Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • May 18 15:34
    rlebeau labeled #192
  • May 18 15:34
    rlebeau labeled #192
  • May 17 18:54
    BretBordwell commented #192
  • May 17 11:00
    PizzaProgram commented #412
  • May 17 10:58
    PizzaProgram synchronize #412
  • May 17 10:52
    PizzaProgram synchronize #412
  • May 17 10:50
    PizzaProgram synchronize #412
  • May 17 10:17
    PizzaProgram synchronize #412
  • May 16 18:32
    rlebeau commented #412
  • May 15 16:24
    PizzaProgram opened #412
  • May 11 17:53

    rlebeau on master

    upgraded Delphi XE projects by … added Delphi XE project group Merge pull request #411 from co… (compare)

  • May 11 17:53
    rlebeau closed #411
  • May 11 17:53
    rlebeau labeled #411
  • May 11 17:53
    rlebeau labeled #411
  • May 10 19:33
    corneliusdavid opened #411
  • May 06 21:08
    rlebeau labeled #410
  • May 06 21:08
    rlebeau labeled #410
  • May 06 21:08
    rlebeau opened #410
  • Apr 27 06:41
    lloydbates closed #408
  • Apr 27 06:41
    lloydbates commented #408
Kudzu
@czhower
You likely have old copies of indy or more than one version lying around. you need to search and destroy them.
Remy Lebeau
@rlebeau
@PaulRedkite did you first remove the Indy version that ships pre-installed in the IDE?
@semusta http://indyproject.org/Sockets/Docs/index.aspx, though some of it is a bit dated. There is nothing specific to C++Builder, though. Indy works the same in Delphi and C++, it is just a matter of the different code syntax between the two languages.
souch
@souch
Hi, I think I found a small bug in indy. As I don't know were to send it, I put it here directly. When using Indy on Android with delphi seattle, timeout seems buggy : I think the problem lies here : IdGlobal.Ticks64 function never initialize the "tv" struct as gettimeofday is not called (neither USE_BASEUNIX nor KYLIXCOMPAT is defined).
Remy Lebeau
@rlebeau
Doed Android provide gettimeofday() or clock_gettime()? Are either available in Delphi on Android?
Remy Lebeau
@rlebeau
Android runs on top of Linux, so I wonder if enabling {$DEFINE USE_clock_gettime} at the top of the implementation section of IdGlobal.pas would work when {$IFDEF ANDROID} is true
Hugo Luiz Cruz
@hugoluiz
Hi All, I'm trying install the last Indy10 version on Delphi Berlin but when I try to compile I am getting this message: [Fatal Error] Cannot compile package 'IndySystem240' which is currently required by Delphi 10.1 Berlin. I am missing some thing ?
Remy Lebeau
@rlebeau
@hugoluiz Are there other errors before that one? Did you remove the pre-installed version of Indy first?
ntsmkfob
@ntsmkfob
Hi all, up to now, we've used Indy to send email to our sports club members using our ISP (BT Business). We would send an email containing 20 BCCs and throttle the throughput to keep in the ISPs volume limits per hour. That went out of the window when they switched to using Outlook.com to host their emailing. We've switched to using an SMTP service (AuthSMTP) who recommend sending individual emails, no BCC. The old way had a fair processing overhead, but that didn't matter as there would be a minimum of 10 secs interval between emails. Now I want to basically loop through the recipient list as fast as possible - basically Connect, loop through list clearing and building headers, Send and finally Disconnect., rather than Connect, Send one email, Disconnect and loop. Am I digging a hole for myself?
Marcelo Lauxen
@marcelolx
Hey people, i have a doubt
specifically at the TIdFTP component on the palette Indy Clients, Delphi XE2
I intend to to upload and download files from my ftp server, and keep the file modification date, is it possible?
I not found anything at the docsite of IndyProject, related this, but it's possible or not?
Sorry my bad english
Remy Lebeau
@rlebeau
@ntsmkfob if you are sending all of the emails using the same SMTP server, you don't need to disconnect between individual emails, you can send more than one email per login session. Connect, send send send, disconnect. The alternative is to stop using 3rd party email services altogether and just send your emails directly to each recipient's email server directly. Indy even has a TIdSMTPRelay component for that very purpose. It scans an email's recipients list and separates the recipients based on their domains, and then it uses DNS to locate each domain's receiving server, and then finally connects to each domain sending the email to all recipients within the domain. Just be careful, because this is the same thing spammers ted to do, and you might get blacklisted by some servers. This is generally why you should send emails using an ISP or intermediary service that has already been whitelisted (consider using a mailing list service, like Yahoo Groups, instead of sending emails to individual recipients, that way you only have to send 1 email on your end and let the service propegate it through the membership for you).
@marcelolx When uploading files, TIdFTP has a SetModTime() method for setting the modification time of a remote file, if the server supports the MFMT or MDTM command. When downloading a file, you have to set the modification time of the local file manually. On Windows, you can use Delphi's SysUtils.FileSetDate() function, or the Win32 SetFileTime() function directly, for that purpose.
ntsmkfob
@ntsmkfob
Thank you Remy. I'll try the send,send,send approach, as it means removing code instead of writing new stuff. Thanks for your help.
Marcelo Lauxen
@marcelolx
Thank you @rlebeau , I'll test this tomorrow and say if worked.
Marcelo Lauxen
@marcelolx
It worked! :smile:
Matthijs ter Woord
@mterwoord
when pinging on windows, do i need admin rights?
Kudzu
@czhower
as a ping client? no...
Matthijs ter Woord
@mterwoord
shoot, then the app gives a different issue..
:(
i am getting socket error 10013 on the AllocateSocket when pinging...
Matthijs ter Woord
@mterwoord
a bit old, but same eror...
Remy Lebeau
@rlebeau
@Mterwoord If you are pinging in code using TIdIcmpClient, then YES, you need admin rights, as TIdIcmpClient uses a RAW socket, not any OS-provided ping APIs. RAW sockets are restricted to admins on most platforms, including Windows: https://support.microsoft.com/en-us/help/195445/: "A Socket or WSASocket call that specifies the SOCK_RAW socket type fails with the following Winsock error message (10013 WSAEACCES) if the user is a non-administrator"
Matthijs ter Woord
@mterwoord
yeah, got a followup error. customer said "i get the same error"
which translated to "i get the same red icon" :|
Remy Lebeau
@rlebeau
@mterwoord On Windows, you can send pings without admin rights using Microsoft's IcmpSendEcho() function: https://msdn.microsoft.com/en-us/library/windows/desktop/aa366050.aspx
Matthijs ter Woord
@mterwoord
now only to find a delphi (6 ) binding of it..
(I thought I posted this, but it was stuck).
Are there any places having guidelines on incoming Indy traffic throttling? From easier "max total connections" to "connections per second" via "traffic size per second" to "limit current complexity".
Remy Lebeau
@rlebeau
@jpluimers for "max total connections", TIdTCPServer has a MaxConnections property. For "connections per second", you will have to implement your own throttling in the TIdTCPServer.OnConnect event, disconnecting new connections that arrive too quickly. For "traffic size per second", you can assign a TIdInterceptThrottler object to a connection's Intercept property.
mezen
@mezen
Exist somewhere a tutorial (or a bunch of) how to use Indy with OpenSSL (1.0.2) with (nearly) secure settings? (For example how to use only secure ciphers, how to use PFS, how to use certificates from windows certificate store, correct setting for verify depth and what i am still not aware of)
Ludwig Behm
@lbehm
@mezen Server or client?
mezen
@mezen
I am interested in both
Ludwig Behm
@lbehm
I should really make a public repo someday... I don't know about client side but for the server implementation you will have to set something like this:
TIdCustomHTTPServer *Server = /*get you IndyServer Instance here*/;
TIdServerIOHandlerSSLOpenSSL *SSLHandler;
if (Server->IOHandler == NULL)
    Server->IOHandler = SSLHandler = new TIdServerIOHandlerSSLOpenSSL();
else
    SSLHandler = (TIdServerIOHandlerSSLOpenSSL*) Server->IOHandler;
SSLHandler->SSLOptions->RootCertFile = "";
SSLHandler->SSLOptions->CertFile = "path/to/cert.pem";
SSLHandler->SSLOptions->KeyFile = "path/to/cert.key";
SSLHandler->SSLOptions->Mode = Idsslopenssl::sslmServer;
SSLHandler->SSLOptions->VerifyDepth = 0;
SSLHandler->SSLOptions->SSLVersions = TIdSSLVersions();
SSLHandler->SSLOptions->SSLVersions << sslvTLSv1 << sslvTLSv1_1 << sslvTLSv1_2;
SSLHandler->SSLOptions->CipherList = "ALL:!LOW:!SSLv2:!aNULL:!aECDH:!eNULL:!EXP:!EXPORT:!DES:!RC4:!MD5:!PSK:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:@STRENGTH";
Server->OnQuerySSLPort = (TIdHTTPQuerySSLPortEvent)&IdQuerySSLPortHandler; // Callback to decide if we are on https port

// Adding the following list of headers in every response
//"X-Content-Type-Options:nosniff;X-Frame-Options:DENY;Strict-Transport-Security:max-age=31536000;\"Content-Security-Policy:style-src 'self' 'unsafe-inline'; img-src 'self' data:; default-src 'self';\";\"X-XSS-Protection:1; mode=block\""
// I read them in from config file, pass them through a TStringList('"', ';') with NameValueSeparator=':' and append them in every Response with ResponseInfo->CustomHeaders->Assign()
mezen
@mezen
For choosing the ciphers I am following the advice from the german Federal Office for Information Security (German: Bundesamt für Sicherheit in der Informationstechnik, abbreviated as BSI).
Also with your source you dont have PFS, for this I am using
type
  TIdSSLContextAccessor = class(TIdSSLContext);

function SSL_CTX_set_ecdh_auto(ctx: PSSL_CTX; m: TIdC_LONG): TIdC_LONG; inline;
const
  SSL_CTRL_SET_ECDH_AUTO = 94;
begin
  Result := SSL_CTX_ctrl(ctx, SSL_CTRL_SET_ECDH_AUTO, m, nil);
end;

procedure PatchSSLContext(const AContext: TIdSSLContext);
var
  ctx: PSSL_CTX;
begin
  ctx := TIdSSLContextAccessor(AContext).fContext;
  // SSL_OP_CIPHER_SERVER_PREFERENCE:
  // When choosing a cipher, use the server's preferences instead of the
  // client preferences. When not set, the SSL server will always follow the
  // clients preferences. When set, the SSL/TLS server will choose following
  // its own preferences.
  // SSL_OP_SINGLE_DH_USE:
  // Always create a new key when using temporary/ephemeral DH parameters
  // (see SSL_CTX_set_tmp_dh_callback). This option must be used to prevent
  // small subgroup attacks, when the DH parameters were not generated using
  // "strong" primes (e.g. when using DSA-parameters, see dhparam). If
  // "strong" primes were used, it is not strictly necessary to generate a new
  // DH key during each handshake but it is also recommended.
  // SSL_OP_SINGLE_DH_USE should therefore be enabled whenever
  // temporary/ephemeral DH parameters are used.
  SSL_CTX_set_options(ctx, SSL_OP_CIPHER_SERVER_PREFERENCE or SSL_OP_SINGLE_DH_USE);
  // SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION:
  // Allow legacy insecure renegotiation between OpenSSL and unpatched clients or servers
  SSL_CTX_clear_options(ctx, SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION);
  SSL_CTX_set_ecdh_auto(ctx, 1);
end;
I found some stuff on my own, but with every problem I find, I am more unsure what problems also exists but I am still not aware of. Because of this I hoped somewhere exist a tutorial with more information :(
Jeroen Wiert Pluimers
@jpluimers
@rlebeau thanks a lot!
Sam B
@SamBirnbaum
Using Delphi XE5 and Indy IdHTTP and IdSSLOpenSSL and receiving HTTP1.1 error 502 Bad Gateway. Has anyone else ran into this and if yes, what is the solution if any? I have used this before and it has worked flawlessly. Seems to be a problem with one particular web server. Any help would be appreciated. Thanks in advance.
Kudzu
@czhower
502 is not an error from Indy, its an error code from the server that Indy is passing back to you.
"The 502 Bad Gateway error is an HTTP status code that means that one server on the internet received an invalid response from another server."
Sam B
@SamBirnbaum
@czhower Thanks. I did research that and that is what I read, but I was wondering if that some settings in the Indy component can contribute to this problem. I don't have a problem accessing other websites with Indy. I did notice that there are newer dlls (libeay32.dll, ssleay32.dll) than what I currently have and could that be the cause.
@czhower I am currently using version 1.0.0g of the dlls and the new version is 1.0.2k. Do you know if the newer versions will function correctly with programs developed with the Indy components shipped with Delphi XE5 ?
Kudzu
@czhower
@rlebeau would be the one to speak about SSL versions.
Sam B
@SamBirnbaum
@czhower Thanks. Just tried the new versions with the site that is giving me the problem and the error persists. I will try the newer versions with other sites and will update with the results.