You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@commons.apache.org by "Gary D. Gregory (Jira)" <ji...@apache.org> on 2020/09/23 20:33:00 UTC
[jira] [Comment Edited] (NET-688) FTPSClient converts hostname to
IP, making hostname verification difficult
[ https://issues.apache.org/jira/browse/NET-688?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17201015#comment-17201015 ]
Gary D. Gregory edited comment on NET-688 at 9/23/20, 8:32 PM:
---------------------------------------------------------------
May you provide a PR with a test on GitHub? You can expand on or create a new test based on the existing {{FTPSClientTest}}.
was (Author: garydgregory):
May you provide a PR with a test on GitHub. You can expand on or create a new test based on the existing {{FTPSClientTest}}.
> FTPSClient converts hostname to IP, making hostname verification difficult
> --------------------------------------------------------------------------
>
> Key: NET-688
> URL: https://issues.apache.org/jira/browse/NET-688
> Project: Commons Net
> Issue Type: Bug
> Components: FTP
> Affects Versions: 3.7
> Reporter: Dave Nice
> Priority: Major
>
> Related to NET-593, FTPS converts the provided hostname into an IP address before attempting the connection.
>
> This means that a registered hostname verifier gets passed the IP address, instead of the hostname, and is likely to fail.
>
> I believe the issue is in FTPSClient.java, in sslNegotiation.
>
> at line 294 we call the hostnameverifier, but using socket.getInetAddress().getHostAddress() - this will return us the IP address of the socket. The certificate presented by the server will almost certainly not have the IP address as a valid name and therefore hostname verification will likely fail.
>
> We ought to use the hostname the user provided, if possible.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)