sebb <sebbaz <at> gmail.com> writes: > > On 28 February 2013 20:04, Mads Lindstrøm <mads.lindstroem <at> gmail.com> wrote: > > Hi > > > > I have implemented an application using > > org.apache.commons.net.ftp.FTPSClient. The application connects to the FTPS > > server and everything works fine, except that FTPSClient connects to the > > FTPS server both when I use the hostname and when I use an IP adresss. That > > is when I connect with FTPSClient.connect(<hostname>) it connects fine. And > > when I connect with FTPSClient.connect(<IP address>) it connects fine. This > > is wrong, as it means no hostname verification is going on. That is, the > > server certificate common name does not have to be equal to the hostname. > > It's not clear to me what you think is wrong. > > Are you saying that it should reject connections by IP address?
I would expect it to. If FTPSClient performs hostname verification (checking that a certificate common name = hostname) how can it accepts connections by IP address? I also tried adding: foobar <an IP address> to my hosts file and then I could also connect using "foobar" as hostname. The server certificate do not have "foobar" as common name. > > Or are you saying that the server certificate common name is different > from the hostname you are using, yet the connection is still accepted? I am saying both. Well, now that I mentioned the "foobar" example I am saying both. Regards, Mads Lindstrøm --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
