Cannot connect to FileZilla server with Explicit FTP overTLS

Come here to discuss FileZilla and FTP in general

Moderator: Project members

Post Reply
Message
Author
mlt1234
500 Command not understood
Posts: 3
Joined: 2013-01-02 14:53
First name: h
Last name: s

Cannot connect to FileZilla server with Explicit FTP overTLS

#1 Post by mlt1234 » 2013-01-02 15:00

I need to connect to a FileZilla ftp server on a remote windows machine which requires Explicit FTP over TLS. It works fine when I connect through the fileZilla gui client. But now I need to do it from a java class where I am using apache.commons.net

Code: Select all

      FTPSClient ftpsClient = new FTPSClient("TLS", false);
      ftpsClient.addProtocolCommandListener(new PrintCommandListener(new PrintWriter(System.out)));
      ftpsClient.connect(host, 21);
      ftpsClient.login(user, password);
      ftpsClient.enterLocalPassiveMode();
but when I run the above class I get (when it executes the connect method):

Code: Select all

220 My FTP Server
AUTH TLS
234 Using authentication type TLS
javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateExpiredException: NotAfter: Thu Aug 30 13:31:23 CEST 2012
	at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1764)
	at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:241)
	at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:235)
	at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1206)
	at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:136)
	at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:593)
	at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:529)
	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:958)
	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1203)
	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1230)
	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1214)
	at org.apache.commons.net.ftp.FTPSClient.sslNegotiation(FTPSClient.java:265)
	at org.apache.commons.net.ftp.FTPSClient._connectAction_(FTPSClient.java:207)
	at org.apache.commons.net.SocketClient.connect(SocketClient.java:172)
	at org.apache.commons.net.SocketClient.connect(SocketClient.java:192)

Caused by: java.security.cert.CertificateExpiredException: NotAfter: Thu Aug 30 13:31:23 CEST 2012
	at sun.security.x509.CertificateValidity.valid(CertificateValidity.java:256)
	at sun.security.x509.X509CertImpl.checkValidity(X509CertImpl.java:568)
	at sun.security.x509.X509CertImpl.checkValidity(X509CertImpl.java:541)
	at org.apache.commons.net.util.TrustManagerUtils$TrustManager.checkServerTrusted(TrustManagerUtils.java:59)
	at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1198)
	... 13 more
Any ideas on how to connect to a FileZilla ftp server (with Explicit FTP over TLS) from java code?

User avatar
botg
Site Admin
Posts: 31577
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse
Contact:

Re: Cannot connect to FileZilla server with Explicit FTP ove

#2 Post by botg » 2013-01-02 16:05

Read the exception, it actually explains what is wrong.

mlt1234
500 Command not understood
Posts: 3
Joined: 2013-01-02 14:53
First name: h
Last name: s

Re: Cannot connect to FileZilla server with Explicit FTP ove

#3 Post by mlt1234 » 2013-01-02 18:04

Not really. I managed to get it to work with passing a SSLContext

Code: Select all

 SSLContext sslContext = SSLContext.getInstance("TLS");
  TrustManager tm = new X509TrustManager() {
    public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
    }

    public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
    }

    public X509Certificate[] getAcceptedIssuers() {
      return null;
    }
  };
  sslContext.init(null, new TrustManager[] { tm }, null);
  FTPSClient ftpsClient = new FTPSClient(sslContext);

User avatar
botg
Site Admin
Posts: 31577
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse
Contact:

Re: Cannot connect to FileZilla server with Explicit FTP ove

#4 Post by botg » 2013-01-02 23:09

Very bad idea. You're completely disabling certificate validation. This makes you vulnerable to man-in-the-middle attacks. You could just as well use plaintext FTP, equal lack of security.

GunterO
500 Command not understood
Posts: 1
Joined: 2018-11-23 08:44
First name: Gunter
Last name: Otté

Re: Cannot connect to FileZilla server with Explicit FTP ove

#5 Post by GunterO » 2018-11-23 08:47

mlt1234 wrote:
2013-01-02 18:04
Not really. I managed to get it to work with passing a SSLContext
Thanks! I faced a similar problem with a site which had an expired SSL certificate.
I realize it's not secure, but sometimes we need to deal with sites where we have zero control over ...

User avatar
botg
Site Admin
Posts: 31577
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse
Contact:

Re: Cannot connect to FileZilla server with Explicit FTP ove

#6 Post by botg » 2018-11-23 16:33

GunterO wrote:
2018-11-23 08:47
I realize it's not secure, but sometimes we need to deal with sites where we have zero control over ...
The way to deal with such sites is to refuse to use them.

Post Reply