Come here to discuss FileZilla and FTP in general
Moderator: Project members
-
mlt1234
- 500 Command not understood
- Posts: 3
- Joined: 2013-01-02 14:53
- First name: h
- Last name: s
#1
Post
by mlt1234 » 2013-01-02 15:00
I need to connect to a FileZilla ftp server on a remote windows machine which requires Explicit FTP over TLS. It works fine when I connect through the fileZilla gui client. But now I need to do it from a java class where I am using apache.commons.net
Code: Select all
FTPSClient ftpsClient = new FTPSClient("TLS", false);
ftpsClient.addProtocolCommandListener(new PrintCommandListener(new PrintWriter(System.out)));
ftpsClient.connect(host, 21);
ftpsClient.login(user, password);
ftpsClient.enterLocalPassiveMode();
but when I run the above class I get (when it executes the connect method):
Code: Select all
220 My FTP Server
AUTH TLS
234 Using authentication type TLS
javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateExpiredException: NotAfter: Thu Aug 30 13:31:23 CEST 2012
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1764)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:241)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:235)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1206)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:136)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:593)
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:529)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:958)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1203)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1230)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1214)
at org.apache.commons.net.ftp.FTPSClient.sslNegotiation(FTPSClient.java:265)
at org.apache.commons.net.ftp.FTPSClient._connectAction_(FTPSClient.java:207)
at org.apache.commons.net.SocketClient.connect(SocketClient.java:172)
at org.apache.commons.net.SocketClient.connect(SocketClient.java:192)
Caused by: java.security.cert.CertificateExpiredException: NotAfter: Thu Aug 30 13:31:23 CEST 2012
at sun.security.x509.CertificateValidity.valid(CertificateValidity.java:256)
at sun.security.x509.X509CertImpl.checkValidity(X509CertImpl.java:568)
at sun.security.x509.X509CertImpl.checkValidity(X509CertImpl.java:541)
at org.apache.commons.net.util.TrustManagerUtils$TrustManager.checkServerTrusted(TrustManagerUtils.java:59)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1198)
... 13 more
Any ideas on how to connect to a FileZilla ftp server (with Explicit FTP over TLS) from java code?
-
botg
- Site Admin
- Posts: 35565
- Joined: 2004-02-23 20:49
- First name: Tim
- Last name: Kosse
#2
Post
by botg » 2013-01-02 16:05
Read the exception, it actually explains what is wrong.
-
mlt1234
- 500 Command not understood
- Posts: 3
- Joined: 2013-01-02 14:53
- First name: h
- Last name: s
#3
Post
by mlt1234 » 2013-01-02 18:04
Not really. I managed to get it to work with passing a SSLContext
Code: Select all
SSLContext sslContext = SSLContext.getInstance("TLS");
TrustManager tm = new X509TrustManager() {
public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
}
public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
}
public X509Certificate[] getAcceptedIssuers() {
return null;
}
};
sslContext.init(null, new TrustManager[] { tm }, null);
FTPSClient ftpsClient = new FTPSClient(sslContext);
-
botg
- Site Admin
- Posts: 35565
- Joined: 2004-02-23 20:49
- First name: Tim
- Last name: Kosse
#4
Post
by botg » 2013-01-02 23:09
Very bad idea. You're completely disabling certificate validation. This makes you vulnerable to man-in-the-middle attacks. You could just as well use plaintext FTP, equal lack of security.
-
GunterO
- 500 Command not understood
- Posts: 1
- Joined: 2018-11-23 08:44
- First name: Gunter
- Last name: Otté
#5
Post
by GunterO » 2018-11-23 08:47
mlt1234 wrote: ↑2013-01-02 18:04
Not really. I managed to get it to work with passing a SSLContext
Thanks! I faced a similar problem with a site which had an expired SSL certificate.
I realize it's not secure, but sometimes we need to deal with sites where we have zero control over ...
-
botg
- Site Admin
- Posts: 35565
- Joined: 2004-02-23 20:49
- First name: Tim
- Last name: Kosse
#6
Post
by botg » 2018-11-23 16:33
GunterO wrote: ↑2018-11-23 08:47
I realize it's not secure, but sometimes we need to deal with sites where we have zero control over ...
The way to deal with such sites is to refuse to use them.