[jira] [Commented] (NET-448) Self signed cert or ca not installed on client but FTPS still works

Mon, 05 Mar 2012 08:32:24 -0800 

    [ 
https://issues.apache.org/jira/browse/NET-448?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13222437#comment-13222437
 ] 

Sebb commented on NET-448:
--------------------------

I get the response shown below when using the FTP client example to connect to 
Apache FTP server with a local certificate and using TrustManager = none.

Perhaps the different result is because of the certificate I'm using.

Without the "-T none", the command logs in OK.

{noformat}
set CLASSPATH=commons-net-examples-3.1.jar;commons-net-3.1.jar
java examples/ftp/FTPClientExample -l -p true -T none localhost:990 anonymous 
password
{noformat}

{noformat}
Could not connect to server.
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: 
PKIX path building failed: 
sun.security.provider.certpath.SunCertPathBuilderException: una
ble to find valid certification path to requested target
        at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
        at 
com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1731)
        at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:241)
        at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:235)
        at 
com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1206)
        at 
com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:136)
        at 
com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:593)
        at 
com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:529)
        at 
com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:925)
        at 
com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1170)
        at 
com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1197)
        at 
com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1181)
        at 
org.apache.commons.net.ftp.FTPSClient.sslNegotiation(FTPSClient.java:265)
        at 
org.apache.commons.net.ftp.FTPSClient._connectAction_(FTPSClient.java:201)
        at org.apache.commons.net.SocketClient.connect(SocketClient.java:172)
        at org.apache.commons.net.SocketClient.connect(SocketClient.java:192)
        at examples.ftp.FTPClientExample.main(FTPClientExample.java:249)
Caused by: sun.security.validator.ValidatorException: PKIX path building 
failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to 
find valid certific
ation path to requested target
        at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:323)
        at 
sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:217)
        at sun.security.validator.Validator.validate(Validator.java:218)
        at 
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
        at 
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)
        at 
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249)
        at 
com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1185)
        ... 12 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable 
to find valid certification path to requested target
        at 
sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:174)
        at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238)
        at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:318)
        ... 18 more
{noformat}
                
> Self signed cert or ca not installed on client but FTPS still works
> -------------------------------------------------------------------
>
>                 Key: NET-448
>                 URL: https://issues.apache.org/jira/browse/NET-448
>             Project: Commons Net
>          Issue Type: Bug
>          Components: FTP
>    Affects Versions: 2.0, 3.1
>         Environment: client: Windows SP sp4, jdk 1.6.0_24
> server: Linux 2.6.32-220.4.2.el6.i686 running vsFTPd 2.2.2
> apache lib: commons-net-2.0.jar or commons-net-3.1.jar or 
> commons-net-2.0-jdk14.jar (from zehon)
>            Reporter: Deepak Pant
>            Priority: Trivial
>
> I am using vsftpd ftp server on centos with our own self signed root ca 
> certificate.
> I have not installed the self signed root certificate on the client machine. 
> Neither am I setting the Trust Manager on the FTPSClient object, using 
> X509TrustManager instance pointing to my physical cert file.
> But I am still able to use the FTPSClient bundled in any of the following jar 
> file and send/receive the files.
> commons-net-2.0.jar 
> commons-net-3.1.jar 
> commons-net-2.0-jdk14.jar (from zehon)
> I was expecting that I will have to either install the self signed root ca on 
> the client machine Or set Trust Manager etc.
> Can you please explain the behavior? 

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to