Old 10-02-2004, 10:49 AM   #1
ugh
Junior Member
 
Join Date: May 2002
Posts: 14
Default SSL certificates

Certificates should be checked every time you log on to an ftp - the certificate might have expired, or the dns name / ip address of the ftp can have changed. Also, onthe SSL tab should have a "View certificate" button (in addition to "Reset certificate").
ugh is offline  
Old 10-02-2004, 11:17 AM   #2
Hetfield
Senior Member
FlashFXP Scripter
 
Join Date: Nov 2002
Posts: 334
Default

The certificate *is* checked everytime you log in. If the certificate is changed FlashFXP will pop-up with a new certificate. If you mean that FlashFXP has to check the certificate for its validity then you have a problem: only you can decide whether or not the certificate is valid. That's why there is a pop-up. As far for the "view certificate", i think you have a point there.
Hetfield is offline  
Old 10-16-2004, 04:24 PM   #3
ugh
Junior Member
 
Join Date: May 2002
Posts: 14
Default

The certificate is only checked against the 16-byte hash (or whatever) that is stored in sites.dat. The certificate can not be reconstructed from these 16 bytes, which is, I guess, the reason why there is no View Certificate button. It is probably also why when a certificate is accepted for a site, it is always automatically accepted, regardless of whether or not the certificate data matches the server. That is, if the ip/dns it is currently using is the same as when you accepted the certificate the first time. You can try this yourself by adding a couple of entries in your hosts file, so several host names matches the same ip, and then connect to the different host names for the same ftp server (by changing the ip address in your site manager). And no, there is no warning for expired certificates. If it has been accepted and stored, you will never see a warning again.
ugh is offline  
Old 10-16-2004, 04:54 PM   #4
bigstar
FlashFXP Developer
FlashFXP Administrator
ioFTPD Beta Tester
 
bigstar's Avatar
 
Join Date: Oct 2001
Posts: 8,012
Default

I must of missed this thread the first time it was posted.

Once the cert has been accepted no further validation is performed on the cert details, We only compare the cert hash with the stored hash to determine if the cert has changed, if the cert has changed you will be prompted to accept it again.

Currently we do not store the cert details.
bigstar is offline  
Old 10-18-2004, 02:27 AM   #5
biophon
Junior Member
FlashFXP Registered User
 
Join Date: Nov 2002
Posts: 1
Default

Will you consider storing the details in a later version? And doing a better check perhaps?
biophon is offline  
 

Tags
certificate, certificates, ftp, reset, ssl

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
fxpiing in though a server with limitations zoranb General Discussion 3 05-18-2005 04:22 PM
sock problem Gip Bug Reports 1 01-26-2003 01:01 PM


All times are GMT -5. The time now is 01:06 PM.

Parts of this site powered by vBulletin Mods & Addons from DragonByte Technologies Ltd. (Details)