与OpenSSL进行FTP传输连接时恢复TLS / SSL会话 [英] TLS/SSL session resume on FTP transfer connection with OpenSSL
问题描述
我是实施FTP客户端的开源开发者( WinSCP )。
我试图从传输套接字上的FTP控制套接字恢复TLS / SSL会话。
一些FTP服务器开始需要这个。
例如, vsftpd:
https://scarybeastsecurity.blogspot .com / 2009/02 / vsftpd-210-released.html
我使用OpenSSL来实现SSL层。
我尝试了很明显的方式来实现会话简历,即使用 SSL_get1_session 和 SSL_set_session ,如下所示:
https://www.linuxjournal.com/article/5487?page=0,1
虽然不起作用。我仍然无法连接到任何需要TLS会话恢复的FTP服务器(如vsftpd)。
我怀疑问题可能是由于我的情况,有两个并行的TLS连接,它们不能共享相同的TLS会话。这与linuxjournal.com上的示例不同,第一个连接在另一个打开之前关闭。
我也尝试了几种克隆会话的方法,例如,使用 i2d_SSL_SESSION / d2i_SSL_SESSION 。
我真的被困在这里。
在此先感谢您的帮助。 使用 SSL_get1_session 和 SSL_set_session 解析方案最后工作。第一次尝试时我必须错误地使用它们。
- 一旦建立了控制连接上的TLS / SSL会话,请使用
SSL_get1_session检索会话。我特别从SSL_set_info_callback,当where& SSL_ST_CONNECT。 - 调用
SSL_set_session在为数据连接设置TLS / SSL会话时参照控制连接会话。
I'm open source developer implementing FTP client (WinSCP).
I'm trying to resume TLS/SSL session from the FTP control socket on the transfer socket. Some FTP servers started to require this.
E.g. vsftpd:
https://scarybeastsecurity.blogspot.com/2009/02/vsftpd-210-released.html
I'm using OpenSSL to implement SSL layer.
I've tried the obvious way to implement the session resume, i.e. to use SSL_get1_session and SSL_set_session, like here:
https://www.linuxjournal.com/article/5487?page=0,1
Though it does not work. I'm still not able to connect to any FTP server requiring TLS session resume (like the vsftpd).
I have suspicion that the problem may be due to in my case, there are two parallel TLS connections, which cannot share the same TLS session. Which is different to the example on linuxjournal.com, where the first connection is closed before the other is opened.
I have also tried several ways to clone the session, e.g. using i2d_SSL_SESSION/d2i_SSL_SESSION. Didn't help either.
I'm really stuck here.
Thanks in advance for any help.
Using the SSL_get1_session and the SSL_set_session worked in the end. I must have used them incorrectly when trying the first time.
- Once the TLS/SSL session on the control connection is established, use
SSL_get1_sessionto retrieve the session. I specifically do it from a callback set by theSSL_set_info_callback, whenwhere & SSL_ST_CONNECT. - Call the
SSL_set_sessionwith the reference to the control connection session, when setting up TLS/SSL session for the data connection.
这篇关于与OpenSSL进行FTP传输连接时恢复TLS / SSL会话的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
