From ccc041ad837f38c084500c2ca4120af396b4cad6 Mon Sep 17 00:00:00 2001
From: Amogh Desai <amoghrajesh1999@gmail.com>
Date: Tue, 19 Mar 2024 00:19:16 +0530
Subject: [PATCH] Add ssl context for verification of certs in FTPS hook
 (#38266)

---
 airflow/providers/ftp/hooks/ftp.py | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/airflow/providers/ftp/hooks/ftp.py b/airflow/providers/ftp/hooks/ftp.py
index 54892da965a972..9f57efd9b66a46 100644
--- a/airflow/providers/ftp/hooks/ftp.py
+++ b/airflow/providers/ftp/hooks/ftp.py
@@ -270,6 +270,8 @@ class FTPSHook(FTPHook):
 
     def get_conn(self) -> ftplib.FTP:
         """Return an FTPS connection object."""
+        import ssl
+
         if self.conn is None:
             params = self.get_connection(self.ftp_conn_id)
             pasv = params.extra_dejson.get("passive", True)
@@ -277,7 +279,9 @@ def get_conn(self) -> ftplib.FTP:
             if params.port:
                 ftplib.FTP_TLS.port = params.port
 
-            self.conn = ftplib.FTP_TLS(params.host, params.login, params.password)  # nosec: B321
+            # Construct FTP_TLS instance with SSL context to allow certificates to be validated by default
+            context = ssl.create_default_context()
+            self.conn = ftplib.FTP_TLS(params.host, params.login, params.password, context=context)  # nosec: B321
             self.conn.set_pasv(pasv)
 
         return self.conn