how to use FTP SSL c#?

Question

By using following code, My client application is connecting to the Secured FTP Server and pushing file up there successfully. Do you think the following approach is still leaving the security hole by accepting all the certificates. If so, can anybody help me out to pass the specific certificate from client i have on FTP server.

 public bool UploadFile(string FileName)
        {
            string ftpServerIP = FTPServer;
            string ftpUserID = FTPUser;
            string ftpPassword = FTPPwd;
            FileInfo fileInf = new FileInfo(FileName);
            string uri = "ftp://" + ftpServerIP + "/" + fileInf.Name;
            FtpWebRequest reqFTP;

            // Create FtpWebRequest object from the Uri provided
            reqFTP = (FtpWebRequest)FtpWebRequest.Create(uri); //new Uri("ftp://" + ftpServerIP + DestinationFolder + fileInf.Name));

            //Enable SSL
            reqFTP.EnableSsl = true;

            // Provide the WebPermission Credintials
            reqFTP.Credentials = new NetworkCredential(ftpUserID, ftpPassword);

            // By default KeepAlive is true, where the control connection is not closed after a command is executed.
            reqFTP.KeepAlive = false;

            //reqFTP.UsePassive = true;

            // Specify the command to be executed.
            reqFTP.Method = WebRequestMethods.Ftp.UploadFile;

            //SSL Certificate
            ServicePointManager.ServerCertificateValidationCallback = new System.Net.Security.RemoteCertificateValidationCallback(AcceptAllCertifications);

            // Specify the data transfer type.
            reqFTP.UseBinary = true;

            // Notify the server about the size of the uploaded file
            reqFTP.ContentLength = fileInf.Length;

            // The buffer size is set to 2kb
            int buffLength = 2048;
            byte[] buff = new byte[buffLength];
            int contentLen;

            // Opens a file stream (System.IO.FileStream) to read the file to be uploaded
            FileStream fs = fileInf.OpenRead();
            try
            {
                // Stream to which the file to be upload is written
                Stream strm = reqFTP.GetRequestStream();

                // Read from the file stream 2kb at a time
                contentLen = fs.Read(buff, 0, buffLength);

                // Till Stream content ends
                while (contentLen != 0)
                {
                    // Write Content from the file stream to the FTP Upload Stream
                    strm.Write(buff, 0, contentLen);
                    contentLen = fs.Read(buff, 0, buffLength);
                }

                // Close the file stream and the Request Stream
                strm.Close();
                fs.Close();
                return true;
            }
            catch (Exception ex)
            {
                return false;
            }

        }

public bool AcceptAllCertifications(object sender, System.Security.Cryptography.X509Certificates.X509Certificate certification, System.Security.Cryptography.X509Certificates.X509Chain chain, System.Net.Security.SslPolicyErrors sslPolicyErrors)
        {

            return true;
        }

Answer 1

One suggestion is to look at ServicePointManager.ServerCertificateValidationCallback

Here is a blog posting that addresses Secure FTP and utilizes this method

Answer 2

If you trust the FTP server you're uploading your data to, then I don't see any real problems with bypassing the server certificate validation. However, If you want to validate the server certificate from the FTP server, then refer to the link that curtisk posted that contains an example on how to validate a server certificate.