asking for would be easy to add?

Did a little digging into FTPLIB which uses https://docs.python.org/3/library/ssl.html#ssl.SSLContext

Looks like you can accomplish this by setting up pythons certs yourself as well https://stackoverflow.com/questions/39356413/how-to-add-a-custom-ca-root-certificate-to-the-ca-store-used-by-pip-in-windows . Not sure if we'd want to offer an option to provide this directly as a feature for ftps as it'd take some work (maybe someone's done it already somewhere I wouldn't be surprised)