This is an automated email from the ASF dual-hosted git repository.
potiuk pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/airflow.git
The following commit(s) were added to refs/heads/main by this push:
new a929d142d66 fix the ftp tls (#67946)
a929d142d66 is described below
commit a929d142d667f71dea29c565a7167216a9c30378
Author: Shubham Raj <[email protected]>
AuthorDate: Wed Jun 3 17:13:08 2026 +0530
fix the ftp tls (#67946)
---
providers/ftp/src/airflow/providers/ftp/hooks/ftp.py | 2 ++
providers/ftp/tests/unit/ftp/hooks/test_ftp.py | 8 ++++++++
2 files changed, 10 insertions(+)
diff --git a/providers/ftp/src/airflow/providers/ftp/hooks/ftp.py
b/providers/ftp/src/airflow/providers/ftp/hooks/ftp.py
index 808ed49ac69..922f22637f5 100644
--- a/providers/ftp/src/airflow/providers/ftp/hooks/ftp.py
+++ b/providers/ftp/src/airflow/providers/ftp/hooks/ftp.py
@@ -313,5 +313,7 @@ class FTPSHook(FTPHook):
else:
self.conn = ftplib.FTP_TLS(params.host, params.login,
params.password, context=context) # nosec: B321
self.conn.set_pasv(pasv)
+ # Without prot_p() ftplib transfers file payloads over cleartext
sockets even though the control connection is TLS.
+ self.conn.prot_p()
return self.conn
diff --git a/providers/ftp/tests/unit/ftp/hooks/test_ftp.py
b/providers/ftp/tests/unit/ftp/hooks/test_ftp.py
index 9e4d8ed9f83..0a0fcee183b 100644
--- a/providers/ftp/tests/unit/ftp/hooks/test_ftp.py
+++ b/providers/ftp/tests/unit/ftp/hooks/test_ftp.py
@@ -249,3 +249,11 @@ class TestIntegrationFTPHook:
hook = FTPSHook("ftp_encoding")
hook.get_conn()
assert any(call.kwargs.get("encoding") == "cp1251" for call in
mock_ftp_tls.mock_calls)
+
+ @mock.patch("ftplib.FTP_TLS")
+ def test_ftps_enables_protected_data_channel(self, mock_ftp_tls):
+ from airflow.providers.ftp.hooks.ftp import FTPSHook
+
+ hook = FTPSHook("ftp_passive")
+ conn = hook.get_conn()
+ conn.prot_p.assert_called_once_with()
