by

Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • 00:50
    rlebeau commented #163
  • Aug 11 23:52
    MoacirSchmidt commented #163
  • Aug 11 19:13
    wellington1993 closed #317
  • Aug 11 19:13
    wellington1993 commented #317
  • Aug 11 18:13
    wellington1993 commented #317
  • Aug 05 14:39
    JedrzejczykRobert commented #299
  • Aug 04 20:55
    rlebeau commented #317
  • Aug 04 20:50
    rlebeau commented #317
  • Aug 04 20:21
    wellington1993 commented #317
  • Aug 04 20:20
    wellington1993 commented #317
  • Aug 04 19:07
    wellington1993 commented #317
  • Aug 04 13:41
    JedrzejczykRobert commented #299
  • Aug 03 16:45
    rlebeau commented #317
  • Aug 03 16:37
    rlebeau commented #318
  • Aug 02 03:55
    wellington1993 commented #317
  • Aug 01 20:07
    tothpaul opened #318
  • Jul 29 14:22
    Denercy commented #316
  • Jul 29 01:02
    rlebeau commented #317
  • Jul 28 23:26
    wellington1993 commented #317
  • Jul 27 18:54
    wellington1993 commented #317
Justin
@klsyzzz
as we don't need to deploy any Indy lib to client PC
Remy Lebeau
@rlebeau
@klsyzzz OpenSSL is a separate library, so yes, you need to deploy it (or, if encryption export laws get in your way, have the user download it from OpenSSL's website), unless it is already installed on the PC (if so, you can use Indy's IdOpenSSLSetLibPath() function to point to it), or if you are compiling for iOS devices (Indy compiles OpenSSL statically on that platform). Indy itself is compiled directly into your app (unless you enable runtime packages, in which case you would then have to deploy those)
Justin
@klsyzzz
thank you very much Remy
mezen
@mezen

But pls consider https://www.openssl.org/source/license.html, for example

    1. Redistributions in binary form must reproduce the above copyright
  • notice, this list of conditions and the following disclaimer in
  • the documentation and/or other materials provided with the

  • distribution.

    1. Redistributions of any form whatsoever must retain the following
  • acknowledgment:
  • "This product includes software developed by the OpenSSL Project

  • for use in the OpenSSL Toolkit (http://www.openssl.org/)"

    1. All advertising materials mentioning features or use of this software
  • must display the following acknowledgement:
  • "This product includes cryptographic software written by
  • Eric Young (eay@cryptsoft.com)"
  • The word 'cryptographic' can be left out if the rouines from the library
  • being used are not cryptographic related :-).
Hmpf, gitter broken my format :-\
Remy Lebeau
@rlebeau
looks fine to me
Justin
@klsyzzz
@mezen thank you, will add that to consideration.
Justin
@klsyzzz
so if we planning to distribute the dlls, we just distribute the openssl license.txt to the same folder on client side, is it enough?
Justin
@klsyzzz
Hi @rlebeau is there any where I can get the help file or KB for the latest Indy release? the one on http://www.indyproject.org seems old
Remy Lebeau
@rlebeau
the documentation hasn't been updated in a long time
Justin
@klsyzzz
ok, so best ask here?
Remy Lebeau
@rlebeau
if you have a specific issue, sure
Justin
@klsyzzz
Just wondering in TIdSMTP there is a property named UseTLS, what's the one utUseRequireTLS?
what's the difference between this one and the other 2: implicit and explicit
Remy Lebeau
@rlebeau
that is a little hard to explain. it is not really used much on the client-side (though it can be), more on the server-side. It is kind of like a mix of utUseImplicitTLS and utUseExplicitTLS. It is like Explicit in that SSL/TLS is activated dynamically only when supported by both parties, but it is like Implicit in that if the handshake fails then an exception is always raised and the connection is aborted, whereas with utUseExplicitTLS the exception can optionally be bypassed (with an event handler) so the connection can continue being used unsecure (thus making SSL/TLS optional even if attempted and failed). Also, utUseRequireTLS is used by some servers to make sure that certain commands can only be executed by clients over an already-secure SSL/TLS connection. If the connection is not secure, those commands fail.
Justin
@klsyzzz
you explained it clear like mud, thanks

we currently using Explicit option, and here is the code:

1 idSMTP.Connect;
2 idSMTP.Authenticate;
3 idSMTP.send(idMessage);

however I found that even I remove line 2, it still works correctly. I checked the code for Authenticate, it calls StartTLS. Does TIdSMTP.Connect also call StartTLS as well somewhere?

Remy Lebeau
@rlebeau
Send() calls Authenticate(), which in turn calls StartTLS()
Justin
@klsyzzz
oh that's why. thank you.
jimakoz
@jimakoz
Hi guys, my set up is Delphi 10.1 and Indy 10.6.2.5341 and basically I’ve got an issue with the TIdFTPServer when clients abruptly disconnect during a data transfer. So, the problem is really the fact that when an abruptly disconnect occurs the server doesn’t pick it up and never triggers the OnDisconenct() event. I’ve introduced a mechanism that periodically checks for timed out connections but I cannot find a way to completely kick out the connection. Any ideas?
jimakoz
@jimakoz
That’s the code I’m using to clear idle connections, but unfortunately doesn’t work.
with ftpServer.Contexts.LockList do
begin
try
for i := Count - 1 downto 0 do
begin
Context := TidContext(List[i]);
if Context = nil then Continue;
Context.Connection.IOHandler.WriteBufferClear;
Context.Connection.IOHandler.InputBuffer.Clear;
Context.Connection.IOHandler.Close;
if Context.Connection.Connected then Context.Connection.Disconnect;
end;
finally
ftpServer.Contexts.UnlockList;
end;
end;
jimakoz
@jimakoz
Hi, I think I have found some sort of a work around to this issue. Instead of getting the TIdContext context of a connection I get the TIdFTPServerContext instead. Then by calling the KillDataChannel method I can disconnect fully the connection. Yes, it produces a couple of exception but the OnException Event will trap all of those, so no problem!
Remy Lebeau
@rlebeau
@jimakoz abnormal disconnects take time for the OS to detect, they are not immediate. Only graceful disconnects are. What you are doing is VERY dangerous code, because you are manipulating connections that may be actively busy doing things, like processing commands or transferring files. You are not doing anything to validate the current state of the connections. Each client runs in its own thread, you can't just wipe the buffers, or rip out the data channel, from behind the thread's back. If you really want to kill idle connections, just set a timeout on each connection in the OnConnect event, and let the client thread raise an exception if the timeout elapses while waiting for new data from the client. You can do the same thing for the data channel conection during each transfer. Let the server handle any raised exception and it will close the connection(s) for you. You can use an IOHandler's own ReadTimeout property, or you can enable TCP layer keep-alives using the IOHandler's Binding.SetKeepAliveValues() method.
jimakoz
@jimakoz
@rlebeau many thanks for your reply. I have tried indeed setting both ReadTimeout and SetKeepAliveValues in the OnConnect event as part of a solution, but nothing is happening when the client disconnects abruptly. For example when a client uploads a file and the network cable gets unplugged the server will never trigger the disconnect event. It will release the connections only when the server gets deactivated, with errors simi!ar to the ones i get with the above solution. How can i set timeouts on the data channel connection?
Remy Lebeau
@rlebeau
@jimakoz Let me say it again - "abnormal disconnects take time for the OS to detect" You are NOT going to get an immediate reaction from the OS, it needs time to timeout internally, and that can take a LONG time, but it will happen EVENTUALLY. Until that happens, socket operations will not report failures. TCP is designed to recover connections after short network outages, so the OS has to wait awhile before it kills a lost connection for good. If you don't want to wait that long, you have to use your own timeout in your own code. TCP keepalives help with that, as do reading timeouts. You might also consider using Binding.SetSockOpt(SO_SNDTIMEO) and Binding.SetSockOpt(SO_RCVTIMEO) on platforms that support those options (like Windows).
@jimakoz as for setting a data channel timeout, there does not appear to be a specific event that is appropriate for that, but TIdFTPServer.OnDataPortAfterBind might work, at least in Active mode transfers (probably not for Passive mode transfers since an inbound connection is not accepted yet).
jimakoz
@jimakoz
@rlebeau , i see what you are saying, but unfortunately the connection will NEVER timeout (even if i set the keepalive and readtimeout values) , we're talking about days here. I've seen cases that the connection was still "active" even after a month! Anyhow, i might give it another go with the SetSockOpt option but i doubt is going to make any difference. I think the issue is on the data channel side, that never gets released...thanks for your support anyway.
Remy Lebeau
@rlebeau
@jimakoz The OS will certainly never wait THAT long, so the socket code is either deadlocked, or probably stuck in an endless loop somewhere. Rather than rip the connection out, you should debug the server to find out where the code flow is going to when the cable is pulled out and then patch the code to address that.
jimakoz
@jimakoz
Thanks @rlebeau , I'll try that and if i find something i'll let you know
Justin
@klsyzzz
hi got another question, The property TIdSMTP.Port, is it true that if useTLS then TLS will select a different port for connection? for example, if I assign port 25 to the TIdSMTP, when start TLS, does it using 25 or use different port like 587?
Remy Lebeau
@rlebeau
@klsyzzz it depends on what you set UseTLS to. If you set UseTLS=utUseImplicitTLS and the Port is currently 25 or 587, the Port is changed to 465. If you set UseTLS=utUseExplicitTLS and the Port is currently 25 or 465, the Port is changed to 587. If you set UseTLS=utNoTLSSupport and the Port is currently 465 or 587, the Port is changed to 25. If you want to use a specific Port, set UseTLS first, then set the Port afterwards
Justin
@klsyzzz
thanks @rlebeau, i'm using utUseExplicitTLS, so if the port currently is 587, it will use 587 no change, right?
Remy Lebeau
@rlebeau
@klsyzzz yes
Justin
@klsyzzz
thank you very much @rlebeau
irawancepu
@irawancepu
Using Indy 10.6.2.0, i got warning that TidNotify is deprecated. What the replacement is? How to use it?
Remy Lebeau
@rlebeau
@irawancepu the answer is in the deprecated warning message: 'Use static TThread.Queue()', which is all TIdNotify calls, so you may as well just call it directly. That is why TIdNotify is deprecated.
Sergey
@icegood

Hi, Remy. After migration from Indy9 to Indy10 i found one more issue:
our web server always requires Content-Length in header of HTTP Post method. It doesn't matter whether ContentStream is assigned or not.
In Indy10 code i see that in case when ASource is not assigned then header is not added:
if Assigned(ARequest.Source) then begin
ARequest.ContentLength := ARequest.Source.Size;
end else begin
ARequest.ContentLength := -1; => leads to omitting of 'Content-Length'
end;
For this moment i have workaround via adding 'Content-Length' to CustomHeaders (value is '0', works great!). Moreover, seems Indy9 always added 'Content-Length'!

Please, consider adding 'Content-Length' always in library as well. At least i see it is a widespread issue:
http://stackoverflow.com/questions/19227142/http-status-code-411-length-required

perverez
@perverez
Hi, I have problem with GStack.LocalAddress. When I call this function on Windows Server 2016 (ver. 1607, build 14393, virtualized), error occured. Function Stub_GetAdaptersAddresses() returns any pointer, but GetAdaptersAddresses() return error 127. Some solution?
Remy Lebeau
@rlebeau
@icegood Indy 9 does not allow the source stream to be nil. If the request is POST or PUT, it assumes a valid stream and will crash accessing the Size if the stream is nil. Indy 9 also omitted the Content-Length for all requests other than POST and PUT. Indy 10 allows a nil source stream, but the real question is - why are you posting a nil source stream to begin with? You really shouldn't be. That being said, I have checked in a fix to generate a 'Content-Length: 0' header when the source stream is nil for POST and PUT requests.
Remy Lebeau
@rlebeau
@perverez error 127 is ERROR_PROC_NOT_FOUND. GetAdaptersAddresses() should not be returning that error, it comes from GetProcAddress() instead. Did you check to make sure Indy is able to load iphlpapi.dll correctly before calling GetAdaptersAddresses()?
perverez
@perverez
Hi, I check all - DLL is loaded (hIpHlpApi > 0), GetAdaptersAddresses is assigned, function Stub_GetAdaptersAddresses not calling Impl_GetAdaptersAddresses. The problem does not occur in the physical network interface cards, only in Hyper-V.
Remy Lebeau
@rlebeau
@perverez Then that is an OS issue, not an Indy issue. Ask Microsoft why GetAdaptersAddresses() returns 127 in Hyper-V (apparently you have already tried to?). It is likely a driver bug or something like that.
Remy Lebeau
@rlebeau
@perverez does GetAdaptersInfo() exhibit the same problem? If I have Indy treat ERROR_PROC_NOT_FOUND the same as ERROR_NOT_SUPPORTED when calling GetAdaptersAddresses(), Indy would then fallback to GetAdaptersInfo().
Sergey
@icegood

Hi, Remy. I wonder, what Indy10 means by 'Content-Length' for TIdMultipartFormDataStream?

I have next code:

AMultiPartFormData := TIdMultipartFormDataStream.Create; // Size=-1, OK

AField := AMultiPartFormData.AddFormField(AId, '', '', 'application/octet-stream'); // size = 222, might be OK

DataStream.CopyFrom(AStream, ALength); // ALength = 100500 bytes
ADataStream.Position := 0;
AField.FieldStream := ADataStream; // after that size became even smaller 220 bytes! why? i expect to see it >= ALength

moreover i must also sent 'Content-MD5' header and have no idea what should be there... In previous version of code with Alcinoe library we had there
CalculateMD5ForStream(ADataStream); and everything works well!

Sergey
@icegood
Should be ADataStream.Position := 0; before Post. But question about decreasing of size remains...
Remy Lebeau
@rlebeau
@icegood The Content-Length is the total bytes of the entire generated MIME content, from opening boundary to closing boundary, as one would expect. AMultiPartFormData.Size is not calculated until TIdHTTP requests it during posting, at which time the current field content is counted, but there is no way the size could be calculated so low, it takes the full MIME headers and FieldStream.Size into account (see TIdFormDataField.GetFieldSize()). How exactly are you determining the size is decreasing? You can use TIdHashMessageDigest5 to generate an MD5 hash, but there is currently no option to add custom headers to TIdMultipartFormDataStream fields, sorry.
Sergey
@icegood

@rlebeau, i've just checked change of size via Debug Watch . As i said above it happens only in case when my stream position is at the end.

I have another question, my HTTP protocol has KeepAlive=True and i see that in this case no disconnection happens:

if not Response.KeepAlive then begin
// TODO: do not disconnect if hoNoReadMultipartMIME is in effect
// TODO: do not disconnect if hoNoReadChunked is in effect
Disconnect;
end;

but i wonder whether is it a good idea to disconnect in case when socket error occurs? E.g. 'connection reset by peer'?

Sergey
@icegood
@rlebeau : "but there is currently no option to add custom headers to TIdMultipartFormDataStream fields, sorry."
we don't need that , do we? I've added MD5 header directly to TIdHTTP.CustomHeader and it works for me
irawancepu
@irawancepu
Using Delphi 2007, Indy 10 version 10.6.2.0, i got : E2251: ambiguous overloaded call to 'Post'. How to resolve this?
irawancepu
@irawancepu
Whew, there are 8 overloaded functions in idHttp.pas What i wanto to do actually is simply read response from portchecker.co. From there i can decide my port forwarding correctly or not. Many combination on Post methods are possible. Depend on STRING_IS_ANSI directive too. Too hard for me.