[jira] [Commented] (NET-448) Self signed cert or ca not installed on client but FTPS still works

Mon, 05 Mar 2012 06:06:24 -0800 

    [ 
https://issues.apache.org/jira/browse/NET-448?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13222360#comment-13222360
 ] 

Deepak Pant commented on NET-448:
---------------------------------

Thanks. If I do FTPSClient.setTrustManager(null) then I get following 
exception. So if I really want, I can provide my own implementation of 
X509TrustManager class, which will write some additional code in 
checkServerTrusted() method. Besides calling X509Certificate.checkValidity(), 
it can also do checks for self signed cert authority etc.

===
javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: 
No X509TrustManager implementation available

        at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA12275)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
        at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA12275)
        at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA12275)
===
                
> Self signed cert or ca not installed on client but FTPS still works
> -------------------------------------------------------------------
>
>                 Key: NET-448
>                 URL: https://issues.apache.org/jira/browse/NET-448
>             Project: Commons Net
>          Issue Type: Bug
>          Components: FTP
>    Affects Versions: 2.0, 3.1
>         Environment: client: Windows SP sp4, jdk 1.6.0_24
> server: Linux 2.6.32-220.4.2.el6.i686 running vsFTPd 2.2.2
> apache lib: commons-net-2.0.jar or commons-net-3.1.jar or 
> commons-net-2.0-jdk14.jar (from zehon)
>            Reporter: Deepak Pant
>            Priority: Trivial
>
> I am using vsftpd ftp server on centos with our own self signed root ca 
> certificate.
> I have not installed the self signed root certificate on the client machine. 
> Neither am I setting the Trust Manager on the FTPSClient object, using 
> X509TrustManager instance pointing to my physical cert file.
> But I am still able to use the FTPSClient bundled in any of the following jar 
> file and send/receive the files.
> commons-net-2.0.jar 
> commons-net-3.1.jar 
> commons-net-2.0-jdk14.jar (from zehon)
> I was expecting that I will have to either install the self signed root ca on 
> the client machine Or set Trust Manager etc.
> Can you please explain the behavior? 

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to