Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

"TLS Session resumption" not supported by ftplibpp ? #39

Open
14Merlin opened this issue Mar 30, 2021 · 2 comments
Open

"TLS Session resumption" not supported by ftplibpp ? #39

14Merlin opened this issue Mar 30, 2021 · 2 comments

Comments

@14Merlin
Copy link

Hello,
I'm using ftplibpp with OpenSSL and I'm trying to connect to a Filezilla Server with FTP over TLS (FTPS).

I just found that ftplibpp can't transfer data (even if already securely connected) to a FileZilla Server that Requires TLS session resumption, since I get this error:
"450 TLS session of data connection has not resumed or the session does not match the control connection"

If I untick "Require TLS session resumption on data connection when using PROT P" in FileZilla Server settings, then I'm able to do the transfers.

So, is there a way to add "TLS session resumption" ability to the ftplibpp ??
@14Merlin
Copy link
Author

14Merlin commented Mar 31, 2021
edited

After a lot of reading and searching I found this link: https://www.linuxjournal.com/article/5487

It seems that SSL session id is taken with:
SSL_SESSION* sess=SSL_get1_session(ssl);

then you can close the connection with SSL_shutdown(ssl);

Whenever you want to reopen the connection, you have to assign the old session id to id just before opening(resuming) the connection:

SSL_set_session(ssl,sess); if(SSL_connect(ssl)<=0)' berr_exit("SSL connect error (second connect)");

So with a bit of guessing It seems I managed to have TLS resumption supported in ftpLibpp by simply modifying two functions (changes in bold):

int ftplib::FtpClose(ftphandle *nData)
{
[...]
#ifndef NOSSL
SSL_shutdown(nData->ssl); //<---- close data connection, this is mandatory, if you dont call this only the first connect will work
SSL_free(nData->ssl);
#endif
free(nData);
if (ctrl) return readresp('2', ctrl);
return 1;
}

int ftplib::FtpAccess(const char *path, accesstype type, transfermode mode, ftphandle *nControl, ftphandle **nData)
{
[...]
#ifndef NOSSL
if (nControl->tlsdata)
{
(*nData)->ssl = SSL_new(nControl->ctx);
(*nData)->sbio = BIO_new_socket((*nData)->handle, BIO_NOCLOSE);
SSL_set_bio((*nData)->ssl,(*nData)->sbio,(*nData)->sbio);
*SSL_set_session( (nData)->ssl, SSL_get1_session(nControl->ssl) ); //<----------- Set same session ID of the control data (to support TLS session Resumption)
int ret = SSL_connect((*nData)->ssl);
if (ret != 1) return 0;
(*nData)->tlsdata = 1;
}
#endif
return 1;
}

@14Merlin
Copy link
Author

Ok, I don't know how to insert multiline code.... hope it is clear enough

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@14Merlin