(Objective-C) Verify FTP SSL Server Certificate

This example demonstrates how to verify the FTP server's certificate and authenticity. The intent is to verify the authenticity of the server before passing a login/password to it.

Note: This example requires Chilkat v11.0.0 or greater.

Chilkat Objective-C Library Downloads MAC OS X (Cocoa) Libs iOS Libs

#import <CkoFtp2.h>
#import <CkoCert.h>

BOOL success = NO;

// This example requires the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.

CkoFtp2 *ftp = [[CkoFtp2 alloc] init];

ftp.Hostname = @"ftp.myftpserver.com";
ftp.Username = @"myUsername";
ftp.Password = @"myPassword";

// Establish an AUTH SSL secure channel after connection
// on the standard FTP port 21.
ftp.AuthSsl = YES;

// The Ssl property is for establishing an implicit SSL connection
// on port 990.  Do not set it.
ftp.Ssl = NO;

// Indicate that the FTP server must have a verifiable SSL certificate.
// Do not accept self-signed certs or certificates that are
// expired, revoked, or cannot be verified to a root authority:
ftp.RequireSslCertVerify = YES;

// You may also set a requirement.  In this example,
// the certificate's Common Name (CN) must match the
// required string exactly:
[ftp SetSslCertRequirement: @"subjectcn" value: @"Chilkat Software, Inc."];

// Connect and login to the FTP server.
success = [ftp Connect];
if (success == NO) {
    NSLog(@"%@",ftp.LastErrorText);
    return;
}

// After logging on, you may examine the FTP server's cert:
CkoCert *cert = [[CkoCert alloc] init];
success = [ftp GetServerCert: cert];
if (success == NO) {
    NSLog(@"%@",@"No server certificate!");
}
else {
    // Display the distinguished name of the SSL cert.
    NSLog(@"%@",cert.SubjectDN);
}

NSLog(@"%@",@"Secure FTP Channel Established!");

// Do whatever you're doing to do ...
// upload files, download files, etc...

success = [ftp Disconnect];