Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • 18:42
    uros-ahacic edited #434
  • 18:35
    uros-ahacic opened #434
  • Oct 02 15:39
    JohnnyMarauder closed #433
  • Oct 02 15:39
    JohnnyMarauder commented #433
  • Oct 02 14:31
    JohnnyMarauder commented #433
  • Oct 02 14:30
    JohnnyMarauder edited #433
  • Oct 02 14:29
    JohnnyMarauder edited #433
  • Oct 02 14:29
    JohnnyMarauder opened #433
  • Oct 01 01:00

    rlebeau on master

    Renaming CleanDDelete.cmd to Cl… (compare)

  • Oct 01 00:55

    rlebeau on master

    Renaming cleanup scripts to bet… (compare)

  • Sep 30 22:15

    rlebeau on master

    compiled the updated Computil (… batch files to delete default I… Merge branch 'master' of github… and 6 more (compare)

  • Sep 30 22:15
    rlebeau closed #424
  • Sep 30 18:37
    corneliusdavid synchronize #424
  • Sep 30 18:34
    corneliusdavid synchronize #424
  • Sep 19 16:51
    rlebeau commented #192
  • Sep 19 16:50
    rlebeau commented #192
  • Sep 19 16:50
    rlebeau commented #192
  • Sep 19 16:50
    rlebeau commented #192
  • Sep 19 16:49
    marcin-bury commented #192
  • Sep 19 16:47
    rlebeau commented #192
Walter Prins
@ByteJuggler
@marbles99 For what it's worth, I seem to remember that, back in the day we were faced with the upgrade from Indy9 to Indy10 it turned out to be slightly less hassle than initially anticipated -- it initially seemed like a lot of work because the breakages seemed bigger than they turned out to be in the end. (Again it's been a while, and obviously YMMV, I have no idea how complicated your dependencies are...)
@marbles99 (Just to caveat about the SSL lib stuff -- memory's quite vague so I have a feeling I might be mixing this up with something else, perhaps some kind of libsvn thing from the past...)
marbles99
@marbles99
@ByteJuggler Thanks for the quick replies. And for the link to the builds for the SSL libraries. I will take a look at that later today and see if I can see what we need. I am not sure if it will fix the Indy 9 issue as I have used the various versions available from Fulgan which appear to be the 'Indy versions' and there seems to be a point in the library version history where they no longer work with Indy 9 (won't load) but even the latest version there that will load won't connect to out web platform since they removed the cipher. And definitely a good idea to rename all the library DLLs ;) We use them quite extensively for communicating with carrier APIs, Amazon, Web shop platform etc and I wouldn't want to break something that isn't currently broken (except the web platform). I may clone my hard drive this evening and that will give me something easy to go back to. Haven't heard of voidtools, I will take a look. Thanks for your help - appreciated.
Walter Prins
@ByteJuggler
Yes, just to be clear: I'm not suggesting that those builds will work with Indy9 -- Indy9 requires its own special build as it made changes to the libs. Indy10 should work without problems however.
marbles99
@marbles99
Okay, thanks :) Hopefully, at least, it might cure that 'Ordinal not found' issue when I try to connect using SSL in Indy 10 in Seattle.
Walter Prins
@ByteJuggler
Yes... fingers crossed I'm not spouting you know what.
Everything (voidtools): https://www.voidtools.com/ (Can't live without it ;) )
marbles99
@marbles99
Thanks - I will download it now along with Wireshark. Always good to get recommendation for tools that others find useful. Many thanks.
Remy Lebeau
@rlebeau
Indy does not import OpenSSL DLL functions by ordinal, it imports by name, and even then it imports dynamically at run-time, not statically and link-time. My guess is that you are using OpenSSL DLLs that are incompatible with each other, rather than with Indy. In any case, OpenSSL DLLs that are known to work with Indy 10 are available at http://indy.fulgan.com/SSL/ and the DLLs that are compatible with Indy 9 are at http://indy.fulgan.com/SSL/Archive/ (the ones prefixed with "indy_")
marbles99
@marbles99
Hi Remy. That is the really odd thing. I was aware of the Fulgan site and that is the only place I get the SSL libraries from. I had downloaded the latest and that is what I have put into the EXE directory (I redownloaded and recopied again this morning). The version I am using is 1.0.2j. The test program is incredibly simple, just calling an HTTPS to the API using GET. This is using Seattle and Indy 10 with a TIdHTTP and TIdSSLIOHandlerSocketOpenSSL. When I compile and run, it stops at the HTTP GET with the "ordinal 4430 could not be located" error. So I don't know what is happening here. It couldn't be simpler really. A simple GET with HTTPS and hopefully the correct SSL libraries, but something is stopping the SSL loading.
marbles99
@marbles99
This is the line that is throwing the exception (in TIdTCPClientCustom.Connect in IdTCPClient):
blob
These are the SSL options I have set:
blob
marbles99
@marbles99
Actually, going deeper, it's here it fails which I guess is where you would expect if it is going to?
blob
GIdOpenSSLPath is '' and SSL_DLL_name='ssleay32.dll'
Remy Lebeau
@rlebeau
Again, that goes back to my earlier statement that you likely have mismatching DLLs. When ssleay32 is loaded, it has dependencies on other DLLs, and if those can't be loaded than ssleay32 fails to load.
Remy Lebeau
@rlebeau
AFAIK, the latest DLLs work with the latest version of Indy, so make sure you are using DLLs that are packages together
marbles99
@marbles99
Definitely using the same DLLs from the same ZIP, extracted into the EXE directory.
Jeroen Wiert Pluimers
@jpluimers
From a TIdSocketHandle or TIdSocketHandle: is it possible to see who has initiated the connection? i.e. if it's Binding.Peer that initiated to Binding.IP or the other way around?
Remy Lebeau
@rlebeau
@jpluimers A socket is bidirectional, it doesn't know or care which direction the connection was initially established. You will have to keep track of that yourself based on whether the socket is coming from a client component or a server component.
Jeroen Wiert Pluimers
@jpluimers
I was afraid so. No problem: thanks for confirming.
Walter Prins
@ByteJuggler

With apologies in advance for the lengthy post, I'm hoping someone more immediately familiar with the ins and outs of Indy and how its used by Datasnap can point me in the right direction.

I'm trying to make a Datasnap server serve a file with RESUME support. Just making it serve a file is relatively trivial obviously, just add a TDSHttpServiceFileDispatcher component and attach to the TDSHTTPService. However the default service does not appear to support "RESUME" as pausing and resuming a download with (for example) the "DownThemAll" Firefox downloader in fact restarts the download.

In this context, I've found the following post by Remy on SO: http://stackoverflow.com/questions/21494524/indy-http-server-with-resume-support which implies that, at least for Indy, this is the default behaviour and that to support RESUME one has to intercept the GET request and interpose a TIdHTTPRangeStream object if ARequestInfo.Ranges.Count > 0.

Now as Datasnap is based internally on Indy, I'm hoping that I might apply the same approach but it's not entirely clear what the most appropriate place to do so is, as Datasnap abstracts away Indy as an implementation detail in many places and as a result the Indy "Ranges" property is not always available. when you seemingly want/need it.

Based on tracing the Datasnap code my current plan was to patch unit Datasnap.DSHTTP, method TIndyDispatchFileRequest.SetContentStream(AStream: TStream) on line 1555 to essentially do as suggested in the SO post. However the FRRequestInfo object present inside TIndyDispatchFileRequest at that point is not in fact the TIdHTTPRequestObject (that has a Ranges member), and it's not immediately obvious how one might get at it, so I'm wondering whether this is fundamentally perhaps the wrong place/way to tackle this problem.

Question: What is the right approach to tackle this problem? (One other thought I had was to patch IdCustomHTTPServer.DoCommandGet to interrogate the ARequestInfo and AResponseInfo after calling FOnCommandGet...)

(To add: Eventually I'd like to implement a file download using resume support in a Delphi client, as outlined in the following SO question: http://stackoverflow.com/questions/2963246/download-pause-and-resume-an-download-using-indy-components)

Walter Prins
@ByteJuggler
(Using Delphi 10 Seattle)
Remy Lebeau
@rlebeau
@ByteJuggler DataSnap may use Indy internally, but it is not based on Indy. In fact, in recent Delphi versions, Embarcadero has been slowly moving away from Indy in their technologies, like DataSnap, towards their own custom platform-native solutions. That being said, I don't know or use DataSnap, so I could be missing something, but since Indy is being used behind an abstraction layer, I don't see a way to get direct access to Indy's Request/Response objects from DataSnap's wrappers.
Remy Lebeau
@rlebeau
@ByteJuggler looking into it deeper, I just now found that DataSnap's TDSHTTPResponseIndy class has a public ResponseInfo property that is an IPPeerAPI.IIPHTTPResponseInfo interface, which has a public GetObject() method. DataSnap's IPPeerServer.TIdHTTPResponseInfoPeer class implements IIPHTTPResponseInfo, where its GetObject() implementation returns Indy's TIdHTTPResponseInfo object from TIdHTTPServer. But TIdHTTPResponseInfoPeer is a private class in the IPPeerServer unit's implementation section, so you can't access it. But if you manually declare an equivilent class in your own code, you might get away with a type-cast hack to access the Indy object.
Ludwig Behm
@lbehm
I basically intercepted in DoCommandGet and stored the TIdHTTPRequestInfo and TIdHTTPResponseInfo in a __thread local variable, which I can use in my DS ServerMethods
Ludwig Behm
@lbehm
I wrote a replacement for TIdHTTPWebBrokerBridge, removed the WebModule, implemented my own FileDispatcher (based on Indy infrastructure not embarcaderos inet*.bpl) and handle DataSnap related requests to TDSRESTWebDispatcher::DispatchRequest manually
at least serving static files is quite a bit faster now ;)
Jeroen Wiert Pluimers
@jpluimers
Interesting. Is the code public?
Ludwig Behm
@lbehm
@jpluimers If you mean my code, no, not yet
Jeroen Wiert Pluimers
@jpluimers
Let us know if/when.
Mauro Botta
@maurobotta
@rlebeau Hi Remy, Have you any update for TLS 1.2 support of Indy ?

from EMB forum : https://forums.embarcadero.com/thread.jspa?messageID=870089&#870089

Apple will require TLS v 1.2 from 1 Jan 2017, Delphi don't support it ( DataSnap - App ), are there any workaround ?
I need that DataSnap TCP mode ( standalone .exe server ) support TLS 1.2 on Berlin Update 2
Remy thank you for Indy support, Are there any update for it ?

Any link:

https://techcrunch.com/2016/06/14/apple-will-require-https-connections-for-ios-apps-by-the-end-of-2016/
https://plus.google.com/103013776067604117964/posts/b3Si46bjnwA
https://indy.fulgan.com/indy10.changelog.txt

Ludwig Behm
@lbehm
@maurobotta Are we talking about HTTPS? If so, it should be possible.
I don't know about Delphi, but in C++ (Berlin Update1) I simply set ((TIdServerIOHandlerSSLOpenSSL*) Server->IOHandler)->SSLOptions->SSLVersions = TIdSSLVersions(32);
Ohh do you mean direct TCP-Socket-Connections on port 211? I think Apple only cares about HTTPS. So you should be fine
Remy Lebeau
@rlebeau
@maurobotta Indy has supported TLS 1.2 for awhile now. If Embarcadero does not use TLS 1.2 in DataSnap, that is on them.
@devimplode SSLVersions = TIdSSLVersions(32); is not good syntax to use, it is dependant on an implementation detail of how Sets are laid out in memory. You should use SSLVersions = TIdSSLVersions() << sslvTLSv1_2; instead
Ludwig Behm
@lbehm
@rlebeau I tried that... (yes I read the manual =D ) but didn't get it to work. Does my attempt create problems in the memory?
Remy Lebeau
@rlebeau
@devimplode the syntax I showed works fine. Your type-cast will technically work, no problem with memory, but it isn't very readable or well known. I didn't even know Set had a constructor like that until I just now looked at it.
Ludwig Behm
@lbehm
@rlebeau thanks for the infos!^^ The goal was to make it configurable. My result:
_SSLProtocols_ = 0;
TStringList *protoList = new TStringList('"', ':');
protoList->DelimitedText = "tlsv1:tlsv1_1:tlsv1_2";
if (protoList->IndexOf("ssl2") >= 0)
    _SSLProtocols_ = _SSLProtocols_ | 1 /*((int)Idsslopenssl::TIdSSLVersion::sslvSSLv2)*/;
if (protoList->IndexOf("ssl3") >= 0)
    _SSLProtocols_ = _SSLProtocols_ | 2 /*((int)Idsslopenssl::TIdSSLVersion::sslvSSLv3)*/;
if (protoList->IndexOf("tlsv1") >= 0)
    _SSLProtocols_ = _SSLProtocols_ | 8 /*((int)Idsslopenssl::TIdSSLVersion::sslvTLSv1)*/;
if (protoList->IndexOf("tlsv1_1") >= 0)
    _SSLProtocols_ = _SSLProtocols_ | 16 /*((int)Idsslopenssl::TIdSSLVersion::sslvTLSv1_1)*/;
if (protoList->IndexOf("tlsv1_2") >= 0)
    _SSLProtocols_ = _SSLProtocols_ | 32 /*((int)Idsslopenssl::TIdSSLVersion::sslvTLSv1_2)*/;

SSLHandler->SSLOptions->SSLVersions = TIdSSLVersions(_SSLProtocols_);
Remy Lebeau
@rlebeau
This is the intended way to use it:
TIdSSLVersions _SSLProtocols_;
...
_SSLProtocols_ = TIdSSLVersions();
TStringList *protoList = new TStringList('"', ':');
protoList->DelimitedText = "tlsv1:tlsv1_1:tlsv1_2";
if (protoList->IndexOf("ssl2") != -1)
    _SSLProtocols_ << sslvSSLv2;
if (protoList->IndexOf("ssl3") != -1)
    _SSLProtocols_ << sslvSSLv3;
if (protoList->IndexOf("tlsv1") != -1)
    _SSLProtocols_ << sslvTLSv1;
if (protoList->IndexOf("tlsv1_1") != -1)
    _SSLProtocols_ << sslvTLSv1_1;
if (protoList->IndexOf("tlsv1_2") != -1)
    _SSLProtocols_ << sslvTLSv1_2;

SSLHandler->SSLOptions->SSLVersions = _SSLProtocols_;
Ludwig Behm
@lbehm
yep, it works now - thank you @rlebeau !
Ludwig Behm
@lbehm
when we're talking about ssl... how hard would it be to implement ocsp stapling? =)
Remy Lebeau
@rlebeau
@devimplode never heard of it
Jeroen Wiert Pluimers
@jpluimers
@rlebeau https://en.wikipedia.org/wiki/OCSP_stapling a mechanism for checking the revocation of certificates.
Ludwig Behm
@lbehm
@rlebeau OCSP is the replacement for CRL. The basic concept is that the user-agent looks in the certificate definition, finds a OCSP server address, and asks them if the certificate is still valid.
Now we have the problem, that these OCSP servers haven't that great uptime. Here comes OCSP Stapling to the rescue: It's basically a TLS extension in the HTTPS connection. The HTTPS web server checks it's certificates for an OCSP server. If found, then he, the web server, asks the OCSP server every now and then for the validity of the certificate (signed with a timestamp from the CA), and passes it to the user-agent when a connection is established.
If everything works well the user-agents finds that signed OCSP-response and doesn't have to query and wait for a response from a hard-to-reach 3rd party.
Btw: It also improves user privacy - the 3rd party (CA/OCSP server) can't see anymore which server is browsed.
Ludwig Behm
@lbehm
I already looked at some implementations in nginx and openssl s_server.... and gave up - that's just very strange stuff in openssl...
Remy Lebeau
@rlebeau
@devimplode Indy does not currently support OCSP stapling, but it might be doable, at least client-side: http://stackoverflow.com/a/11591672/65863