commons-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Seganti, Michael (DOF)" <>
Subject RE: [net] FTPS passive data connection not using SSLSocketFactory?
Date Fri, 24 Jan 2014 14:44:23 GMT
A couple of things. 

You don't set the protection buffer size or the data channel protection which has to happen
immediately after the connection.

	client.connect(host, port);
	client. execPBSZ(0);
	client. .execPROT("P"); // Private
	client.login("", "");

for your Passive Mode connection, try the next line.  I had this (copied from the example
code), which caused problems for me on external sites.  It connects to the original host using
the passive port number. 

	client. setUseEPSVwithIPv4(true);

>From the Log: 
229 Entering Passive Mode (|||62110|)

Hope this helps, 


-----Original Message-----
From: Alex Vb [] 
Sent: Friday, January 24, 2014 9:24 AM
Subject: [net] FTPS passive data connection not using SSLSocketFactory?

I had an exotic case where an ftps server in the 10.* domain sent back an inaccessible ip
also in the 10.* domain. This posed an issue for both our main tool (a proprietary third party
tool that does not use apache commons) and for filezilla so I created a small example in commons
net. This specific problem also isn't covered by the code as the NAT fix for passive hostnames
only works if the initial remote address is not site local. I added a boolean to force the
client to use the original host.

        FTPSClient client = new FTPSClient(true);
        client.setConnectTimeout(timeout * 1000);

        // new var
        client.forceInitialHostForDataConnection = true;

        client.connect(host, port);
        client.login("", "");
        client.setSoTimeout(timeout * 1000);
        FTPFile [] files = client.listFiles();
        for (FTPFile file : files)

This worked to create the data connection (in other words, the socket was successfully connected)
but then the data connection simply hang indefinately.

I investigated further and apparantly the socket created for the data connection was a plain
one, not an SSL one. A quick fix to create an SSLSocket instead of regular Socket fixed the
problem. However I would like to do this cleanly instead of what I have done now but in checking
the source code I can't for the life of me figure out where the SSLSocketFactory is supposed
to be set.

The only reference to setting the SSLSocketFactory is in FTPSClient.execPROT()...which apparently
never gets called? Am I supposed to call it? If so, what value should I use considering it
is an implicit connection?

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message