Your browser does not have JavaScript enabled. JavaScript is used to enhance both BitLeap’s website and our Customer Control Panel. You may not be able to use all the functions of our website properly with JavaScript disabled. Sorry for any inconvenience this may have caused.

Loading Data...

Mending PHP Sockets with OpenSSL

Recently I began working on an FTP server that will allow our clients the ability to restore files from any date and time previously backed up with our software. Currently we offer an FTP server at the local LeapServ with the same capabilities. However, it was desirable to offer an FTP service to our clients that would be accessible from anywhere in the world, to restore a large number of files in a disaster scenario. FTP however is initially an insecure protocol (following RFC 959), more recent extensions to the FTP protocol (RFC 2228, RFC 4217) provide guidelines to heavily secure the FTP protocol.

The backbone of most of our software is implemented in PHP which poses a bit of a dilemma with the aims of creating an FTP server secured using SSL/TLS. PHP currently supports some OpenSSL functionality, but nothing along the lines of using the library with a socket. Currently to keep our off-site data transmissions highly secure we implement our own handshake, key exchange, and use robust encryption libraries. However using our own proprietary encryption back end in this situation would destroy the ability for any FTP client to exchange information with the FTPS server.

The ZEND engine is the backbone of the PHP language and provides the ability for modules to be developed that can extend the functionality of the PHP language. The solution to the PHP/SSL dilemma was to develop an intermediate C library layer that would handle tasks such as creating SSL contexts, binding a socket to an SSL object, reading, and writing to an abstract SSL Socket. Above this layer is our own PHP module that wraps the intermediate C library, and provides the gateway for our software to access our own extended functionality to PHP.

The next hurdle was to mend the layer between PHP sockets and the new functionality of our PHP module. Fortunately, the ZEND engine provides an interface to discover information about other modules that have been loaded/compiled into PHP. The information obtained about a module can then used to fetch a particular resource type, which allows our PHP module to inter operate with the current implementation of sockets in PHP. The ability to work with the socket implementation PHP provides allowed us to mend PHP sockets, the OpenSSL library, and our own backend C library together to provide a robust framework for developing PHP applications that can use the SSL/TLS functionality over a socket.

The new FTPS server has recently been completed and is under a period of testing before deployment in the near future.

This entry was written by Seth Thielemann and posted on June 29, 2007 at 9:36 am and tagged with challenges, feature, ftp, php, ssl. Bookmark the permalink. Follow any comments here with the RSS feed for this post. Post a comment or leave a trackback: Trackback URL.

Post a Comment

Your email is never published nor shared. Required fields are marked *
*
*

 

BitLeap Devblog

Welcome to the BitLeap developer blog! Some posts are longer than others, but they all seem to make use of links and code and stuff. Feel free to read, or not to read, as you so desire and prefer.