commons-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Adam Lynam (JIRA)" <j...@apache.org>
Subject [jira] [Created] (NET-605) FTPSClient forces IP in SubjectAlternativeNames field for server certificate validation instead of hostname
Date Mon, 12 Dec 2016 13:17:58 GMT
Adam Lynam created NET-605:
------------------------------

             Summary: FTPSClient forces IP in SubjectAlternativeNames field for server certificate
validation instead of hostname
                 Key: NET-605
                 URL: https://issues.apache.org/jira/browse/NET-605
             Project: Commons Net
          Issue Type: Bug
          Components: FTP
    Affects Versions: 3.5
            Reporter: Adam Lynam


We have an FTP Server with a signed certificate, with both CN and SAN DNS entries set to the
respective hostname of the machine.

When attempting to connect using FTPSClient, we get java.security.cert.CertificateException:
No subject alternative names matching IP address x.x.x.x found. The FTPSClient appears to
resolve the IP address and pass that through the SSLSocket where it eventually raises the
exception.

While we initially encountered the error against our internal FTP server, we have confirmed
the same issue against a public FTP server. ftps://demo:password@test.rebex.net.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message