You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@mina.apache.org by "Niklas Gustavsson (JIRA)" <ji...@apache.org> on 2008/11/06 20:18:46 UTC
[jira] Commented: (FTPSERVER-215) Secured data channel in active
mode would require the server to have a public certificate for every
client.
[ https://issues.apache.org/jira/browse/FTPSERVER-215?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12645546#action_12645546 ]
Niklas Gustavsson commented on FTPSERVER-215:
---------------------------------------------
> Secured data channel in active mode would require the server to have a public certificate for every client.
This is not true, it would be verified against the signer, which might very well be a known CA certificate (like Verisign)
> To my mind, when we are not checking the client certificate we shouldn't check it in Active data connections either. So we should provide our own TrustManager for this.
I do however think this makes sense, could you provide a patch?
> Secured data channel in active mode would require the server to have a public certificate for every client.
> -----------------------------------------------------------------------------------------------------------
>
> Key: FTPSERVER-215
> URL: https://issues.apache.org/jira/browse/FTPSERVER-215
> Project: FtpServer
> Issue Type: Improvement
> Components: Core
> Affects Versions: 1.0-M1, 1.0-M2, 1.0-M3, 1.0-M4
> Reporter: David Latorre
> Fix For: 1.0-M4
>
>
> In "active mode" , the FtpServer itself will try to open a connection to a client-reported host and port.
> In this case, if we were using a SSL connection, the server opens a connection to the client so it will receive the client's public certificate and will try and check it against its TrustStore.
> To my mind, when we are not checking the client certificate we shouldn't check it in Active data connections either. So we should provide our own TrustManager for this.
>
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.