Commit graph

3 commits

Author SHA1 Message Date
Stefan Eissing
84ecfb3ecc
FTP: fix TLS session reuse on the data connection
FTP servers using SSL can be configured to check TLS session reuse on
the DATA connection. They hand out a new session on every CONTROL
connect and require to see the client using exactly that one when
up-/downloading on DATA.

This means:

1. We have to configure the SSL filter on the DATA connection with
   exactly the same peers.

2. We have to remember the SSL session on the CONTROL connection -
   separately from the session cache. The SSL filter on the DATA
   connection then looks for a session at the CONTROL filter and, if
   present, uses that.

Tests:

Enable `require_ssl_reuse` in our pytest setup for vsftpd. This
reproduces the problem reported in #22225 and verifies the fix.

Skip ftp+SSL pytests for rustls, as we have no possibility to reuse
sessions in that backend.

Schannel: we do not run these tests with the backend. I expect it has
similar problems but am not able to verify.

Reported-by: Laurent Sabourin
Fixes #22225
Closes #22246
2026-07-02 17:39:04 +02:00
Daniel Stenberg
d3a7e57157
lib: add "Curl_" prefix to two global functions
To make it clear what they are and according to our styleguide.

- Curl_cf_ip_happy_insert_after
- Curl_ftp_conns_match

Found with:

$ nm lib/.libs/libcurl.a | grep ' T ' | grep -vi ' curl'

Closes #22245
2026-07-02 12:36:07 +02:00
Stefan Eissing
f497b25672
cf-setup: own source file
Move the setup filter into its own source file.

Move the main connect driving function, `Curl_conn_connect()`,
from cfilters.c to connect.c.

Closes #22022
2026-06-15 15:55:58 +02:00