SFTP client using openssl


#1

Hello,

I’m trying to add support for SFTP and I’m using openssl crate for the purpose. I’m not an openssl professional and that is my first usage of it. Can anyone advice me how to properly establish secure TCP connection? I implemented something already :slight_smile: but when I try to connect to a SFTP server I get error “An error in the OpenSSL library: unknown protocol”. The error happens when I try to wrap TcpStream into SslStream.

Here is the function which connects to SFTP.

pub fn secure_connect<A: ToSocketAddrs>(addr: A) -> Result<FtpStream> {
    match TcpStream::connect(addr) {
        Ok(stream) => {
            // Initialize SSL instance
            let context = match SslContext::new(SslMethod::Sslv23) {
                Ok(ctx) => ctx,
                Err(e) => return Err(Error::new(ErrorKind::Other, e))
            };

            let ssl = match Ssl::new(&context) {
                Ok(ssl) => ssl,
                Err(e) => return Err(Error::new(ErrorKind::Other, e))
            };

            // Make the opened stream secured
            let stream = match SslStream::connect(ssl, stream) {
                Ok(stream) => stream,
                Err(e) => return Err(Error::new(ErrorKind::Other, e))
            };

            let mut ftp_stream = FtpStream {
                reader: BufReader::new(DataStream::Ssl(stream)),
            };

            try!(ftp_stream.read_response(status::READY));
            Ok(ftp_stream)
        },
        Err(e) => Err(e)
    }
}

The complete code is on github, lines 50-79.

Thank you for any info.


#2

An SFTP server is an SSH server, which talks neither SSL nor FTP.


#3

@gkoz is correct. Luckily, there are libssh2 bindings for Rust as well.


#4

Oh! Thank you. Will try.


#5

I messed with protocol names. The protocol I need is FTPS. Sorry.


#6

You don’t say which port you’re connecting to. Most FTP servers these days use explicit TLS on port 21 using the STARTTLS command. You will first need to talk the FTP protocol to issue the STARTTLS command and only after that can you talk TLS. You can test whether the server supports it like so:

openssl s_client -starttls ftp -connect ftp_server:port

#7

Yes, thank you. I found that info already. The topic is resolved.