Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • Jan 22 00:52
    rlebeau milestoned #333
  • Jan 22 00:52
    rlebeau labeled #333
  • Jan 22 00:52
    rlebeau opened #333
  • Jan 22 00:52
    rlebeau assigned #333
  • Jan 21 21:30
    rlebeau commented #245
  • Jan 21 21:30
    rlebeau commented #245
  • Jan 20 19:44
    xjikka commented #299
  • Jan 20 18:08
    rlebeau commented #332
  • Jan 20 10:12
    mezen commented #299
  • Jan 20 06:44
    Coldzer0 opened #332
  • Jan 19 17:29
    rlebeau commented #331
  • Jan 19 17:29
    rlebeau commented #331
  • Jan 19 17:22
    rlebeau commented #331
  • Jan 19 17:22
    rlebeau commented #331
  • Jan 18 09:39
    Memnarch edited #331
  • Jan 18 09:39
    Memnarch opened #331
  • Jan 13 11:55
    nag944 commented #299
  • Jan 13 11:54
    nag944 commented #299
  • Jan 13 11:50
    mitzix commented #299
  • Jan 11 18:53
    xjikka commented #299
Remy Lebeau
@rlebeau
@DelphiWorlds The link I gave you above should jump right to the specific message that explains the issue and the CipherList workaround (the jump works fine for me). If your browser is not jumping to that message, your browser is being stupid. Just read the message from Angus Robertson on Apr 20 2017, it explains the DH issue and gives the workaround
DelphiWorlds
@DelphiWorlds
Why is the workaround necessary for EMBT's server?
DelphiWorlds
@DelphiWorlds
Never mind.. the answer is in his details.. which I have already read before. I blame the 'flu that I'm recovering from ;-)
Remy Lebeau
@rlebeau
@DelphiWorlds Yes, per the discussion: "The essential issue is the server is using DHParams with less than 768
bits
, which are needed to support DH ciphers. To prevent the Logjam attack, OpenSSL 1.0.2e and later will not connect
with DHParams less than 768 bits, giving dh key too small
... The proper fix would be to create new DHParams for the Jive server,
with 1,024 bits or later
"
DelphiWorlds
@DelphiWorlds
thanks
DelphiWorlds
@DelphiWorlds
...and fixed :-) Just tested EMBTs forums with OpenSSL 1.0.2k.. all good
mezen
@mezen
Does the proxy authentification in IdHTTP work with NTLM? And if, what have I to do? Just simple put Username and Password to IdHttp1.ProxyParams.ProxyUsername and IdHttp1.ProxyParams.ProxyPassword? For my bad I have no proxy with ntlm authentification here for testing and it seems that setting up a squid with ntlm is a little bit complicated :(
Remy Lebeau
@rlebeau
@mezen Proxy auhentication uses the same mechanism as normal HTTP authentication - Indy's TIdAuthentication classes. TIdHTTP only supports BASIC authentication (TIdBasicAuthentication) by default, but adding additional IdAuthentication... units to your uses clause will activate other classes. NTLM is handled by the TIdNTLMAuthentication class in the IdAuthenticationNTLM unit, which is actually untested and thus is not registered in the IDE by default, but you can try adding it to your projct manually and see if it works.
mezen
@mezen
@rlebeau if I want to use IdAuthenticationNTLM or IdAuthenticationSSPI (which also contain NTLM?), do I still have to set ProxyParams.BasicAuthentication := True; or is NTLM not considered as Basic authentication?
(My Target Platform is only Win32, maybe Win64 someday in a far future)
Mark Humphreys
@mmarquee
I am trying to add client certificates to a solution using TIdTCPServer that already has SSL connections - based on an answer given in Embarcadero forums. I have setup OnVerifyPeer events, and set VerifyMode to [sslvrfPeer], but it is currently allowing connections when there is no client certificate. What have I done wrong / missed ?
mezen
@mezen
sslvrPeer: A Request from a client certificate will be sent to the client. The client may opt to ignore the request, but if a certificate is sent back, it will be verified.
sslvrfFailIfNoPeerCert: only used for server when sslvrPeeris set. Use of this flag will cause the handshake to terminate immendiatly if no certificate is provided by the client.
sslvrfClientOnce: only used for server when sslvrPeeris set. Use of this flag will prevent the server from requesting a certificate from the client in the case of renegotiation. A certificate will still be requested during the initial handshake
@mmarquee so you have to set VerifyMode to [sslvrfPeer, sslvrfFailIfNoPeerCert]
mezen
@mezen
Good source is https://wiki.openssl.org/index.php/Manual:SSL_CTX_set_verify(3)
SSL_VERIFY_NONE is VerifyMode := [];
Mark Humphreys
@mmarquee
@mezen Super, setting those values will disable connection until a correct client certificate it sent. Been looking at this for hours working out what was wrong. Thanks
Remy Lebeau
@rlebeau
@mezen BASIC is an actual authentication scheme of its own. Setting BasicAuthentication=True just means that TIdHTTP is allowed to fall back to BASIC if not using any other authentication
DelphiWorlds
@DelphiWorlds
I have an application that "advertises" itself by way of a UDP broadcast.. if I call Broadcast on TIdUDPClient, is it supposed to broadcast on all bindable IP addresses, or does it just pick the first one, or something else? Is using UDP an advisable way of doing this in the first place? I note that for IPv6 networks I'll have to use multicast anyway
Note that the comms is (for now) just happening on the local network
DelphiWorlds
@DelphiWorlds
I think I might need TIdIPMCastClient/Server.. just need to work out how to use them
DelphiWorlds
@DelphiWorlds
I'm attempting to bind all local addresses to the TIdIPMCastClient, but it fails with socket error 10049
Not sure what value I should be putting for MulticastGroup in the server, either
DelphiWorlds
@DelphiWorlds
ok.. that error happens on iOS Simulator.. not on Win32
DelphiWorlds
@DelphiWorlds
...and also errors on iOS
Remy Lebeau
@rlebeau
@DelphiWorlds Sending a UDP broadcast will go out on a single IP interface of the OS's choosing, unless you bind the socket to a specific interface beforehand, or use the broadcast IP of a specific subnet rather than the generic 255.255.255.255 broadcast address. If you want to broadcast on all available interfaces, you have to send a broadcast to each one individually.
Remy Lebeau
@rlebeau
@DelphiWorlds I can't comment on your 10049 error without seeing how you are binding the IPs to begin with. The MulticastGroup is the network multicast IP address that you want to send/receive packets on (the IP that routers watch for on packets), which is different than the local IP address that you bind sockets to. IPv4 multicast group addresses are in the 224.x.x.x to 239.x.x.x range. IPv6 multicast group addresses are in the FF0x:x:x:x:x:x:x:x range
DelphiWorlds
@DelphiWorlds
I'm not going beyond the router, so I assume I won't need multicast? I just need to make sure the broadcast is seen through the correct connection..
I need to loop through the available IPs and send on each
DelphiWorlds
@DelphiWorlds
ok.. I need multicast because IPv6 is involved
procedure TNetworkingModel.ConfigureUDPBindings(const AListener: TIdIPMCastClient);
var
LHandle: TIdSocketHandle;
I: Integer;
begin
AListener.Bindings.Clear;
for I := 0 to FLocalAddresses.Count - 1 do
begin
LHandle := AListener.Bindings.Add;
LHandle.IPVersion := FLocalAddresses.Addresses[I].IPVersion;
LHandle.IP := FLocalAddresses.Addresses[I].IPAddress;
LHandle.Port := AListener.DefaultPort;
end;
end;
oops
not that good with gitter
procedure TNetworkingModel.ConfigureUDPBindings(const AListener: TIdIPMCastClient);
var
  LHandle: TIdSocketHandle;
  I: Integer;
begin
  AListener.Bindings.Clear;
  for I := 0 to FLocalAddresses.Count - 1 do
  begin
    LHandle := AListener.Bindings.Add;
    LHandle.IPVersion := FLocalAddresses.Addresses[I].IPVersion;
    LHandle.IP := FLocalAddresses.Addresses[I].IPAddress;
    LHandle.Port := AListener.DefaultPort;
  end;
end;
that's how I'm configuring the bindings
DelphiWorlds
@DelphiWorlds
if I don't attempt to bind the IPv6 addresses, no error
DelphiWorlds
@DelphiWorlds
TIdIPMCastServer also errors if attempting a Send on an IPv6 address

Debugger Exception Notification

Project dyld_sim raised exception class EIdSocketError with message 'Socket Error # 49

Cannot assign requested address.'.

Break Continue Help

DelphiWorlds
@DelphiWorlds
even if I ignore the IPv6 addresses, my client (192.168.56.100) doesn't receive a broadcast from the server (192.168.56.1)
Remy Lebeau
@rlebeau
@DelphiWorlds how are you sending the broadcast? What does that code look like?
DelphiWorlds
@DelphiWorlds
Francesco Marano may have given me a solution in the forums.. the thread starts here:
https://forums.embarcadero.com/message.jspa?messageID=887844&tstart=0
I neglected to consider that the IPMCast classes have their own IPVersion property, as well as MulticastGroup property.. doh
DelphiWorlds
@DelphiWorlds
if you read Francesco's last reply, his example code works on Windows, fails on iOS.. same error
It fails when setting the client active
DelphiWorlds
@DelphiWorlds
TIdStackVCLPosix.GetLocalAddressList fails to retrieve any addresses for me on my Android 7 device, so I've created this Gist, in case it's of any use:
https://gist.github.com/DelphiWorlds/0733b6611707c8d5725ee42fd1ae01fd
Remy Lebeau
@rlebeau
@DelphiWorlds TIdStackVCLPosix.GetLocalAddressList() being broken on Android is a known issue. There are comments to that effect in the code. I stay away from using Embarcadero's JNI Bridge interfaces because 1) they are not portable (they only work in Delphi, not in FreePascal), and 2) there are threading issues related to accessing Java objects in native code, so I try to stick with native solutions. Which I have not implemented for Android yet.
DelphiWorlds
@DelphiWorlds
ok.. no clues about what might be causing the failure on iOS? I'm also having problems attempting to broadcast on each IP address.. for some reason or another using a loop it broadcasts only on the last address
procedure TForm1.SendBroadcast(const AServer: TIdIPMCastServer; const ABroadcast: string);
var
  I: Integer;
begin
  for I := 0 to FLocalAddresses.Count - 1 do
  begin
    if FLocalAddresses[I].IPVersion = AServer.IPVersion then
    begin
      AServer.Active := False;
      AServer.BoundIP := FLocalAddresses[I].IPAddress;
      AServer.BoundPort := AServer.Port;
      AServer.Active := True;
      AServer.Send(ABroadcast);
    end;
  end;
end;
Remy Lebeau
@rlebeau
@DelphiWorlds I'm not a multicast expert, or an iOS user, I can't tell you why it fails on iOS. What is the actual error? On which line of code? Where are you setting AServer.MulticastGroup? Is that group valid on all networks you are trying to bind to?
DelphiWorlds
@DelphiWorlds
I posted the error earlier, and it occurs when attempting to set Active to True on the TIdIPMCastClient