Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix openssl session resumption, FTPS certificate validation vs hostname #4103

Merged
merged 1 commit into from
Nov 26, 2023
Merged

Fix openssl session resumption, FTPS certificate validation vs hostname #4103

merged 1 commit into from
Nov 26, 2023

Conversation

chrisbednarski
Copy link
Contributor

  • _socketIndex was uninitialised in SSLManager, which meant SSL_get_ex_data in SecureSocketImpl::onSessionCreated always returned NULL
    • session resumption was not working because of this
    • I considered adding CRYPTO_free_ex_index to the SSLManager destructor, but poco does not pass any callback pointers to SSL_get_ex_new_index, so there is no need to clear them
  • pass host name when attaching the secure socket stream
    • without this, the FTPS client tries to validate the certificate against the IP address of the server
  • add setQuietShutdown and ignoreUnexpectedEof functions to the openssl context
    • bidirectional shutdown on Microsoft FTPS upload connections is timing out. The quiet shutdown option marks the connection as closed and does not try to receive the close_notify alert (which was timing out)
    • bidirectional shutdown on filezilla FTPS connections works well (after the session resumption was fixed)

@chrisbednarski
Copy link
Contributor Author

I'm looking at the failing tests

@chrisbednarski chrisbednarski force-pushed the fix/session-resumption-331 branch 4 times, most recently from 3f5810c to cd3fca8 Compare August 1, 2023 23:55
@chrisbednarski
Copy link
Contributor Author

rebased

@aleks-f aleks-f added this to the Release 1.13.0 milestone Nov 26, 2023
@aleks-f aleks-f merged commit 388a3b4 into pocoproject:devel Nov 26, 2023
15 checks passed
aleks-f pushed a commit that referenced this pull request Nov 27, 2023
@chrisbednarski @aleks-f
fix openssl session resumption, add quiet shutdown option, support FT…
b962bfd 
…PS with hostname (#4103)
@aleks-f aleks-f mentioned this pull request Nov 27, 2023
Closed
matejk
matejk reviewed Dec 15, 2023
View reviewed changes
Copy link
Contributor

@matejk matejk left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

(ignore).

@milicat228 milicat228 mentioned this pull request Jan 29, 2024
Closed
matejk added a commit that referenced this pull request Jan 30, 2024
@matejk
fix(SSLManager): Fixed regression introduced in PR #4103, fixes #4421
e9c955e
@matejk matejk mentioned this pull request Jan 30, 2024
Merged
matejk added a commit that referenced this pull request Jan 31, 2024
@matejk
fix(SSLManager): Fixed regression introduced in PR #4103, fixes #4421
a8bcc37
matejk added a commit that referenced this pull request Jan 31, 2024
@matejk
fix(SSLManager): Fixed regression introduced in PR #4103, fixes #4421
db5a8a7
matejk added a commit that referenced this pull request Jan 31, 2024
@matejk
fix(SSLManager): Fixed regression introduced in PR #4103, fixes #4421
99906d5
aleks-f added a commit that referenced this pull request Feb 6, 2024
@aleks-f @obiltschnig
@matejk @jspricke @jackorobot @thebearon @andrewauclair
Release 1.13.1 (#4373)
6d17354 
* doc(ReleaseNotes): fix formatting, add PR links

* Incorporated Debian patches (#4380)

* Debian: Use null as device file as console might not be there

* Debian: Add GNU Hurd support

* Debian: Includes not available on Hurd

* Debian: Disable SHA2 test on platforms where it's broken

* Debian: Set POCO_NO_FPENVIRONMENT for armel

---------

Co-authored-by: Jochen Sprickerhof <git@jochen.sprickerhof.de>

* fix(UUID): UUID parser silently ignores too long strings #4375 (#4384)

* fix(Crypto): EVP_CIPHER_CTX_init is incorrectly defined in Envelope.cpp if it is not defined already by OpenSSL. Fixed to properly use EVP_CIPHER_CTX_reset.

* enh(ci): Add macos sanitizers job (#4313)

* enh(ci): macOS thread sanitizer

* enh(ci): macOS sanitize jobs for undefined and address.

* fix(test): lock std:cerr to prevent data race in TCP server tests (reported by clang thread sanitizer) #4313

* fix(test): Use 96-bit IV with aes-256-gcm to fix (#4347):

I/O error: error:1C800066:Provider routines::cipher operation failed

* mingw compile and link improvements (#4019) (#4391)

* fix(platform): MinGW Compile and link errors: undefined reference to `WinMain'

* fix(platform): MinGW compile UUID tests (conflicting UUID defined as GUID in rpcdce.h via windows.h)

* enh(DateTimeParser): option to cleanup input string before parsing (#569).

* fix(CppUnit): do not install #4398

* fix(DataTest): do not install #4398

* chore(SingleSocketPoller): spelling

* fix(MailMessage): Compare lowercase content disposition headers when reading parts (#3650).

* chore(cmake): CppUnit Foundation dependency documentation; fix indentation

* fix(SocketReactorTest): deadlock test intermittently hangs #4400

* gcc/clang (-fvisibility=hidden): corrections to compile and work properly (#4394)

* fix(ActiveRecord): missing ActiveRecordLib_API definitions for clang/gcc.

* fix(FPEnvironment): export FPEnvironmentImpl classes (#4393, #3331)

* fix(Crypto): export *Impl classes used from inlines (#4393, #3331)

* fix(Dynamic): explicitly instantiate and export Dynamic::Struct for string and int (-fvisibility=hidden) (#4393, #3331)

* fix(JSON): explicitly instantiate and export SharedPtr for JSON::Array and JSON::Object (-fvisibility=hidden) (#4393, #3331)

* enh(CMake): Set symbol visibility to hidden (#4393, #3331)

* enh(configure): user c++17 standard for iphone, Darwin and ARM-Linux.

* fix(UTF): explicitly instantiate and export 16 and 32-bit strings (-fvisibility=hidden) (#4393, #3331)

* fix(RecordSet): make Extraction.h internal and instantiate RecordsSet::column template functions only for supported types. (-fvisibility=hidden) (#4393, #3331)

* fix(UTF): fix explicitly instantiation on Windows (-fvisibility=hidden) (#4393, #3331)

* enh(CMake): Add github jobs for macOS with visibility set to hidden (#4393, #3331)

* fix(CppParser): Add missing declarations for CppParser_API (#4393, #3331)

* enh(CMake): Enable more options in github jobs for macOS with visibility set to hidden (#4393, #3331)

* fix(MongoDB): Add missing MongoDB_API (#4393, #3331)

* Implemented automated network library initialization for Windows MinGW targets (#4402)

* Implemented automated network library initialization for Windows MinGW/GCC targets

* Using POCO_COMPILER_MINGW instead of __GNUC__

---------

Co-authored-by: Jesse Hoogervorst <jesse@deltaxlab.com>

* fix(Thread_POSIX): qnx build error: 'prctl' was not declared in this scope #4404

* fix: NULL pointer strategy when setting rotation never #4411

Regression from 66e93f9.

* fix(progen): add LanguageStandard (stdcpp17, stdc11); regenerate vs170 projects

* Implement GetAdaptersAddresses API (#4419)

* Upgrade from GetAdaptersInfo to GetAdaptersAddresses API. The code has been swapped back to a buffer of bytes because the data structure built by GetAdaptersAddresses is a linked list and the returned size is not a multiple of the IP_ADAPTERS_ADDRESSES struct.

* Adding back Poco/UnWindows.h

* Undoing indents.

* test(ThreadPool): unit test for thread pool shutdown when no worker is running. (#2450)

* enh: #4216: use std::string literals

* enh: #3890: Get rid of SingletonHolder

* enh(File): Linux, macOS: microsecond precision for file times (create and modification time).

* enh(tests): Ability to enable/disable testing of deprecated functionality. (#4425)

* fix(SSLManager): Fixed regression introduced in PR #4103, fixes #4421

* fix(LogFile): Unify flushing behaviour of WIN32 and STD implementation (#2443)

* chore(buildwin): remove old vs versions from build and progen scripts; update documentation

* chore(buildwin): remove leftover closing curly

* enh(SQLite): SQLite FTS5 #4367

* Release 1.13.1: Update release notes, changelog, contributors, version files. (#4440)

* Update CONTRIBUTORS

* fix(CppParser): Documentation generation (some minor fixes, WiP) #4441

* feat(CppParser): C++11 attributes support

* feat(PocoDoc): C++11 attributes support

* chore(doc): Changelog and release notes formatting

* fix(CppParser): parsing of function template parameters and namespace imports

* fix: make headers parseable by CppParser/PocoDoc

* fix(PocoDoc): add -DPOCO_DOC

* fix(PocoDoc): postgres headers not found

* fix(PocoDoc): libpq include path

* fix(XML): #4443: Upgrade libexpat to 2.6.0

* doc: updated changelog

---------

Co-authored-by: Günter Obiltschnig <guenter.obiltschnig@appinf.com>
Co-authored-by: Matej Kenda <matejken@gmail.com>
Co-authored-by: Jochen Sprickerhof <git@jochen.sprickerhof.de>
Co-authored-by: Jesse Hoogervorst <hoogervorstjesse@gmail.com>
Co-authored-by: Jesse Hoogervorst <jesse@deltaxlab.com>
Co-authored-by: Aron Budea <aron.budea@collabora.com>
Co-authored-by: Andrew Auclair <andrewauclair@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@matejk matejk matejk left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
Release 1.13.0
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@chrisbednarski @matejk @aleks-f