Uploaded image for project: 'Commons Net'
  1. Commons Net
  2. NET-605

FTPSClient forces IP in SubjectAlternativeNames field for server certificate validation instead of hostname

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Resolved
    • 3.5
    • None
    • FTP
    • None

    Description

      We have an FTP Server with a signed certificate, with both CN and SAN DNS entries set to the respective hostname of the machine.

      When attempting to connect using FTPSClient, we get java.security.cert.CertificateException: No subject alternative names matching IP address x.x.x.x found. The FTPSClient appears to resolve the IP address and pass that through the SSLSocket where it eventually raises the exception.

      While we initially encountered the error against our internal FTP server, we have confirmed the same issue against a public FTP server. ftps://demo:password@test.rebex.net.

      Attachments

        Activity

          People

            Unassigned Unassigned
            adam.lynam.dwp Adam Lynam
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: