Use hostname for FTPS EPSV data connection

codingtim · codingtim · commit dce4d3e9e80d · 2026-03-17T17:44:07.000+01:00
This allows FTPS to reuse the TLS session
of the FSTP command connection for the data connection.
diff --git a/src/main/java/org/apache/commons/net/ftp/FTPClient.java b/src/main/java/org/apache/commons/net/ftp/FTPClient.java
@@ -828,10 +828,14 @@ protected void _parseExtendedPassiveModeReply(String reply) throws MalformedServ
             throw new MalformedServerReplyException("Could not parse extended passive host information.\nServer Reply: " + reply);
         }
         // in EPSV mode, the passive host address is implicit
-        passiveHost = getRemoteAddress().getHostAddress();
+        passiveHost = _resolveExtendedPassiveModeHost();
         passivePort = port;
     }
 
+    protected String _resolveExtendedPassiveModeHost() {
+        return getRemoteAddress().getHostAddress();
+    }
+
     /**
      * Parses a reply.
      *
diff --git a/src/main/java/org/apache/commons/net/ftp/FTPSClient.java b/src/main/java/org/apache/commons/net/ftp/FTPSClient.java
@@ -1119,5 +1119,14 @@ protected void sslNegotiation() throws IOException {
             throw new SSLHandshakeException("Hostname doesn't match certificate");
         }
     }
+
+    @Override
+    protected String _resolveExtendedPassiveModeHost() {
+        if (_socket_ instanceof SSLSocket) {
+            return ((SSLSocket) _socket_).getSession().getPeerHost();
+        } else {
+            return super._resolveExtendedPassiveModeHost();
+        }
+    }
 }
 

Original file line number	Diff line number	Diff line change
`@@ -828,10 +828,14 @@ protected void _parseExtendedPassiveModeReply(String reply) throws MalformedServ`
`828`	`828`	`throw new MalformedServerReplyException("Could not parse extended passive host information.\nServer Reply: " + reply);`
`829`	`829`	`}`
`830`	`830`	`// in EPSV mode, the passive host address is implicit`
`831`		`- passiveHost = getRemoteAddress().getHostAddress();`
	`831`	`+ passiveHost = _resolveExtendedPassiveModeHost();`
`832`	`832`	`passivePort = port;`
`833`	`833`	`}`
`834`	`834`
	`835`	`+ protected String _resolveExtendedPassiveModeHost() {`
	`836`	`+ return getRemoteAddress().getHostAddress();`
	`837`	`+ }`
	`838`	`+`
`835`	`839`	`/**`
`836`	`840`	`* Parses a reply.`
`837`	`841`	`*`
Original file line number	Diff line number	Diff line change
`@@ -1119,5 +1119,14 @@ protected void sslNegotiation() throws IOException {`
`1119`	`1119`	`throw new SSLHandshakeException("Hostname doesn't match certificate");`
`1120`	`1120`	`}`
`1121`	`1121`	`}`
	`1122`	`+`
	`1123`	`+ @Override`
	`1124`	`+ protected String _resolveExtendedPassiveModeHost() {`
	`1125`	`+ if (_socket_ instanceof SSLSocket) {`
	`1126`	`+ return ((SSLSocket) _socket_).getSession().getPeerHost();`
	`1127`	`+ } else {`
	`1128`	`+ return super._resolveExtendedPassiveModeHost();`
	`1129`	`+ }`
	`1130`	`+ }`
`1122`	`1131`	`}`
`1123`	`1132`