You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@mina.apache.org by "Niklas Gustavsson (JIRA)" <ji...@apache.org> on 2008/08/13 21:24:44 UTC

[jira] Created: (FTPSERVER-154) Do not allow AUTH on an already secured session

Do not allow AUTH on an already secured session
-----------------------------------------------

                 Key: FTPSERVER-154
                 URL: https://issues.apache.org/jira/browse/FTPSERVER-154
             Project: FtpServer
          Issue Type: Bug
          Components: Core
    Affects Versions: 1.0-M2
            Reporter: Niklas Gustavsson
            Assignee: Niklas Gustavsson
             Fix For: 1.0-M3


If a client send an AUTH on an already secured session (either due to an earlier AUTH or an implicit secured socket) we should ignore the AUTH. 

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Closed: (FTPSERVER-154) Do not allow AUTH on an already secured session

Posted by "Niklas Gustavsson (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/FTPSERVER-154?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Niklas Gustavsson closed FTPSERVER-154.
---------------------------------------

    Resolution: Fixed

Fixed, we now return 534 on a reissued AUTH

svn commit "/media/big/home/svn/apache/ftpserver-trunk/core" -m "Crappy implementation of isSecure on the control socket as it only checked for the session base SSL filter  (FTPSERVER-149). Same (but opposite) problem for getClientCertificates() (FTPSERVER-151). Also, we should not allow AUTH to be issued on an already secure session or trouble will occur (multiple SSL filters) (FTPSERVER-154) All three fixed and tests added." --username "ngn"
	M /media/big/home/svn/apache/ftpserver-trunk/core/src/main/java/org/apache/ftpserver/command/AUTH.java
	M /media/big/home/svn/apache/ftpserver-trunk/core/src/main/java/org/apache/ftpserver/interfaces/FtpIoSession.java
	M /media/big/home/svn/apache/ftpserver-trunk/core/src/main/resources/org/apache/ftpserver/message/FtpStatus.properties
	M /media/big/home/svn/apache/ftpserver-trunk/core/src/test/java/org/apache/ftpserver/ssl/ExplicitSecurityTestTemplate.java
	M /media/big/home/svn/apache/ftpserver-trunk/core/src/test/java/org/apache/ftpserver/ssl/MinaClientAuthTest.java
	  Transmitting file data: /media/big/home/svn/apache/ftpserver-trunk/core/src/main/java/org/apache/ftpserver/command/AUTH.java
	  Transmitting file data: /media/big/home/svn/apache/ftpserver-trunk/core/src/main/java/org/apache/ftpserver/interfaces/FtpIoSession.java
	  Transmitting file data: /media/big/home/svn/apache/ftpserver-trunk/core/src/main/resources/org/apache/ftpserver/message/FtpStatus.properties
	  Transmitting file data: /media/big/home/svn/apache/ftpserver-trunk/core/src/test/java/org/apache/ftpserver/ssl/ExplicitSecurityTestTemplate.java
	  Transmitting file data: /media/big/home/svn/apache/ftpserver-trunk/core/src/test/java/org/apache/ftpserver/ssl/MinaClientAuthTest.java
Committed revision 685647

> Do not allow AUTH on an already secured session
> -----------------------------------------------
>
>                 Key: FTPSERVER-154
>                 URL: https://issues.apache.org/jira/browse/FTPSERVER-154
>             Project: FtpServer
>          Issue Type: Bug
>          Components: Core
>    Affects Versions: 1.0-M2
>            Reporter: Niklas Gustavsson
>            Assignee: Niklas Gustavsson
>             Fix For: 1.0-M3
>
>
> If a client send an AUTH on an already secured session (either due to an earlier AUTH or an implicit secured socket) we should ignore the AUTH. 

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.