delphi TIdFTP恢复数据连接的TLS会话

68de4m5k  于 2023-04-20  发布在  其他
关注(0)|答案(1)|浏览(174)

如何启用TIdFTP数据连接的TLS会话恢复?
我使用的是10.6.2.0 Delphi 11.2 Embarcadero® RAD Studio 11版本28.0.46141.0937附带的Indy www.example.com

编辑2023-04- 12 T06:41:35.496Z

implementation

uses
  IdFTP, IdSSLOpenSSL, IdExplicitTLSClientServerBase, IdFTPCommon;

procedure DoSomething;
var
  ftp: TIdFTP;
  ssl: TIdSSLIOHandlerSocketOpenSSL;
begin
  ftp := TIdFTP.Create;
  try
    ssl := TIdSSLIOHandlerSocketOpenSSL.Create(ftp);
    ssl.SSLOptions.SSLVersions := [sslvTLSv1_2];
    ftp.IOHandler := ssl;

    ftp.Host := 'myhost';
    ftp.Port := 21;
    ftp.Username := 'myuser';
    ftp.Password := 'mytopsecretpassword';
    ftp.Passive := true;
    ftp.UseTLS := utUseExplicitTLS;
    ftp.AUTHCmd := tAuthTLS;
    ftp.DataPortProtection := ftpdpsPrivate;

    ftp.Connect;

    if ftp.Connected then begin
      ftp.Put('C:\temp\test1.dat', 'test1.dat');
      ftp.Put('C:\temp\test2.dat', 'test2.dat');
    end;

    ftp.Disconnect;
  finally
    ftp.Free;
  end;
end;

我仍然得到消息:

---------------------------
Ftpssessionresumption
---------------------------
Unable to build data connection: TLS session of data connection not resumed.
---------------------------
OK   
---------------------------

这是FileZilla服务器的日志:

<Date> Info [Type] Message
<12-04-2023 08:35:05> FTP Session 1438 192.168.10.82 [Response] 220-FileZilla Server 1.6.7
<12-04-2023 08:35:05> FTP Session 1438 192.168.10.82 [Response] 220-Please visit https://filezilla-project.org/
<12-04-2023 08:35:05> FTP Session 1438 192.168.10.82 [Command] HOST myhost
<12-04-2023 08:35:05> FTP Session 1438 192.168.10.82 [Response] 500 Wrong command.
<12-04-2023 08:35:05> FTP Session 1438 192.168.10.82 [Command] AUTH TLS
<12-04-2023 08:35:05> FTP Session 1438 192.168.10.82 [Response] 234 Using authentication type TLS.
<12-04-2023 08:35:05> FTP Session 1438 192.168.10.82 [Command] USER myuser
<12-04-2023 08:35:05> FTP Session 1438 192.168.10.82 [Response] 331 Please, specify the password.
<12-04-2023 08:35:05> FTP Session 1438 192.168.10.82 [Command] PASS ****
<12-04-2023 08:35:05> FTP Session 1438 192.168.10.82 myuser [Response] 230 Login successful.
<12-04-2023 08:35:05> FTP Session 1438 192.168.10.82 myuser [Command] FEAT
<12-04-2023 08:35:05> FTP Session 1438 192.168.10.82 myuser [Response] 211-Features:
<12-04-2023 08:35:05> FTP Session 1438 192.168.10.82 myuser [Response] 211 End
<12-04-2023 08:35:05> FTP Session 1438 192.168.10.82 myuser [Command] OPTS UTF8 ON
<12-04-2023 08:35:05> FTP Session 1438 192.168.10.82 myuser [Response] 202 UTF8 mode is always enabled. No need to send this command
<12-04-2023 08:35:05> FTP Session 1438 192.168.10.82 myuser [Command] TYPE A
<12-04-2023 08:35:05> FTP Session 1438 192.168.10.82 myuser [Response] 200 Type set to A
<12-04-2023 08:35:05> FTP Session 1438 192.168.10.82 myuser [Command] SYST
<12-04-2023 08:35:05> FTP Session 1438 192.168.10.82 myuser [Response] 215 UNIX emulated by FileZilla.
<12-04-2023 08:35:05> FTP Session 1438 192.168.10.82 myuser [Command] TYPE A
<12-04-2023 08:35:05> FTP Session 1438 192.168.10.82 myuser [Response] 200 Type set to A
<12-04-2023 08:35:05> FTP Session 1438 192.168.10.82 myuser [Command] PBSZ 0
<12-04-2023 08:35:05> FTP Session 1438 192.168.10.82 myuser [Response] 200 PBSZ=0
<12-04-2023 08:35:05> FTP Session 1438 192.168.10.82 myuser [Command] PROT P
<12-04-2023 08:35:05> FTP Session 1438 192.168.10.82 myuser [Response] 200 Protection level set to P
<12-04-2023 08:35:05> FTP Session 1438 192.168.10.82 myuser [Command] PASV
<12-04-2023 08:35:05> FTP Session 1438 192.168.10.82 myuser [Response] 227 Entering Passive Mode (192,168,10,24,198,132)
<12-04-2023 08:35:05> FTP Session 1438 192.168.10.82 myuser [Command] STOR test1.dat
<12-04-2023 08:35:05> FTP Session 1438 192.168.10.82 myuser [Response] 150 About to start data transfer.
<12-04-2023 08:35:05> FTP Session 1438 192.168.10.82 myuser [Error] TLS session of data connection not resumed.
<12-04-2023 08:35:05> FTP Session 1438 192.168.10.82 myuser [Response] 425 Unable to build data connection: TLS session of data connection not resumed.
<12-04-2023 08:35:13> FTP Server [Status] Session 1438 ended gracefully.
delphi

1条答案

按热度按时间
jum4pzuy

jum4pzuy1#

Indy目前不支持恢复TLS会话(参见this ticket)。
但是,如果:

  • 命令连接受TLS保护
  • 并且TIdFTP.DataPortProtection被设置为ftpdpsPrivate
  • TIdFTP.PassiveTrue(但不是False!)

然后TIdSSLIOHandlerSocketOpenSSL * 应该 * 将命令连接的TLS会话ID复制到每个新的数据连接TLS会话中。这是Indy最接近恢复会话的方法。
如果您想尝试手动启用会话重用,您可以使用TIdFTP.OnDataChannelCreateTIdFTP.OnDataChannelDestroy事件来访问当前数据连接的TIdSSLIOHandlerSocketOpenSSL对象。您必须调用相关的OpenSSL会话API来从旧数据连接获取会话ID并将其应用于新数据连接。
您可以使用SSL_SESSION_get_id()获取TLS会话的当前ID(由TIdSSLIOHandlerSocketOpenSSL.SSLSocket.GetSessionID() Package )。然而,TIdSSLIOHandlerSocketOpenSSL仅支持OpenSSL 1.0.2,但SSL_SESSION_set1_id()直到OpenSSL 1.1.0才添加。上面的场景使用SSL_copy_session_id()将会话ID从一个TLS会话复制到另一个TLS会话,因此,将会话ID从一个数据连接复制到另一个数据连接将不起作用,因为一次只有一个数据连接是活动。

赞(0)分享  回复(0)举报  2023-04-20
我来回答

相关问题

    查看更多

    热门标签

    更多
    JavaquerypythonNode开发语言requestUtil数据库Table后端算法LoggerMessageElementParser

    最新问答

    更多
    • 蜀ICP备13028337号-1 大数据知识库 https://www.saoniuhuo.com © All rights reserved
    • 本站内容来源互联网,如果侵犯您的权益请联系我们删除, 联系方式:448109455@qq.com