VERIFY_HOST_NAME - UFTP configuration option

Description

The VERIFY_HOST_NAME option specifies whether UFTP will require identifying information in an FTP server's certificate that corresponds to the specified HOST value.

Usage



Specification Method

Parameter / Value

IBM i

HP NonStop

UNIX

Windows

z/OS

Command Line, Short Form

 n/a



Command Line, Long Form

-verify_host_name opt

(tick)

(tick)

(tick)

Environment Variable

UFTPVERIFYHOSTNAME=opt

(tick)

(tick)

(tick)

Configuration File Keyword

verify_host_name opt


(tick)

(tick)

(tick)

Value

opt specifies whether UFTP will ensure that the FTP server is actually the one intended. UFTP verifies this using the Common Name or Subject Alternate Name in the certificate that the FTP server presents during TLS/SSL handshake.

opt can be:

  • YES - the Common Name or Subject Alternate Name must contain a host name or IP address that matches the one specified with UFTP's HOST option.
  • NO - UFTP will proceed with the TLS/SSL handshake regardless of the host information contained in the FTP server's certificate.

Default is no.

This option is not used when PROTOCOL is SSH, which doesn't use TLS/SSL. It is used when the PROTCOL is FTPS ("implicit" FTPS) or when UFTP requests explicit FTPS support.

Notes for Explicit FTPS (FTPES) Support

Explicit FTPS support was added to UFTP for Universal Agent 7.1.0.0. When an FTP server enables explicit TLS/SSL support, it allows clients to request encrypted sessions over the standard FTP port 21. This is different from implicit TLS/SSL support, which requires a connection to a unique, well-known port (990 by default) that ONLY accepts TLS/SSL-enabled client requests.

UFTP has always offered implicit FTPS support via the FTPS PROTOCOL value.

Because an FTP client may not always know whether the FTP server's port 21 is accepting SSL-enabled connections (i.e., it may only accept unencrypted, plain-text FTP sessions), explicit FTPS is not really a distinct protocol per se. Therefore, UFTP offers explicit FTPS support by applying new options and supported values to the existing FTP PROTOCOL value.

UFTP requests an explicit FTPS session using the ENABLE_SSL option or by prefixing the HOST option's value with ftpes://.

The -verify_host_name option can be specified for explicit or implicit FTPS sessions.