I'm trying to create a simple FTP/FTPS client implementation in C++ using OpenSSL. I've managed it to work with plain FTP using BIO API. Now the question is: once I have an insecure connection and BIO object, how can I upgrade the connection to use encryption? The connection works in plain FTP until AUTH TLS command is sent, and at that point TLS/SSL session should be negotiated. There is the BIO_new_ssl_connect function, but AFAIK, instead of reusing the existing connection, it creates a new connection.
I'm following this tutorial: https://www.ibm.com/developerworks/linux/library/l-openssl/index.html
Check BIO_new_ssl_connect source code:
BIO *BIO_new_ssl_connect(SSL_CTX *ctx)
{
#ifndef OPENSSL_NO_SOCK
BIO *ret = NULL, *con = NULL, *ssl = NULL;
if ((con = BIO_new(BIO_s_connect())) == NULL)
return (NULL);
if ((ssl = BIO_new_ssl(ctx, 1)) == NULL)
goto err;
if ((ret = BIO_push(ssl, con)) == NULL)
goto err;
return (ret);
err:
BIO_free(con);
#endif
return (NULL);
}
And do the same, just skip the BIO_s_connect.