[jira] [Created] (NET-723) FTPSClient cannot transfer files to FileZilla Server 1.7.2

["Tobin Stelling (Jira)" <ji...@apache.org>]

Tobin Stelling created NET-723:
----------------------------------

             Summary: FTPSClient cannot transfer files to FileZilla Server 1.7.2
                 Key: NET-723
                 URL: https://issues.apache.org/jira/browse/NET-723
             Project: Commons Net
          Issue Type: Bug
          Components: FTP
    Affects Versions: 3.9.0
            Reporter: Tobin Stelling


The FTPSClient in the commons-net library cannot transfer files over an FPTS connection to FileZilla Server v1.7.2.

 

To reproduce, install FileZilla Server v1.7.2. Set Minimum Allows TLS version to 1.2. Use a self signed cert. Configure listener ports as necessary.

 

Write a small Java program to that uses FTPSClient to connect to your FileZilla server.

 
{code:java}
FTPSClient ftpsClient = new FTPSClient();
ftpsClient.connect(hostname, port);
ftpsClient.parsePBSZ(0L);
ftpsClient.execPROT("P");
ftpsClient.login(username,password);
ftpsClient.enterLocalPassiveMode();
ftpsClient.storeFile(file.getFileName().toString(), inputStream);
{code}
 

The storeFile operation fails with "java.net.SocketException: Broken pipe".

The FileZilla Server logs report this error:
{code:java}
2023-07-12T12:33:25.852Z !! [FTP Session 3 127.0.0.1 tstellin] TLS session of data connection not resumed.
2023-07-12T12:33:25.852Z << [FTP Session 3 127.0.0.1 tstellin] 425 Unable to build data connection: TLS session of data connection not resumed.{code}
 

I found a work-around that extends FTPSClient and overrides _prepareDataSocket_(Socket). You tie the TLS session from the control connection to the data connection. Unfortunately it uses reflection to get at private fields in SSLSessionContext, so it feels like a hack.

This ticket requests that FPSClient be upgraded to re-use the TLS session from the control connection in the data connection.

 



--
This message was sent by Atlassian Jira
(v8.20.10#820010)