subject:"\[issue19500\] Error when connecting to FTPS servers not supporting SSL session resuming"

[issue19500] Error when connecting to FTPS servers not supporting SSL session resuming

2016-09-04 Thread Christian Heimes


Christian Heimes added the comment:

Here is my take on the SSLSession feature. The patch provides a SSLSession 
type, SSLSocket.session getter/setter and SSLSocket.session_reused getter. The 
setter makes sure that the session can only set for client sockets from the 
same SSLContext and before handshake. Tests and documentation need some 
improvements.

https://github.com/tiran/cpython/commits/feature/openssl_session

--
Added file: http://bugs.python.org/file44362/SSLSession-support.patch

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue19500] Error when connecting to FTPS servers not supporting SSL session resuming

2015-10-09 Thread Alex Warhawk


Alex Warhawk added the comment:

Even after enabling client cache one still has to call SSL_set_session. See 
documentation of SSL_CTX_set_session_cache_mode point SSL_SESS_CACHE_CLIENT.

I started thinking about not exposing a SSL_SESSION object to the user but 
rather extending wrap_socket to take an already established socket as argument 
and use that socket's session object. This way I can ensure that both sockets 
share the same SSL context

I am not really convinced by this idea myself, what do you think about this? 
Any better ideas?

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue19500] Error when connecting to FTPS servers not supporting SSL session resuming

2015-10-08 Thread Alex Warhawk


Alex Warhawk added the comment:

Thanks for the heads up Christian I'll try enabling client session caching. If 
this does not work I'll try to adapt the patch to only allow session reusing 
within the same context.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue19500] Error when connecting to FTPS servers not supporting SSL session resuming

2015-10-08 Thread Christian Heimes


Christian Heimes added the comment:

Thanks for your patch. There might be a simpler way. By default a SSLContext 
only caches server sessions. You can enable client session caching with:

  SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_CLIENT)

This may be sufficient for FTP over TLS since both sockets are created from the 
same context.

 
The new patch has a flaw. With the new SSLSession object a user could attempt 
to reuse a SSLSession with a different SSLContext. That's going to break 
OpenSSL.

>From SSL_set_session(3)

NOTES
   SSL_SESSION objects keep internal link information about the session 
cache list, when being inserted into one SSL_CTX object's session cache.  One 
SSL_SESSION object, regardless of its reference count, must therefore only be 
used with one SSL_CTX object (and the SSL objects created from this SSL_CTX 
object).

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue19500] Error when connecting to FTPS servers not supporting SSL session resuming

2015-10-08 Thread Alex Warhawk


Alex Warhawk added the comment:

I have re-targeted the patch for 3.6. It is not a 1 to 1 port of the prior one, 
but quite similar.

--
Added file: 
http://bugs.python.org/file40716/implement_ssl_session_reuse_3.6.patch

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue19500] Error when connecting to FTPS servers not supporting SSL session resuming

2015-10-07 Thread Giampaolo Rodola'


Giampaolo Rodola' added the comment:

This is supposed to be a new feature hence the patch should be targeted against 
Python 3.6, definitively not 2.7.

--
versions: +Python 3.6 -Python 2.7, Python 3.4, Python 3.5

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue19500] Error when connecting to FTPS servers not supporting SSL session resuming

2015-10-07 Thread Alex Warhawk


Alex Warhawk added the comment:

Based on the proof-of-concept patch I submitted a few days ago I have built a 
more sophisticated patch. Please review it and let me know about necessary 
changes.

--
Added file: http://bugs.python.org/file40708/implement_ssl_session_reuse.patch

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue19500] Error when connecting to FTPS servers not supporting SSL session resuming

2015-10-03 Thread Alex Warhawk


Alex Warhawk added the comment:

I encountered this problem recently and could not find a fix, so i tried fixing 
it myself.

Note that the patch attached is my first contribution to cpython as well as the 
first time I used the C extension mechanism. Therefore I do not consider the 
patch polished enough to be just merged upstream.

Maybe it helps in solving this issue.

The attached patch is based on:
changeset:   79113:ec373d762213
branch:  2.7

--
keywords: +patch
nosy: +Alex Warhawk
Added file: http://bugs.python.org/file40666/reuse_session.diff

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue19500] Error when connecting to FTPS servers not supporting SSL session resuming

2014-08-10 Thread Antoine Pitrou


Changes by Antoine Pitrou :


--
versions: +Python 3.4

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue19500] Error when connecting to FTPS servers not supporting SSL session resuming

2014-08-08 Thread Mark Ribau


Mark Ribau added the comment:

Adding Python v2.7 as also exhibiting this behavior. 

Some people over on Stack Overflow have done some things to work around the 
issue via subclassing, but I'm not sure their solutions are "correct", so much 
as have useful side effects. (For example, when only the server has a key/cert 
and the client does not, how is that handled for reuse?)

http://stackoverflow.com/questions/12164470/python-ftp-tls-connection-issue

--
nosy: +Mark.Ribau
versions: +Python 2.7

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue19500] Error when connecting to FTPS servers not supporting SSL session resuming

2014-04-17 Thread Antoine Pitrou


Antoine Pitrou added the comment:

The RFC is unhelpfully lousy. It's not enough to process a "522" error, since 
that can be triggered for different reasons. You also somehow have to interpret 
the error text to detect that session reuse is indeed mandated by the server.

Regardless, to progress with this we would first need to implement client-side 
SSL session reuse, which necessitates a bunch of additional APIs (since which 
session is to be reused is a decision made by user code), and a new opaque type 
to carry SSL_SESSION objects...

(see issue #8106)

--
nosy: +christian.heimes, dstufft, janssen

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue19500] Error when connecting to FTPS servers not supporting SSL session resuming

2014-04-17 Thread Antoine Pitrou


Antoine Pitrou added the comment:

Yuck. Is there a public FTP server available somewhere with this "feature"?

--
nosy: +pitrou

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue19500] Error when connecting to FTPS servers not supporting SSL session resuming

2014-04-17 Thread Giampaolo Rodola'


Giampaolo Rodola' added the comment:

Interesting, I wasn't aware of this FTP(S) feature.
Unfortunately RFC-4217 really doesn't say much about how this should be done 
but it definitively looks like something worth having.
AFAIU this looks like something which should be implemented by servers though, 
not clients.

--
nosy: +giampaolo.rodola
versions:  -Python 2.7, Python 3.1, Python 3.2, Python 3.3, Python 3.4

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue19500] Error when connecting to FTPS servers not supporting SSL session resuming

2013-11-04 Thread Ye Wang


New submission from Ye Wang:

According to RFC4217 (Securing FTP with TLS, aka the FTPS spec), 

http://tools.ietf.org/html/rfc4217.html#section-10.2

"  It is reasonable for the server to insist that the data connection
   uses a TLS cached session.  This might be a cache of a previous data
   connection or of a cleared control connection.  If this is the reason
   for the refusal to allow the data transfer, then the '522' reply
   should indicate this.

   Note: This has an important impact on client design, but allows
   servers to minimize the cycles used during TLS negotiation by
   refusing to perform a full negotiation with a previously
   authenticated client."

It appears that vsftpd server implemented exactly that by enforcing the "SSL 
session reuse between the control and data connection".

http://scarybeastsecurity.blogspot.com/2009/02/vsftpd-210-released.html

Looking at the source of Python core library ftplib.py, there isn't any regard 
to the idea of SSL session reuse between data connection vs. control connection 
(correct me if I am wrong here. I've tried FTP_TLS.transfercmd(cmd[, rest])¶, 
didn't work). 

This issue is well documented on other FTP clients that supports FTPS, I.E. 
WinSCP: http://winscp.net/tracker/show_bug.cgi?id=668

See test log file attached. A vsftpd server with "require_ssl_reuse" set to 
true in vsftpd.conf would do the trick and can be reproduced.

--
components: Library (Lib)
files: ftplib-FTPS-bug.txt
messages: 202193
nosy: Ye.Wang
priority: normal
severity: normal
status: open
title: Error when connecting to FTPS servers not supporting SSL session resuming
type: behavior
versions: Python 2.7, Python 3.1, Python 3.2, Python 3.3, Python 3.4, Python 3.5
Added file: http://bugs.python.org/file32505/ftplib-FTPS-bug.txt

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue19500] Error when connecting to FTPS servers not supporting SSL session resuming

[issue19500] Error when connecting to FTPS servers not supporting SSL session resuming

[issue19500] Error when connecting to FTPS servers not supporting SSL session resuming

[issue19500] Error when connecting to FTPS servers not supporting SSL session resuming

[issue19500] Error when connecting to FTPS servers not supporting SSL session resuming

[issue19500] Error when connecting to FTPS servers not supporting SSL session resuming

[issue19500] Error when connecting to FTPS servers not supporting SSL session resuming

[issue19500] Error when connecting to FTPS servers not supporting SSL session resuming

[issue19500] Error when connecting to FTPS servers not supporting SSL session resuming

[issue19500] Error when connecting to FTPS servers not supporting SSL session resuming

[issue19500] Error when connecting to FTPS servers not supporting SSL session resuming

[issue19500] Error when connecting to FTPS servers not supporting SSL session resuming

[issue19500] Error when connecting to FTPS servers not supporting SSL session resuming

[issue19500] Error when connecting to FTPS servers not supporting SSL session resuming

14 matches

Site Navigation

Mail list logo

Footer information