Niklas
The current FTPSTrustManager implementation is a little bit sketchy -
maybe we could default to a more comprehensive validity check. I have
added the facility to plug in a custom trust manager to the FTPSClient,
as follows:
FTPSClient client = new FTPSClient();
client.setTrustManager(new X509TrustManager() {
public void checkClientTrusted(X509Certificate[] chain,
String authType) throws CertificateException {
...
}
public void checkServerTrusted(X509Certificate[] chain,
String authType) throws CertificateException {
...
}
public X509Certificate[] getAcceptedIssuers() {
...
}
});
Thanks for the patch, by the way.
Cheers
Rory
Niklas Gustavsson wrote:
Hi
I'm trying to create tests for client authentication for Apache
FtpServer. For this I'm using commons-net as the client but is running
into problems with the client auth support in FTPSClient. I'm setting
setNeedClientAuth(true) but still get problems due to FTPSClient
sending a null certificate chain. How should I set up my keystore so
that FTPSClient finds it and can use it to send the correct
certificate to the server for authentication? I've tried with the
javax.net.ssl.keyStore system property but to no avail.
Also, if I understand the current implementation of FTPSClient and
FTPSTrustManager. From what I can understand, the implementation only
checks if the service certificate is valid, not if it's trusted. Is
this correct? If so, this would probably be a security issue in that a
fake server serving up any valid certificate would be trusted by the
client. Is this the intended behavior?
/niklas
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
