Change #273730
| Category | curl |
| Changed by | Stefan Eissing <stefan@eissing.org> |
| Changed at | Thu 02 Jul 2026 17:39:04 |
| Repository | https://github.com/curl/curl.git |
| Project | curl |
| Branch | master |
| Revision | 84ecfb3ecc793c0087ed9700bdc2a1475ab53ff9 |
Comments
FTP: fix TLS session reuse on the data connection FTP servers using SSL can be configured to check TLS session reuse on the DATA connection. They hand out a new session on every CONTROL connect and require to see the client using exactly that one when up-/downloading on DATA. This means: 1. We have to configure the SSL filter on the DATA connection with exactly the same peers. 2. We have to remember the SSL session on the CONTROL connection - separately from the session cache. The SSL filter on the DATA connection then looks for a session at the CONTROL filter and, if present, uses that. Tests: Enable `require_ssl_reuse` in our pytest setup for vsftpd. This reproduces the problem reported in #22225 and verifies the fix. Skip ftp+SSL pytests for rustls, as we have no possibility to reuse sessions in that backend. Schannel: we do not run these tests with the backend. I expect it has similar problems but am not able to verify. Reported-by: Laurent Sabourin Fixes #22225 Closes #22246
Changed files
- lib/cf-setup.c
- lib/vquic/cf-ngtcp2-cmn.c
- lib/vtls/gtls.c
- lib/vtls/gtls.h
- lib/vtls/mbedtls.c
- lib/vtls/openssl.c
- lib/vtls/openssl.h
- lib/vtls/vtls.c
- lib/vtls/vtls_int.h
- lib/vtls/vtls_scache.c
- lib/vtls/vtls_scache.h
- lib/vtls/wolfssl.c
- lib/vtls/wolfssl.h
- tests/http/conftest.py
- tests/http/test_31_vsftpds.py
- tests/http/test_32_ftps_vsftpd.py
- tests/http/testenv/vsftpd.py