The certificate is only checked against the 16-byte hash (or whatever) that is stored in sites.dat. The certificate can not be reconstructed from these 16 bytes, which is, I guess, the reason why there is no View Certificate button. It is probably also why when a certificate is accepted for a site, it is always automatically accepted, regardless of whether or not the certificate data matches the server. That is, if the ip/dns it is currently using is the same as when you accepted the certificate the first time. You can try this yourself by adding a couple of entries in your hosts file, so several host names matches the same ip, and then connect to the different host names for the same ftp server (by changing the ip address in your site manager). And no, there is no warning for expired certificates. If it has been accepted and stored, you will never see a warning again.
|