Hi, I think now is the time to admit that I do not have much knowledge about SSL/TLS. I tried to implement the implicit and explicit connections based on the different documents and Java APIs. Also I tried to refactor the socket factory and data connection based on my limited knowledge on SSl/TLS. If someone can help us to implement it in a proper way, we shall be grateful.
Thanks in advance Gary. I think you can point us to the right direction. Please help us. Thank you, Rana --- [EMAIL PROTECTED] wrote: > In looking through some of the code, it does appear > that the > TrustManagerFactory (factory which determines > whether client > certificates are valid) is initialized from the same > keystore file that > the KeyManagerFactory (store which contains server > cert) is based from. > So if you put your CA public x509 certificates in > there, it should pick > them up from there. > > One thing that would be good is to allow for a > different SSL > implementation. Though it is an interface (ISsl) > that is implemented by > SSL, there is no way to change the implementation > used. Locally, I've > tried changing FtpSocketFactory to read an > additional ssl-impl element > out of the ssl configuration to use my own LdapSsl > ISsl implementation > that will allow me to specify a separate truststore > file and to also > integrate with an LDAP CertStore for CRL checking. > > I'm still in a work in progress, but will report > back if I can get > client authentication working properly. > > Without any of these changes, I think I did get > client authentication > working, but in that case, I think I had put the > client's certificate > into my keystore file (same one which held my server > certificate). > > Gary > -----Original Message----- > From: Gusti Benawi [mailto:[EMAIL PROTECTED] > Sent: Thursday, October 26, 2006 8:43 AM > To: [email protected] > Subject: Re: FTP client validation question > > > I'm not sure I understand why you need to use all > these steps. All you > > need are a standard JKS keystore and truststore. > FtpServer uses the > > normal JSSE support in the JRE so I don't believe > we do anything funky > > (but I might be missing something). > you said what i need is a standard keystore and > truststore. > IIRC, truststore is a file in which certificate of > the clients are > saved? > > Also in the ftp configuration, i can define where > the keystore file > should be used, but there is no option for > truststore, so where is this > supposed to be done? > > If the server need the client-authentication, what > is the server > expecting to receive from the client? i tried to set > the client to feed > it a file containing private key and certificate in > pem format, which is > already imported in the keystore, but it i have no > luck at all. > > Since Rana wrote that the client-authentication has > not been tested at > all, could it be that the client-authentication does > not work as it is > expected at all? > > thank you in advance, > > Gusti Benawi > > _____________________________________________________ > Free eMail - kostenlose eMail Adressen: > cyy.de - e-mail.sg - mails.sg > www.cyy.de Webmailservice > > > > > > __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
