You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@commons.apache.org by "srikanth k.m" <km...@gmail.com> on 2009/06/12 16:19:22 UTC

{NET}Question about FTPSClient -Client Authentication

Hi,

I am using commons net 2.0 jar to connect to FTPS server using explicit SSL.
I wanted to perform Client Authentication. I have used setNeedClientAuth()
to initialise to true and initialised the keystore. It doesnt seem to work.

In the code for FTPSClient - sslNegotiation() method , there is a code
snippet

if (!isClientMode) {
            socket.setNeedClientAuth(isNeedClientAuth);
            socket.setWantClientAuth(isWantClientAuth);
        }

I tried setting setUseClientMode() to false..In such a case, my client
starts the SSL handshake as a server and hangs waiting for a ClientHello
command from the server.

My question is:: Is it neccessary to set UseClientMode() to false?? How to
acheive Client Authentication?? . Is it neccessary for the socket to connect
in Server mode for performing client authentication??

Thanks for your response

Srikanth

Re: {NET}Question about FTPSClient -Client Authentication

Posted by Steve Cole <sc...@camsbycbs.com>.

If the server expects you to be the client, which is the likely case, you
need to use client mode. Otherwise, the SSLSocket will not perform the
negotiation correctly. In order for FTPSClient to successfully authenticate
itself, you must set the FTPSClient KeyManager to a KeyManager initialized
with a KeyStore that contains the signed certificate provided to you by the
server's auth authority.

----- Original Message ----- 
From: "srikanth k.m" <km...@gmail.com>
To: <us...@commons.apache.org>
Sent: Friday, June 12, 2009 10:19 AM
Subject: {NET}Question about FTPSClient -Client Authentication


> Hi,
>
> I am using commons net 2.0 jar to connect to FTPS server using explicit
SSL.
> I wanted to perform Client Authentication. I have used setNeedClientAuth()
> to initialise to true and initialised the keystore. It doesnt seem to
work.
>
> In the code for FTPSClient - sslNegotiation() method , there is a code
> snippet
>
> if (!isClientMode) {
>             socket.setNeedClientAuth(isNeedClientAuth);
>             socket.setWantClientAuth(isWantClientAuth);
>         }
>
> I tried setting setUseClientMode() to false..In such a case, my client
> starts the SSL handshake as a server and hangs waiting for a ClientHello
> command from the server.
>
> My question is:: Is it neccessary to set UseClientMode() to false?? How to
> acheive Client Authentication?? . Is it neccessary for the socket to
connect
> in Server mode for performing client authentication??
>
> Thanks for your response
>
> Srikanth
>


---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@commons.apache.org
For additional commands, e-mail: user-help@commons.apache.org