On 4/25/2016 10:03 AM, Moti Avrahami wrote:
Hello,
I am using libcurl (v7.47.1) on Windows, together with mbedTLS
(v2.2.1) as a TLS backend, to connect to FTPS servers.
Although I managed to connect to some FTPS servers, I encountered a
problem to connect to FileZilla server, even when succeeded with
FileZilla client. After investigate it, I found out it was because a
new ability that was added to FileZilla server in v0.9.51, that
requires from the clients to implement TLS session resumption*. This
feature is enabled by default and only after disabling it, I managed
to connect the server.
So my problem is that I can't establish a FTPS session, using my
libcurl-using client, to FileZilla** server. Does someone is aware to
this issue or know how can I enable it via libcurl?
Thanks,
Moti Avrahami
*The TLS session resumption feature increase the security of the FTPS
handshake by checking if the TLS session of the data connection
matches the session of the control connection. In that case, both the
client and the server have the guarantee that the data connection is
genuine. (you can read more here:
https://forum.filezilla-project.org/viewtopic.php?t=36903)
**In my case this is FileZilla but as far as I read, this feature has
started to be adopted by other FTP servers, just like vsftpd, so I
wonder whether we have a real problem here.
It's a bug. libcurl isn't properly saving and restoring the session for
mbedtls (and probably polarssl). Thomas Glanzmann reported mbedtls
session resume issues several months ago [1] but it looks like I never
followed up. I've started fixing it [2], please try that branch and tell
me if it works for you. Thanks
[1]: https://curl.haxx.se/mail/lib-2016-01/0070.html
[2]:
https://github.com/jay/curl/compare/master...jay:mbedtls_fix_session_resume?expand=1
-------------------------------------------------------------------
List admin: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html