commons-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bogdan Drozdowski (Commented) (JIRA)" <>
Subject [jira] [Commented] (NET-448) Self signed cert or ca not installed on client but FTPS still works
Date Sat, 03 Mar 2012 11:28:57 GMT


Bogdan Drozdowski commented on NET-448:

The current default TrustManager of the FTPSClient only checks if the certificate's dates
are valid (if the current date not eariler then the certificate's "valid from" date and not
later than the certificate's "valid till" date). It doesn't check the certificate's chain,
domains or issuers. Currently, you need to install your own TrustManager (perhaps use a default
provided by the JRE, if any) to do that.
> Self signed cert or ca not installed on client but FTPS still works
> -------------------------------------------------------------------
>                 Key: NET-448
>                 URL:
>             Project: Commons Net
>          Issue Type: Bug
>          Components: FTP
>    Affects Versions: 2.0, 3.1
>         Environment: client: Windows SP sp4, jdk 1.6.0_24
> server: Linux 2.6.32-220.4.2.el6.i686 running vsFTPd 2.2.2
> apache lib: commons-net-2.0.jar or commons-net-3.1.jar or commons-net-2.0-jdk14.jar (from
>            Reporter: Deepak Pant
>            Priority: Trivial
> I am using vsftpd ftp server on centos with our own self signed root ca certificate.
> I have not installed the self signed root certificate on the client machine. Neither
am I setting the Trust Manager on the FTPSClient object, using X509TrustManager instance pointing
to my physical cert file.
> But I am still able to use the FTPSClient bundled in any of the following jar file and
send/receive the files.
> commons-net-2.0.jar 
> commons-net-3.1.jar 
> commons-net-2.0-jdk14.jar (from zehon)
> I was expecting that I will have to either install the self signed root ca on the client
machine Or set Trust Manager etc.
> Can you please explain the behavior? 

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:!default.jspa
For more information on JIRA, see:


View raw message