You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@commons.apache.org by "Adam Lynam (JIRA)" <ji...@apache.org> on 2016/12/12 13:17:58 UTC

[jira] [Created] (NET-605) FTPSClient forces IP in SubjectAlternativeNames field for server certificate validation instead of hostname

Adam Lynam created NET-605:
------------------------------

             Summary: FTPSClient forces IP in SubjectAlternativeNames field for server certificate validation instead of hostname
                 Key: NET-605
                 URL: https://issues.apache.org/jira/browse/NET-605
             Project: Commons Net
          Issue Type: Bug
          Components: FTP
    Affects Versions: 3.5
            Reporter: Adam Lynam


We have an FTP Server with a signed certificate, with both CN and SAN DNS entries set to the respective hostname of the machine.

When attempting to connect using FTPSClient, we get java.security.cert.CertificateException: No subject alternative names matching IP address x.x.x.x found. The FTPSClient appears to resolve the IP address and pass that through the SSLSocket where it eventually raises the exception.

While we initially encountered the error against our internal FTP server, we have confirmed the same issue against a public FTP server. ftps://demo:password@test.rebex.net.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)