Opened 14 years ago

Closed 9 years ago

#5633 closed Bug report (fixed)

Be less trusting of trusted certificates — at Version 2

Reported by: putte Owned by:
Priority: high Component: FileZilla Client
Keywords: ssl, mitm Cc:
Component version: Operating system type: Linux
Operating system version:

Description (last modified by Tim Kosse)

When FileZilla is told to trust a self-signed certificate, that certificate will be accepted for any connection. For example, if I trust a certificate from some random guy for my connection to ftp.randomguy.net, that certificate will also be treated as valid for filezilla-project.org, google.com, sourceforge.net and so on.

The certificate (or rather FileZillas trust in the certificate) ought to be bound to a specific hostname or to a specific site in the site manager.

Steps to reproduce the problem:

  1. Generate a valid self-signed certificate and configure an FTP server to use it.
  2. Connect to the server with FileZilla and choose to trust the certificate.
  3. Copy the same certificate to a different FTP server (and set it up).
  4. Connect to this second server with FileZilla.

The result: FileZilla connects without warnings to the second server, even though the certificate belongs to a completely different server.

Software versions: FileZilla 3.3.4.1, GnuTLS 2.8.6

Change History (3)

by putte, 14 years ago

Attachment: firefox-certificates.png added

Firefox: Preferences -> Advanced -> Encryption -> View Certificates

comment:1 by putte, 14 years ago

I just tried the same thing with SFTP and realized that FileZilla already implements the expected behaviour there: the SSH hostkey is saved together with the hostname to ~/.putty/sshhostkeys on the initial connection; it's verified on subsequent connections to the same host, but not referenced in any way for other hosts; a detailed warning dialog is displayed if it ever changes.

So, in a nutshell, I would like FTPS certificates to be handled more like SSH hostkeys.

Firefox does something similar. The user can tell it to trust otherwise untrusted/invalid certificates by adding exceptions for specific servers. I attached a screenshot of the management GUI for this (which isn't a necessity – I would be happy with a hostname field added to ~/.filezilla/trustedcerts.xml).

comment:2 by Tim Kosse, 9 years ago

Description: modified (diff)
Resolution: fixed
Status: newclosed

This has already been fixed 2010-10-24.

Note: See TracTickets for help on using tickets.