New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
FTP & SSL session reuse #9348
Labels
Comments
Could you list your ftp server's command logs ? |
Sorry, I have no access to ftp server's logs. |
I received a private reproducer from another person yesterday with the exact same issue. |
nielsdos
added a commit
to nielsdos/php-src
that referenced
this issue
Dec 2, 2023
The issue referenced here doesn't contain a reproducer, but I recently received an email of a user with the exact same problem. I was able to recreate the scenario locally using vsftpd and setting `require_ssl_reuse=YES` in the vsftpd configuration. It turns out that our session resumption code is broken. It only works a single time: the first time a data connection opens. Subsequent data connections fail to reuse the session. This is because on every data connection a new session is negotiated, but the current code always tries to reuse the (stale) session of the control connection. To fix this, we use SSL_CTX_sess_set_new_cb() to setup a callback that gets called every time a new session is negotiated. We take a strong reference using SSL_get1_session() and store it in the ftpbuf_t struct. Every time we open a data connection we'll take that session. This works because every control connection has at most a single associated data connection. Also disable internal session caching storage to not fill the cache up with useless sessions. There is no phpt for this because PHP does not support enforcing SSL session reuse. It is however testable manually by setting up vsftpd and setting the `require_ssl_reuse=YES` function from before.
nielsdos
added a commit
that referenced
this issue
Dec 2, 2023
* PHP-8.2: Fix GH-9348: FTP & SSL session reuse
nielsdos
added a commit
that referenced
this issue
Dec 2, 2023
* PHP-8.3: Fix GH-9348: FTP & SSL session reuse
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description
Hello,
FTP/SSL data connection fails after first data transfer, it results to error "425 Unable to build data connection: Operation not permitted".
The following code:
Resulted in this output:
But I expected this output instead:
If I change code and try upload a file:
It prints error
425 Unable to build data connection: Operation not permitted
.Links:
PHP Version
PHP 8.1.8 & all version from PHP 5.6
Operating System
Ubuntu 20.04
The text was updated successfully, but these errors were encountered: