Mads >keytool -printcert -v -file CertificateIssuedByVerisignToVolvo.cer Owner: O=Nokia Issuer=Versign
If FTPSclient certificate hostname verification accepts any hostname other than the owner while you are attempting SSL transmission to Nokia then the "certificate hostname verification" is not working If this is case please file JIRA for "certificate hostname verification enhancement" https://issues.apache.org/jira/browse/NET In the meanwhile 1)request VPN access to the client which you can pass credentials with provided certificate 2)ssh with provided certificate the validation of the provided cert will get you behind the firewall..in which case you will be able to execute ftp, scp,rcp Tak, Martin- ------------------------------------------------ Verzicht und Vertraulichkeitanmerkung/Note de déni et de confidentialité Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen. Ce message est confidentiel et peut être privilégié. Si vous n'êtes pas le destinataire prévu, nous te demandons avec bonté que pour satisfaire informez l'expéditeur. N'importe quelle diffusion non autorisée ou la copie de ceci est interdite. Ce message sert à l'information seulement et n'aura pas n'importe quel effet légalement obligatoire. Étant donné que les email peuvent facilement être sujets à la manipulation, nous ne pouvons accepter aucune responsabilité pour le contenu fourni. > To: [email protected] > From: [email protected] > Subject: Re: [net] Hostname verification with FTPSClient > Date: Fri, 1 Mar 2013 09:09:48 +0000 > > sebb <sebbaz <at> gmail.com> writes: > > > > > On 28 February 2013 20:04, Mads Lindstrøm <mads.lindstroem <at> gmail.com> > wrote: > > > Hi > > > > > > I have implemented an application using > > > org.apache.commons.net.ftp.FTPSClient. The application connects to the > > > FTPS > > > server and everything works fine, except that FTPSClient connects to the > > > FTPS server both when I use the hostname and when I use an IP adresss. > > > That > > > is when I connect with FTPSClient.connect(<hostname>) it connects fine. > > > And > > > when I connect with FTPSClient.connect(<IP address>) it connects fine. > > > This > > > is wrong, as it means no hostname verification is going on. That is, the > > > server certificate common name does not have to be equal to the hostname. > > > > It's not clear to me what you think is wrong. > > > > Are you saying that it should reject connections by IP address? > > I would expect it to. If FTPSClient performs hostname verification (checking > that a certificate common name = hostname) how can it accepts connections by > IP address? > > I also tried adding: > > foobar <an IP address> > > to my hosts file and then I could also connect using "foobar" as hostname. > The > server certificate do not have "foobar" as common name. > > > > > Or are you saying that the server certificate common name is different > > from the hostname you are using, yet the connection is still accepted? > > I am saying both. Well, now that I mentioned the "foobar" example I am saying > both. > > > Regards, > > Mads Lindstrøm > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] >
