commons-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alex Vb <i8c.a...@gmail.com>
Subject Re: [net] FTPS passive data connection not using SSLSocketFactory?
Date Mon, 27 Jan 2014 06:53:12 GMT
I have tried the connection with your suggestions and it works :)

Thanks!


On 24 January 2014 15:44, Seganti, Michael (DOF)
<SegantiM@finance.nyc.gov>wrote:

> A couple of things.
>
> You don't set the protection buffer size or the data channel protection
> which has to happen immediately after the connection.
>
>         client.connect(host, port);
>         client. execPBSZ(0);
>         client. .execPROT("P"); // Private
>         client.login("", "");
>         client.enterLocalPassiveMode();
>
> for your Passive Mode connection, try the next line.  I had this (copied
> from the example code), which caused problems for me on external sites.  It
> connects to the original host using the passive port number.
>
>         client. setUseEPSVwithIPv4(true);
>
> From the Log:
> EPSV
> 229 Entering Passive Mode (|||62110|)
>
> Hope this helps,
>
> Mike...
>
> -----Original Message-----
> From: Alex Vb [mailto:i8c.alex@gmail.com]
> Sent: Friday, January 24, 2014 9:24 AM
> To: user@commons.apache.org
> Subject: [net] FTPS passive data connection not using SSLSocketFactory?
>
> I had an exotic case where an ftps server in the 10.* domain sent back an
> inaccessible ip also in the 10.* domain. This posed an issue for both our
> main tool (a proprietary third party tool that does not use apache commons)
> and for filezilla so I created a small example in commons net. This
> specific problem also isn't covered by the code as the NAT fix for passive
> hostnames only works if the initial remote address is not site local. I
> added a boolean to force the client to use the original host.
>
>         FTPSClient client = new FTPSClient(true);
>         client.setTrustManager(SecurityUtils.createTrustAllManager());
>         client.setConnectTimeout(timeout * 1000);
>
>         // new var
>         client.forceInitialHostForDataConnection = true;
>
>         client.connect(host, port);
>         client.login("", "");
>         client.enterLocalPassiveMode();
>         client.setSoTimeout(timeout * 1000);
>         FTPFile [] files = client.listFiles();
>         for (FTPFile file : files)
>             System.out.println(file.getName());
>
> This worked to create the data connection (in other words, the socket was
> successfully connected) but then the data connection simply hang
> indefinately.
>
> I investigated further and apparantly the socket created for the data
> connection was a plain one, not an SSL one. A quick fix to create an
> SSLSocket instead of regular Socket fixed the problem. However I would like
> to do this cleanly instead of what I have done now but in checking the
> source code I can't for the life of me figure out where the
> SSLSocketFactory is supposed to be set.
>
> The only reference to setting the SSLSocketFactory is in
> FTPSClient.execPROT()...which apparently never gets called? Am I supposed
> to call it? If so, what value should I use considering it is an implicit
> connection?
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@commons.apache.org
> For additional commands, e-mail: user-help@commons.apache.org
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message