Mailing-List: contact issues-help@commons.apache.org; run by ezmlm
Precedence: bulk
Reply-To: issues@commons.apache.org
Date: Mon, 14 Mar 2011 16:48:31 +0000 (UTC)
From: "Bogdan Drozdowski (JIRA)" <jira@apache.org>
To: issues@commons.apache.org
Message-ID: 
 <1271767846.1181.1300121311253.JavaMail.tomcat@hel.zones.apache.org>
Subject: [jira] Commented: (NET-326) A KeyManager is required when the
 protection level is set to 'P' with FTPSClient on active mode
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit


    [ https://issues.apache.org/jira/browse/NET-326?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13006504#comment-13006504 ] 

Bogdan Drozdowski commented on NET-326:
---------------------------------------

Nice one. But now I have a question: why do you cast a TrustManagerFactory (which implements od extends nothing) to a X509TrustManager? Are you sure that this will work?

I'd add just three more methods to your factory (assuming the casts are OK):
{code}
public static X509TrustManager getTrustManager(String algorithm) throws NoSuchAlgorithmException {
        return (X509TrustManager) TrustManagerFactory.getInstance(algorithm);
}
public static X509TrustManager getTrustManager(String algorithm, Provider provider) throws NoSuchAlgorithmException {
        return (X509TrustManager) TrustManagerFactory.getInstance(algorithm, provider);
}

public static X509TrustManager getTrustManager(String algorithm, String provider) throws NoSuchAlgorithmException {
        return (X509TrustManager) TrustManagerFactory.getInstance(algorithm, provider);
}
{code}

so that the user could choose the algorithm the TrustManager will be used for. This is basically delegating the calls to the TrustManagerFactory, but we have everything in one place.

> A KeyManager is required when the protection level is set to 'P' with FTPSClient on active mode
> -----------------------------------------------------------------------------------------------
>
>                 Key: NET-326
>                 URL: https://issues.apache.org/jira/browse/NET-326
>             Project: Commons Net
>          Issue Type: Bug
>          Components: FTP
>    Affects Versions: 2.0
>         Environment: Windows XP profesional service pack 2, Java Java 1.6.0_12-b04 
>            Reporter: Terence Dudouit
>         Attachments: SSLContextsFactory.java
>
>
> Using a simple FTPS client that list a directory, when execPROT("P") is set and the active mode is on, the following exception is thrown :
> javax.net.ssl.SSLException: No available certificate or key corresponds to the SSL cipher suites which are enabled.
> 	at com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.checkEnabledSuites(SSLServerSocketImpl.java:303)
> 	at com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.accept(SSLServerSocketImpl.java:253)
> 	at org.apache.commons.net.ftp.FTPClient._openDataConnection_(FTPClient.java:489)
> 	at org.apache.commons.net.ftp.FTPSClient._openDataConnection_(FTPSClient.java:494)
> 	at org.apache.commons.net.ftp.FTPClient.listNames(FTPClient.java:1950)
> 	at org.apache.commons.net.ftp.FTPClient.listNames(FTPClient.java:1996)
> 	at fr.enovacom.eai.actions.dynamiques.protocole.ftp.FTPGet.testFTPS(FTPGet.java:379)
> 	at fr.enovacom.eai.actions.dynamiques.protocole.ftp.FTPGet.main(FTPGet.java:401)
> This doesn't occur on passive mode.
> The only way to make it work is to set a keyManager although there is no need for a client authentication.

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira