Enhanced FTP TLS Diagnostics and Expired Certificate Handling

Chilkat v11.5.0 adds two new features to help diagnose and manage TLS certificate issues when connecting to FTP servers.

GetLastJsonData Added to Ftp2

The Ftp2 class now includes a GetLastJsonData method, similar to the method already available in many other Chilkat classes. After establishing a connection, GetLastJsonData can be used to retrieve detailed information about the TLS handshake and server certificate validation process.

For example:

{
  "tls": {
    "params": {
      "sniHostname": "ftp.example.com",
      "allowConnectionOnlyIfServerChooses": "SSL 3.0 or higher"
    },
    "negotiatedTlsVersion": "TLS 1.3",
    "server_cert_validation": {
      "cert": [
        {
          "subject_dn": "..."
        }
      ],
      "fail_reason": "Certificate is expired.",
      "failed_cert": "...",
      "validated": false
    }
  }
}

This information provides visibility into:

The SNI hostname used for the connection.
TLS negotiation parameters.
The TLS version negotiated with the server.
The complete certificate validation result.
The exact reason certificate validation failed.

In particular, the tls.server_cert_validation.fail_reason field makes it easy to determine why a connection failed. Instead of only knowing that validation was unsuccessful, applications can now identify the specific cause, such as an expired certificate, hostname mismatch, untrusted issuer, or other validation errors.

Applications can examine the returned JSON using the JsonObject class and extract any desired information, including details about the server certificate chain.

AllowExpiredServerCerts Option

A new AllowExpiredServerCerts keyword has been added to the UncommonOptions property.

When this keyword is present, Chilkat will allow connections to servers whose certificates have expired. This can be useful when working with legacy systems, internal servers, or test environments where certificate expiration is known and acceptable.

For example:

ftp.UncommonOptions = "AllowExpiredServerCerts";

When enabled, certificate expiration alone will not prevent the TLS connection from succeeding.