It would be easier from here if you could provide a failing test case for the behavior you expect as a patch in Jira or a PR on GitHub.
Gary On Thu, Apr 27, 2023, 06:59 Elric V <elri...@melnib.one> wrote: > Hi there, > > I'm a bit stumped by strange observed behaviour, which I will try to > describe, and hopefully someone else can help make sense of this. > > Server: proftpd with TLS enabled (TLSRequired on). > Certificate: self signed garbage. > Client: FTPSClient in Explicit mode. > > Oddly enough, when I connect with commons-net FTPSClient, it connects > without complaining about the obviously self signed certificate. The > server logs tell me that this is happening over TLS. > > The certificate is not in my keystore/truststore. And to make completely > sure of that, I retested with a freshly generated one and was still able > to connect. > > Other clients, such as Filezilla, alert me of the certificate and ask me > whether or not I want to continue connecting. > > I've been trying to debug the mess that is Java's > TrustManager/SSLContext for half a day now, and I still can't figure out > why this is happening. > > My best guess is that the certificate is *not* being validated, because > the connection is upgraded (explicit mode) from clear to encrypted using > the FTPS AUTH command. But that's only a guess, and I'm unsure whether > that's a commons-net issue or a JDK issue or whatever. > > Could someone be so kind sa to point me in the right direction? > > Many thanks, > > Elric > > --------------------------------------------------------------------- > To unsubscribe, e-mail: user-unsubscr...@commons.apache.org > For additional commands, e-mail: user-h...@commons.apache.org > >