Dave Nice created NET-688:
-----------------------------
Summary: FTPSClient converts hostname to IP, making hostname
verification difficult
Key: NET-688
URL: https://issues.apache.org/jira/browse/NET-688
Project: Commons Net
Issue Type: Bug
Components: FTP
Affects Versions: 3.7
Reporter: Dave Nice
Related to NET-593, FTPS converts the provided hostname into an IP address
before attempting the connection.
This means that a registered hostname verifier gets passed the IP address,
instead of the hostname, and is likely to fail.
I believe the issue is in FTPSClient.java, in sslNegotiation.
at line 294 we call the hostnameverifier, but using
socket.getInetAddress().getHostAddress() - this will return us the IP address
of the socket. The certificate presented by the server will almost certainly
not have the IP address as a valid name and therefore hostname verification
will likely fail.
We ought to use the hostname the user provided, if possible.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
