commons-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mads Lindstrøm <>
Subject Re: [net] Hostname verification with FTPSClient
Date Fri, 01 Mar 2013 09:09:48 GMT
sebb <sebbaz <at>> writes:

> On 28 February 2013 20:04, Mads Lindstrøm <mads.lindstroem <at>>

> > Hi
> >
> > I have implemented an application using
> > The application connects to the FTPS
> > server and everything works fine, except that FTPSClient connects to the
> > FTPS server both when I use the hostname and when I use an IP adresss. That
> > is when I connect with FTPSClient.connect(<hostname>) it connects fine. And
> > when I connect with FTPSClient.connect(<IP address>) it connects fine. This
> > is wrong, as it means no hostname verification is going on. That is, the
> > server certificate common name does not have to be equal to the hostname.
> It's not clear to me what you think is wrong.
> Are you saying that it should reject connections by IP address?

I would expect it to. If FTPSClient performs hostname verification (checking 
that a certificate common name = hostname) how can it accepts connections by 
IP address?

I also tried adding:

foobar       <an IP address>

to my hosts file and then I could also connect using "foobar" as hostname. The 
server certificate do not have "foobar" as common name.

> Or are you saying that the server certificate common name is different
> from the hostname you are using, yet the connection is still accepted?

I am saying both. Well, now that I mentioned the "foobar" example I am saying 


Mads Lindstrøm

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message