FTP servers using SSL can be configured to check TLS session reuse on
the DATA connection. They hand out a new session on every CONTROL
connect and require to see the client using exactly that one when
up-/downloading on DATA.
This means:
1. We have to configure the SSL filter on the DATA connection with
exactly the same peers.
2. We have to remember the SSL session on the CONTROL connection -
separately from the session cache. The SSL filter on the DATA
connection then looks for a session at the CONTROL filter and, if
present, uses that.
Tests:
Enable `require_ssl_reuse` in our pytest setup for vsftpd. This
reproduces the problem reported in #22225 and verifies the fix.
Skip ftp+SSL pytests for rustls, as we have no possibility to reuse
sessions in that backend.
Schannel: we do not run these tests with the backend. I expect it has
similar problems but am not able to verify.
Reported-by: Laurent Sabourin
Fixes#22225Closes#22246
To make it clear what they are and according to our styleguide.
- Curl_cf_ip_happy_insert_after
- Curl_ftp_conns_match
Found with:
$ nm lib/.libs/libcurl.a | grep ' T ' | grep -vi ' curl'
Closes#22245
Move the setup filter into its own source file.
Move the main connect driving function, `Curl_conn_connect()`,
from cfilters.c to connect.c.
Closes#22022