Implementing two TLS sessions for an FTPS client

I’m attempting to add a FTPS client to a data logging product currently using mbedtls 2.28.1. Secure comm with other services (AWS MQTT, https get/put, and email) has been working fine for two years or so. Unsecured FTP with the FTP server also works as expected. The example SSL programs in the release don’t cover this use case, and I haven’t found the correct incantation from reading function notes in ssl.h.

– The TLS negotiation for the FTP port 21 control connection succeeds and client/server message exchange works as expected.

– When the server returns an IP address/port in response to a PASV command, the client calls connect() to the specified addr/port and the control connection issues STOR.

From this point things are questionable:

– The current session is saved with mbedtls_ssl_session_save().

– Another mbedtls_ssl_context is allocated for transmission of file data. mbedtls_ssl_setup() is called with pointers to the existing config and new context.

– mbedtls_ssl_handshake() is called using a pointer to new context. The handshake succeeds and file data are successfully sent.

– To resume the control connection, I’ve coded multiple sequences using session reset, load and set of the saved session, plus handshake or mbedtls_ssl_renegotiate() calls. All of which fail at some point.

Can anyone please outline what’s required to resume the control connection, or point out any issues in the sequence opening the data connection?

Many thanks in advance!