Niklas Gustavsson wrote:
Rory Winston wrote:
Susanne
It may be possible that there is a bug in the FTPSClient impl - can
you post a transcript of the FTP commands and responses sent over the
wire?
I've now tested this with FtpServer and I think I got a clue as to what
is going on. But, I would like to confirm my suspicions with you :-) I'm
CCing the FtpServer list on the discussion.
When using the PROT P command in active mode, the FTP server will try to
connect using SSL to the client. In this case the server acts as the SSL
client. However, this seems to fail and we get a cleartext data
connection. My feeling is that this is because the commons-net
SSLContext does not set a keystore it can't act as a SSL server.
However, I haven't tested patching FTPSClient yet so I'm not sure.
If I run in passive mode (where the FTPSClient will act as a SSL client
and FtpServer as a SSL server also for the data connection) everything
seems to work as expected.
You can find my simple test case here:
http://svn.apache.org/repos/asf/incubator/ftpserver/ssl-tests/trunk/src/test/org/apache/ftpserver/ssl/DataConnectionTest.java
Note that this tests differs from what Susanne described as I get a into
problems on a single STOR. This might be because I have some basic
misconfiguration, is so feel free to point me the right way :-)
With some additional testing I was able to get everything to work. Not
sure if it's the optimal solution but anyways, here's how I did it.
The FTPSClient needs the have a SSL enabled ServerSocketFactory set, e.g.:
client.setServerSocketFactory(SSLServerSocketFactory.getDefault());
Since we're now using the standard SSL socket implementation, it will
look the the regular system properties for the key and trust stores. So
I created a keystore for the client, containing a key pair for the
client and I then imported the certificate for the server (exported from
the server keystore). I then set the system properties and everything
now seems to works as expected.
The test case referred to above as been updated with these fixes.
I should also say that I got this working within my Eclipse environment,
not yet in the Maven build. Still not sure why but I'm looking into it.
/niklas
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]