commons-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alex Vb <>
Subject [net] FTPS passive data connection not using SSLSocketFactory?
Date Fri, 24 Jan 2014 14:23:37 GMT
I had an exotic case where an ftps server in the 10.* domain sent back an
inaccessible ip also in the 10.* domain. This posed an issue for both our
main tool (a proprietary third party tool that does not use apache commons)
and for filezilla so I created a small example in commons net. This
specific problem also isn't covered by the code as the NAT fix for passive
hostnames only works if the initial remote address is not site local. I
added a boolean to force the client to use the original host.

        FTPSClient client = new FTPSClient(true);
        client.setConnectTimeout(timeout * 1000);

        // new var
        client.forceInitialHostForDataConnection = true;

        client.connect(host, port);
        client.login("", "");
        client.setSoTimeout(timeout * 1000);
        FTPFile [] files = client.listFiles();
        for (FTPFile file : files)

This worked to create the data connection (in other words, the socket was
successfully connected) but then the data connection simply hang

I investigated further and apparantly the socket created for the data
connection was a plain one, not an SSL one. A quick fix to create an
SSLSocket instead of regular Socket fixed the problem. However I would like
to do this cleanly instead of what I have done now but in checking the
source code I can't for the life of me figure out where the
SSLSocketFactory is supposed to be set.

The only reference to setting the SSLSocketFactory is in
FTPSClient.execPROT()...which apparently never gets called? Am I supposed
to call it? If so, what value should I use considering it is an implicit

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message