A couple of things.
You don't set the protection buffer size or the data channel protection which
has to happen immediately after the connection.
client.connect(host, port);
client. execPBSZ(0);
client. .execPROT("P"); // Private
client.login("", "");
client.enterLocalPassiveMode();
for your Passive Mode connection, try the next line. I had this (copied from
the example code), which caused problems for me on external sites. It connects
to the original host using the passive port number.
client. setUseEPSVwithIPv4(true);
>From the Log:
EPSV
229 Entering Passive Mode (|||62110|)
Hope this helps,
Mike...
-----Original Message-----
From: Alex Vb [mailto:[email protected]]
Sent: Friday, January 24, 2014 9:24 AM
To: [email protected]
Subject: [net] FTPS passive data connection not using SSLSocketFactory?
I had an exotic case where an ftps server in the 10.* domain sent back an
inaccessible ip also in the 10.* domain. This posed an issue for both our main
tool (a proprietary third party tool that does not use apache commons) and for
filezilla so I created a small example in commons net. This specific problem
also isn't covered by the code as the NAT fix for passive hostnames only works
if the initial remote address is not site local. I added a boolean to force the
client to use the original host.
FTPSClient client = new FTPSClient(true);
client.setTrustManager(SecurityUtils.createTrustAllManager());
client.setConnectTimeout(timeout * 1000);
// new var
client.forceInitialHostForDataConnection = true;
client.connect(host, port);
client.login("", "");
client.enterLocalPassiveMode();
client.setSoTimeout(timeout * 1000);
FTPFile [] files = client.listFiles();
for (FTPFile file : files)
System.out.println(file.getName());
This worked to create the data connection (in other words, the socket was
successfully connected) but then the data connection simply hang indefinately.
I investigated further and apparantly the socket created for the data
connection was a plain one, not an SSL one. A quick fix to create an SSLSocket
instead of regular Socket fixed the problem. However I would like to do this
cleanly instead of what I have done now but in checking the source code I can't
for the life of me figure out where the SSLSocketFactory is supposed to be set.
The only reference to setting the SSLSocketFactory is in
FTPSClient.execPROT()...which apparently never gets called? Am I supposed to
call it? If so, what value should I use considering it is an implicit
connection?
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]