Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • Nov 16 18:35
    rlebeau commented #201
  • Nov 14 18:08
    wqmeng commented #201
  • Nov 14 18:04
    arvanus commented #201
  • Nov 14 17:43
    wqmeng commented #201
  • Nov 14 17:37
    arvanus commented #201
  • Nov 14 17:31
    wqmeng commented #201
  • Nov 14 12:00
    arvanus commented #201
  • Nov 14 09:07
    wqmeng commented #201
  • Nov 14 09:05
    wqmeng commented #201
  • Oct 30 16:15
    rlebeau edited #260
  • Oct 16 04:22
    rlebeau labeled #269
  • Oct 16 04:22
    rlebeau opened #269
  • Oct 08 19:00

    Fulgan on Restructure

    Bug fix for a typo in TIdIMAP4.… (compare)

  • Oct 08 19:00

    Fulgan on master

    Bug fix for a typo in TIdIMAP4.… (compare)

  • Oct 02 21:00

    Fulgan on Restructure

    Updating TIdIMAP4's InternalSea… (compare)

  • Oct 02 21:00

    Fulgan on master

    Updating TIdIMAP4's InternalSea… (compare)

  • Sep 20 21:50

    Fulgan on master

    Embarcadero patch for race cond… (compare)

  • Sep 20 21:50

    Fulgan on Restructure

    Embarcadero patch for race cond… (compare)

  • Sep 10 18:50
    rlebeau closed #268
  • Sep 10 18:50
    rlebeau commented #268
Justin
@klsyzzz
hi there, I'm trying to use Indy for SMTP and getting error 'SSL Negotiation failed', I think one before this is 'Could not Load SSL Library', can you please helep
Justin
@klsyzzz
nevermind, I figured out, I downloaded the dlls for openssl-1.0.2k-x64_86-win64, after replaced with openssl-1.0.2k-i386-win32 it works ok
our application is 32bit but my dev environment is 64 so I was assuming I should use the 64 bit, turns out it's not
Remy Lebeau
@rlebeau
@klsyzzz you have to batch the bitness of your compiled executable, not your development environment. A 32bit executable can only use 32bit DLLs. A 64bit executable can only use 64bit DLLs
Justin
@klsyzzz
@rlebeau Thank you very much
also can you tell me what's the difference between openssl-1.0.2k-i386-win32 and openssl-1.0.2j-i386-win32 ? they all listed in the server, are they just different build built on different time?
Kudzu
@czhower
they are based on the openssl releases, so check their release notes.
Justin
@klsyzzz
oh. didn't know that
does that means I need to update openssl as well ?
I didn't recall I installed openssl, just using Indy lib from Delphi install
Remy Lebeau
@rlebeau
@klsyzzz openssl-1.0.2k-i386-win32 = OpenSSL 1.0.2k for Windows 32bit, openssl-1.0.2j-i386-win32 = OpenSSL 1.0.2j for Windows 32bit, openssl-1.0.2k-x64_86-win64 = OpenSSL 1.0.2k for Windows 64bit. They are just different builds of different releases of OpenSSL
Justin
@klsyzzz
how do I find out which openssl on my pc, the Indy package come with Delphi 10.2 berlin install
Remy Lebeau
@rlebeau
OpenSSL is a standalone library. There can be multiple versions installed on a PC. Look at the DLL's version info properties in Windows Explorer. In your code, you can find out which version of OpenSSL is being used by your app by calling Indy's OpenSSLVersion() wrapper function in the IdSSLOpenSSL unit.
Justin
@klsyzzz
i see, thank you very much
sorry one more question, do we need to include OpenSSL dlls for deployment to client's pc which runs our delphi application?
as we don't need to deploy any Indy lib to client PC
Remy Lebeau
@rlebeau
@klsyzzz OpenSSL is a separate library, so yes, you need to deploy it (or, if encryption export laws get in your way, have the user download it from OpenSSL's website), unless it is already installed on the PC (if so, you can use Indy's IdOpenSSLSetLibPath() function to point to it), or if you are compiling for iOS devices (Indy compiles OpenSSL statically on that platform). Indy itself is compiled directly into your app (unless you enable runtime packages, in which case you would then have to deploy those)
Justin
@klsyzzz
thank you very much Remy
mezen
@mezen

But pls consider https://www.openssl.org/source/license.html, for example

    1. Redistributions in binary form must reproduce the above copyright
  • notice, this list of conditions and the following disclaimer in
  • the documentation and/or other materials provided with the
  • distribution.

    1. Redistributions of any form whatsoever must retain the following
  • acknowledgment:
  • "This product includes software developed by the OpenSSL Project
  • for use in the OpenSSL Toolkit (http://www.openssl.org/)"

    1. All advertising materials mentioning features or use of this software
  • must display the following acknowledgement:
  • "This product includes cryptographic software written by
  • Eric Young (eay@cryptsoft.com)"
  • The word 'cryptographic' can be left out if the rouines from the library
  • being used are not cryptographic related :-).
Hmpf, gitter broken my format :-\
Remy Lebeau
@rlebeau
looks fine to me
Justin
@klsyzzz
@mezen thank you, will add that to consideration.
Justin
@klsyzzz
so if we planning to distribute the dlls, we just distribute the openssl license.txt to the same folder on client side, is it enough?
Justin
@klsyzzz
Hi @rlebeau is there any where I can get the help file or KB for the latest Indy release? the one on http://www.indyproject.org seems old
Remy Lebeau
@rlebeau
the documentation hasn't been updated in a long time
Justin
@klsyzzz
ok, so best ask here?
Remy Lebeau
@rlebeau
if you have a specific issue, sure
Justin
@klsyzzz
Just wondering in TIdSMTP there is a property named UseTLS, what's the one utUseRequireTLS?
what's the difference between this one and the other 2: implicit and explicit
Remy Lebeau
@rlebeau
that is a little hard to explain. it is not really used much on the client-side (though it can be), more on the server-side. It is kind of like a mix of utUseImplicitTLS and utUseExplicitTLS. It is like Explicit in that SSL/TLS is activated dynamically only when supported by both parties, but it is like Implicit in that if the handshake fails then an exception is always raised and the connection is aborted, whereas with utUseExplicitTLS the exception can optionally be bypassed (with an event handler) so the connection can continue being used unsecure (thus making SSL/TLS optional even if attempted and failed). Also, utUseRequireTLS is used by some servers to make sure that certain commands can only be executed by clients over an already-secure SSL/TLS connection. If the connection is not secure, those commands fail.
Justin
@klsyzzz
you explained it clear like mud, thanks

we currently using Explicit option, and here is the code:

1 idSMTP.Connect;
2 idSMTP.Authenticate;
3 idSMTP.send(idMessage);

however I found that even I remove line 2, it still works correctly. I checked the code for Authenticate, it calls StartTLS. Does TIdSMTP.Connect also call StartTLS as well somewhere?

Remy Lebeau
@rlebeau
Send() calls Authenticate(), which in turn calls StartTLS()
Justin
@klsyzzz
oh that's why. thank you.
jimakoz
@jimakoz
Hi guys, my set up is Delphi 10.1 and Indy 10.6.2.5341 and basically I’ve got an issue with the TIdFTPServer when clients abruptly disconnect during a data transfer. So, the problem is really the fact that when an abruptly disconnect occurs the server doesn’t pick it up and never triggers the OnDisconenct() event. I’ve introduced a mechanism that periodically checks for timed out connections but I cannot find a way to completely kick out the connection. Any ideas?
jimakoz
@jimakoz
That’s the code I’m using to clear idle connections, but unfortunately doesn’t work.
with ftpServer.Contexts.LockList do
begin
try
for i := Count - 1 downto 0 do
begin
Context := TidContext(List[i]);
if Context = nil then Continue;
Context.Connection.IOHandler.WriteBufferClear;
Context.Connection.IOHandler.InputBuffer.Clear;
Context.Connection.IOHandler.Close;
if Context.Connection.Connected then Context.Connection.Disconnect;
end;
finally
ftpServer.Contexts.UnlockList;
end;
end;
jimakoz
@jimakoz
Hi, I think I have found some sort of a work around to this issue. Instead of getting the TIdContext context of a connection I get the TIdFTPServerContext instead. Then by calling the KillDataChannel method I can disconnect fully the connection. Yes, it produces a couple of exception but the OnException Event will trap all of those, so no problem!
Remy Lebeau
@rlebeau
@jimakoz abnormal disconnects take time for the OS to detect, they are not immediate. Only graceful disconnects are. What you are doing is VERY dangerous code, because you are manipulating connections that may be actively busy doing things, like processing commands or transferring files. You are not doing anything to validate the current state of the connections. Each client runs in its own thread, you can't just wipe the buffers, or rip out the data channel, from behind the thread's back. If you really want to kill idle connections, just set a timeout on each connection in the OnConnect event, and let the client thread raise an exception if the timeout elapses while waiting for new data from the client. You can do the same thing for the data channel conection during each transfer. Let the server handle any raised exception and it will close the connection(s) for you. You can use an IOHandler's own ReadTimeout property, or you can enable TCP layer keep-alives using the IOHandler's Binding.SetKeepAliveValues() method.
jimakoz
@jimakoz
@rlebeau many thanks for your reply. I have tried indeed setting both ReadTimeout and SetKeepAliveValues in the OnConnect event as part of a solution, but nothing is happening when the client disconnects abruptly. For example when a client uploads a file and the network cable gets unplugged the server will never trigger the disconnect event. It will release the connections only when the server gets deactivated, with errors simi!ar to the ones i get with the above solution. How can i set timeouts on the data channel connection?
Remy Lebeau
@rlebeau
@jimakoz Let me say it again - "abnormal disconnects take time for the OS to detect" You are NOT going to get an immediate reaction from the OS, it needs time to timeout internally, and that can take a LONG time, but it will happen EVENTUALLY. Until that happens, socket operations will not report failures. TCP is designed to recover connections after short network outages, so the OS has to wait awhile before it kills a lost connection for good. If you don't want to wait that long, you have to use your own timeout in your own code. TCP keepalives help with that, as do reading timeouts. You might also consider using Binding.SetSockOpt(SO_SNDTIMEO) and Binding.SetSockOpt(SO_RCVTIMEO) on platforms that support those options (like Windows).
@jimakoz as for setting a data channel timeout, there does not appear to be a specific event that is appropriate for that, but TIdFTPServer.OnDataPortAfterBind might work, at least in Active mode transfers (probably not for Passive mode transfers since an inbound connection is not accepted yet).
jimakoz
@jimakoz
@rlebeau , i see what you are saying, but unfortunately the connection will NEVER timeout (even if i set the keepalive and readtimeout values) , we're talking about days here. I've seen cases that the connection was still "active" even after a month! Anyhow, i might give it another go with the SetSockOpt option but i doubt is going to make any difference. I think the issue is on the data channel side, that never gets released...thanks for your support anyway.
Remy Lebeau
@rlebeau
@jimakoz The OS will certainly never wait THAT long, so the socket code is either deadlocked, or probably stuck in an endless loop somewhere. Rather than rip the connection out, you should debug the server to find out where the code flow is going to when the cable is pulled out and then patch the code to address that.
jimakoz
@jimakoz
Thanks @rlebeau , I'll try that and if i find something i'll let you know
Justin
@klsyzzz
hi got another question, The property TIdSMTP.Port, is it true that if useTLS then TLS will select a different port for connection? for example, if I assign port 25 to the TIdSMTP, when start TLS, does it using 25 or use different port like 587?
Remy Lebeau
@rlebeau
@klsyzzz it depends on what you set UseTLS to. If you set UseTLS=utUseImplicitTLS and the Port is currently 25 or 587, the Port is changed to 465. If you set UseTLS=utUseExplicitTLS and the Port is currently 25 or 465, the Port is changed to 587. If you set UseTLS=utNoTLSSupport and the Port is currently 465 or 587, the Port is changed to 25. If you want to use a specific Port, set UseTLS first, then set the Port afterwards
Justin
@klsyzzz
thanks @rlebeau, i'm using utUseExplicitTLS, so if the port currently is 587, it will use 587 no change, right?
Remy Lebeau
@rlebeau
@klsyzzz yes
Justin
@klsyzzz
thank you very much @rlebeau
irawancepu
@irawancepu
Using Indy 10.6.2.0, i got warning that TidNotify is deprecated. What the replacement is? How to use it?