[jira] [Commented] (NET-448) Self signed cert or ca not installed on client but FTPS still works

Sat, 03 Mar 2012 03:29:22 -0800 

    [ 
https://issues.apache.org/jira/browse/NET-448?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13221557#comment-13221557
 ] 

Bogdan Drozdowski commented on NET-448:
---------------------------------------

The current default TrustManager of the FTPSClient only checks if the 
certificate's dates are valid (if the current date not eariler then the 
certificate's "valid from" date and not later than the certificate's "valid 
till" date). It doesn't check the certificate's chain, domains or issuers. 
Currently, you need to install your own TrustManager (perhaps use a default 
provided by the JRE, if any) to do that.
                
> Self signed cert or ca not installed on client but FTPS still works
> -------------------------------------------------------------------
>
>                 Key: NET-448
>                 URL: https://issues.apache.org/jira/browse/NET-448
>             Project: Commons Net
>          Issue Type: Bug
>          Components: FTP
>    Affects Versions: 2.0, 3.1
>         Environment: client: Windows SP sp4, jdk 1.6.0_24
> server: Linux 2.6.32-220.4.2.el6.i686 running vsFTPd 2.2.2
> apache lib: commons-net-2.0.jar or commons-net-3.1.jar or 
> commons-net-2.0-jdk14.jar (from zehon)
>            Reporter: Deepak Pant
>            Priority: Trivial
>
> I am using vsftpd ftp server on centos with our own self signed root ca 
> certificate.
> I have not installed the self signed root certificate on the client machine. 
> Neither am I setting the Trust Manager on the FTPSClient object, using 
> X509TrustManager instance pointing to my physical cert file.
> But I am still able to use the FTPSClient bundled in any of the following jar 
> file and send/receive the files.
> commons-net-2.0.jar 
> commons-net-3.1.jar 
> commons-net-2.0-jdk14.jar (from zehon)
> I was expecting that I will have to either install the self signed root ca on 
> the client machine Or set Trust Manager etc.
> Can you please explain the behavior? 

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to