SFTP client using openssl

workanator · April 6, 2016, 5:52pm

Hello,

I'm trying to add support for SFTP and I'm using openssl crate for the purpose. I'm not an openssl professional and that is my first usage of it. Can anyone advice me how to properly establish secure TCP connection? I implemented something already but when I try to connect to a SFTP server I get error "An error in the OpenSSL library: unknown protocol". The error happens when I try to wrap TcpStream into SslStream.

Here is the function which connects to SFTP.

pub fn secure_connect<A: ToSocketAddrs>(addr: A) -> Result<FtpStream> {
    match TcpStream::connect(addr) {
        Ok(stream) => {
            // Initialize SSL instance
            let context = match SslContext::new(SslMethod::Sslv23) {
                Ok(ctx) => ctx,
                Err(e) => return Err(Error::new(ErrorKind::Other, e))
            };

            let ssl = match Ssl::new(&context) {
                Ok(ssl) => ssl,
                Err(e) => return Err(Error::new(ErrorKind::Other, e))
            };

            // Make the opened stream secured
            let stream = match SslStream::connect(ssl, stream) {
                Ok(stream) => stream,
                Err(e) => return Err(Error::new(ErrorKind::Other, e))
            };

            let mut ftp_stream = FtpStream {
                reader: BufReader::new(DataStream::Ssl(stream)),
            };

            try!(ftp_stream.read_response(status::READY));
            Ok(ftp_stream)
        },
        Err(e) => Err(e)
    }
}

The complete code is on github, lines 50-79.

Thank you for any info.

gkoz · April 6, 2016, 11:45pm

An SFTP server is an SSH server, which talks neither SSL nor FTP.

jethrogb · April 7, 2016, 12:01am

@gkoz is correct. Luckily, there are libssh2 bindings for Rust as well.

workanator · April 7, 2016, 4:40am

Oh! Thank you. Will try.

workanator · April 7, 2016, 6:10am

I messed with protocol names. The protocol I need is FTPS. Sorry.

jethrogb · April 11, 2016, 5:48pm

You don't say which port you're connecting to. Most FTP servers these days use explicit TLS on port 21 using the STARTTLS command. You will first need to talk the FTP protocol to issue the STARTTLS command and only after that can you talk TLS. You can test whether the server supports it like so:

openssl s_client -starttls ftp -connect ftp_server:port

workanator · April 11, 2016, 6:05pm

Yes, thank you. I found that info already. The topic is resolved.

Topic		Replies	Views
"ssl::SslStream::connect" -- "no associated item named `connect` " help	6	990	January 12, 2023
Writing a file (with contents) to an sftp server help	9	1176	July 12, 2023
More elegant way to call "generic" methods on a struct? help	7	436	July 11, 2023
Strange behaviour of async SFTP help	4	1446	December 19, 2021
Https server example	2	4407	January 12, 2023

SFTP client using openssl

Related topics