You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@mina.apache.org by "Niklas Gustavsson (JIRA)" <ji...@apache.org> on 2008/08/13 21:32:44 UTC
[jira] Closed: (FTPSERVER-154) Do not allow AUTH on an already
secured session
[ https://issues.apache.org/jira/browse/FTPSERVER-154?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Niklas Gustavsson closed FTPSERVER-154.
---------------------------------------
Resolution: Fixed
Fixed, we now return 534 on a reissued AUTH
svn commit "/media/big/home/svn/apache/ftpserver-trunk/core" -m "Crappy implementation of isSecure on the control socket as it only checked for the session base SSL filter (FTPSERVER-149). Same (but opposite) problem for getClientCertificates() (FTPSERVER-151). Also, we should not allow AUTH to be issued on an already secure session or trouble will occur (multiple SSL filters) (FTPSERVER-154) All three fixed and tests added." --username "ngn"
M /media/big/home/svn/apache/ftpserver-trunk/core/src/main/java/org/apache/ftpserver/command/AUTH.java
M /media/big/home/svn/apache/ftpserver-trunk/core/src/main/java/org/apache/ftpserver/interfaces/FtpIoSession.java
M /media/big/home/svn/apache/ftpserver-trunk/core/src/main/resources/org/apache/ftpserver/message/FtpStatus.properties
M /media/big/home/svn/apache/ftpserver-trunk/core/src/test/java/org/apache/ftpserver/ssl/ExplicitSecurityTestTemplate.java
M /media/big/home/svn/apache/ftpserver-trunk/core/src/test/java/org/apache/ftpserver/ssl/MinaClientAuthTest.java
Transmitting file data: /media/big/home/svn/apache/ftpserver-trunk/core/src/main/java/org/apache/ftpserver/command/AUTH.java
Transmitting file data: /media/big/home/svn/apache/ftpserver-trunk/core/src/main/java/org/apache/ftpserver/interfaces/FtpIoSession.java
Transmitting file data: /media/big/home/svn/apache/ftpserver-trunk/core/src/main/resources/org/apache/ftpserver/message/FtpStatus.properties
Transmitting file data: /media/big/home/svn/apache/ftpserver-trunk/core/src/test/java/org/apache/ftpserver/ssl/ExplicitSecurityTestTemplate.java
Transmitting file data: /media/big/home/svn/apache/ftpserver-trunk/core/src/test/java/org/apache/ftpserver/ssl/MinaClientAuthTest.java
Committed revision 685647
> Do not allow AUTH on an already secured session
> -----------------------------------------------
>
> Key: FTPSERVER-154
> URL: https://issues.apache.org/jira/browse/FTPSERVER-154
> Project: FtpServer
> Issue Type: Bug
> Components: Core
> Affects Versions: 1.0-M2
> Reporter: Niklas Gustavsson
> Assignee: Niklas Gustavsson
> Fix For: 1.0-M3
>
>
> If a client send an AUTH on an already secured session (either due to an earlier AUTH or an implicit secured socket) we should ignore the AUTH.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.