[ https://issues.apache.org/jira/browse/NET-326?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13006504#comment-13006504 ]
Bogdan Drozdowski commented on NET-326: --------------------------------------- Nice one. But now I have a question: why do you cast a TrustManagerFactory (which implements od extends nothing) to a X509TrustManager? Are you sure that this will work? I'd add just three more methods to your factory (assuming the casts are OK): {code} public static X509TrustManager getTrustManager(String algorithm) throws NoSuchAlgorithmException { return (X509TrustManager) TrustManagerFactory.getInstance(algorithm); } public static X509TrustManager getTrustManager(String algorithm, Provider provider) throws NoSuchAlgorithmException { return (X509TrustManager) TrustManagerFactory.getInstance(algorithm, provider); } public static X509TrustManager getTrustManager(String algorithm, String provider) throws NoSuchAlgorithmException { return (X509TrustManager) TrustManagerFactory.getInstance(algorithm, provider); } {code} so that the user could choose the algorithm the TrustManager will be used for. This is basically delegating the calls to the TrustManagerFactory, but we have everything in one place. > A KeyManager is required when the protection level is set to 'P' with > FTPSClient on active mode > ----------------------------------------------------------------------------------------------- > > Key: NET-326 > URL: https://issues.apache.org/jira/browse/NET-326 > Project: Commons Net > Issue Type: Bug > Components: FTP > Affects Versions: 2.0 > Environment: Windows XP profesional service pack 2, Java Java > 1.6.0_12-b04 > Reporter: Terence Dudouit > Attachments: SSLContextsFactory.java > > > Using a simple FTPS client that list a directory, when execPROT("P") is set > and the active mode is on, the following exception is thrown : > javax.net.ssl.SSLException: No available certificate or key corresponds to > the SSL cipher suites which are enabled. > at > com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.checkEnabledSuites(SSLServerSocketImpl.java:303) > at > com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.accept(SSLServerSocketImpl.java:253) > at > org.apache.commons.net.ftp.FTPClient._openDataConnection_(FTPClient.java:489) > at > org.apache.commons.net.ftp.FTPSClient._openDataConnection_(FTPSClient.java:494) > at org.apache.commons.net.ftp.FTPClient.listNames(FTPClient.java:1950) > at org.apache.commons.net.ftp.FTPClient.listNames(FTPClient.java:1996) > at > fr.enovacom.eai.actions.dynamiques.protocole.ftp.FTPGet.testFTPS(FTPGet.java:379) > at > fr.enovacom.eai.actions.dynamiques.protocole.ftp.FTPGet.main(FTPGet.java:401) > This doesn't occur on passive mode. > The only way to make it work is to set a keyManager although there is no need > for a client authentication. -- This message is automatically generated by JIRA. For more information on JIRA, see: http://www.atlassian.com/software/jira