Opened 13 years ago

Closed 8 years ago

#5633 closed Bug report (fixed)

Be less trusting of trusted certificates

Reported by: putte Owned by:
Priority: high Component: FileZilla Client
Keywords: ssl, mitm Cc:
Component version: Operating system type: Linux
Operating system version:

Description (last modified by Tim Kosse)

When FileZilla is told to trust a self-signed certificate, that certificate will be accepted for any connection. For example, if I trust a certificate from some random guy for my connection to, that certificate will also be treated as valid for,, and so on.

The certificate (or rather FileZillas trust in the certificate) ought to be bound to a specific hostname or to a specific site in the site manager.

Steps to reproduce the problem:

  1. Generate a valid self-signed certificate and configure an FTP server to use it.
  2. Connect to the server with FileZilla and choose to trust the certificate.
  3. Copy the same certificate to a different FTP server (and set it up).
  4. Connect to this second server with FileZilla.

The result: FileZilla connects without warnings to the second server, even though the certificate belongs to a completely different server.

Software versions: FileZilla, GnuTLS 2.8.6

Attachments (1)

firefox-certificates.png (45.1 KB ) - added by putte 13 years ago.
Firefox: Preferences -> Advanced -> Encryption -> View Certificates

Download all attachments as: .zip

Change History (3)

by putte, 13 years ago

Attachment: firefox-certificates.png added

Firefox: Preferences -> Advanced -> Encryption -> View Certificates

comment:1 by putte, 13 years ago

I just tried the same thing with SFTP and realized that FileZilla already implements the expected behaviour there: the SSH hostkey is saved together with the hostname to ~/.putty/sshhostkeys on the initial connection; it's verified on subsequent connections to the same host, but not referenced in any way for other hosts; a detailed warning dialog is displayed if it ever changes.

So, in a nutshell, I would like FTPS certificates to be handled more like SSH hostkeys.

Firefox does something similar. The user can tell it to trust otherwise untrusted/invalid certificates by adding exceptions for specific servers. I attached a screenshot of the management GUI for this (which isn't a necessity – I would be happy with a hostname field added to ~/.filezilla/trustedcerts.xml).

comment:2 by Tim Kosse, 8 years ago

Description: modified (diff)
Resolution: fixed
Status: newclosed

This has already been fixed 2010-10-24.

Note: See TracTickets for help on using tickets.