You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@commons.apache.org by "Charlie (Jira)" <ji...@apache.org> on 2020/10/03 15:19:00 UTC
[jira] [Closed] (NET-689) Hostname is not set on the SSLSocket
causing isEndpointCheckingEnabled to fail
[ https://issues.apache.org/jira/browse/NET-689?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Charlie closed NET-689.
-----------------------
Verified working in 3.7.2-SNAPSHOT 7827f0549526920b91aa2e62d2a1e7682c36e1e7
> Hostname is not set on the SSLSocket causing isEndpointCheckingEnabled to fail
> ------------------------------------------------------------------------------
>
> Key: NET-689
> URL: https://issues.apache.org/jira/browse/NET-689
> Project: Commons Net
> Issue Type: Bug
> Affects Versions: 3.7
> Reporter: Charlie
> Priority: Major
> Fix For: 3.7.2
>
>
> When connecting with ssl to an ftps server, the hostname used to connect to the server is not copied to the SSLSocket, instead the sockets ip address is used. This applies to both with `AUTH TLS` and implicit SSL.
>
> The problem seems to be line 912 in FTPSclient.java:
> {code:java}
> return f.createSocket(socket, socket.getInetAddress().getHostAddress(), socket.getPort(), false);{code}
>
> which forces the new SSLSocket to have the ip address as peer hostname, which makes it impossible to use `isEndpointCheckingEnabled` as the hostname is the ip address, not the hostname that appears in the certificate.
> LFTP [https://lftp.yar.ru/|https://lftp.yar.ru/)] correctly connects to the hostname if the name matches, and disconnects if the name doesn't match the hostname, as does OpenSSL.
> The fix would be very easy. Just change the line into
> {code:java}
> return f.createSocket(socket, _hostname_, socket.getPort(), false);
> {code}
> and it works. I tested this by simply debugging the code
--
This message was sent by Atlassian Jira
(v8.3.4#803005)