You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@commons.apache.org by "Gary D. Gregory (Jira)" <ji...@apache.org> on 2020/10/29 00:33:00 UTC
[jira] [Resolved] (NET-688) FTPSClient converts hostname to IP,
making hostname verification difficult
[ https://issues.apache.org/jira/browse/NET-688?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Gary D. Gregory resolved NET-688.
---------------------------------
Fix Version/s: 3.7.2
Resolution: Fixed
> FTPSClient converts hostname to IP, making hostname verification difficult
> --------------------------------------------------------------------------
>
> Key: NET-688
> URL: https://issues.apache.org/jira/browse/NET-688
> Project: Commons Net
> Issue Type: Bug
> Components: FTP
> Affects Versions: 3.7
> Reporter: Dave Nice
> Priority: Major
> Fix For: 3.7.2
>
>
> Related to NET-593, FTPS converts the provided hostname into an IP address before attempting the connection.
>
> This means that a registered hostname verifier gets passed the IP address, instead of the hostname, and is likely to fail.
>
> I believe the issue is in FTPSClient.java, in sslNegotiation.
>
> at line 294 we call the hostnameverifier, but using socket.getInetAddress().getHostAddress() - this will return us the IP address of the socket. The certificate presented by the server will almost certainly not have the IP address as a valid name and therefore hostname verification will likely fail.
>
> We ought to use the hostname the user provided, if possible.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)