Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • Oct 30 16:15
    rlebeau edited #260
  • Oct 16 04:22
    rlebeau labeled #269
  • Oct 16 04:22
    rlebeau opened #269
  • Oct 08 19:00

    Fulgan on Restructure

    Bug fix for a typo in TIdIMAP4.… (compare)

  • Oct 08 19:00

    Fulgan on master

    Bug fix for a typo in TIdIMAP4.… (compare)

  • Oct 02 21:00

    Fulgan on Restructure

    Updating TIdIMAP4's InternalSea… (compare)

  • Oct 02 21:00

    Fulgan on master

    Updating TIdIMAP4's InternalSea… (compare)

  • Sep 20 21:50

    Fulgan on master

    Embarcadero patch for race cond… (compare)

  • Sep 20 21:50

    Fulgan on Restructure

    Embarcadero patch for race cond… (compare)

  • Sep 10 18:50
    rlebeau closed #268
  • Sep 10 18:50
    rlebeau commented #268
  • Sep 10 18:50

    Fulgan on Restructure

    Fix for TIdResponseHeaderInfo.S… (compare)

  • Sep 10 18:50

    Fulgan on master

    Fix for TIdResponseHeaderInfo.S… (compare)

  • Sep 10 18:49
    rlebeau labeled #268
  • Sep 10 18:49
    rlebeau labeled #268
  • Sep 10 18:49
    rlebeau assigned #268
  • Sep 10 18:49
    rlebeau review_requested #268
  • Sep 09 13:15
    gjdoornink opened #268
  • Aug 28 21:00

    Fulgan on Restructure

    Setting TIdSSLIOHandlerSocketBa… (compare)

  • Aug 28 21:00

    Fulgan on master

    Setting TIdSSLIOHandlerSocketBa… (compare)

Kudzu
@czhower
I cant tell how widespread it is, but its widespread enough to be in google a lot.
I think we had even under Kylix days to do a small tweak for connecting, but connecting only... I dont remember though as its been about 15 years.
"Calling shutdown() before close() seems to cause the sync Receive to return 0 bytes (i.e. EOF)."
dotnet/corefx#22564
Thats the thread I was looking for
"FYI, for sync Send the behavior is similar: without shutdown it hangs, with shutdown it returns EINVAL -- presumably because the socket is no longer valid for sending."
so probably a simple fix.
Remy Lebeau
@rlebeau
@czhower TIdSocketHandle.CloseSocket() calls TIdStack.Disconnect(), and all of the TIdStack... classes (except TIdStackDotNet) call shutdown() before close(socket)() inside of their Disconnect().
Kudzu
@czhower
hmm.. someone needs to check it on Linux then....
rkmanaz
@rkmanaz

found a bug in IdSSLOpenSSL.pas
procedure DumpCert(AOut: TStrings; AX509: PX509);

->
BIO_get_mem_data( LMem, LBufPtr);
if (LLen > 0) and Assigned(LBufPtr) then begin

BIO_get_mem_data expects pointer to pointer
fixed code;
'
var
LMem: PBIO;
LLen : TIdC_INT;
LBufPtr : Pointer;
lPBPtr : Pointer;
begin
if Assigned(X509_print) then begin
LMem := BIO_new(BIO_s_mem);
try
lPBPtr := @LBufPtr;
X509_print(LMem, AX509);
LLen := BIO_get_mem_data( LMem, lPBPtr);

  if (LLen > 0) and Assigned(LBufPtr) then begin

'

mercedwang
@mercedwang
Found a few type errors in IdSSLOpenSSLHeaders.pas:
In definitions of EVP_DecryptUpdate, EVP_DecryptFinal, EVP_DecryptFinal_ex, EVP_CipherUpdate and EVP_OpenFinal, the type of outl parameter should not be TIdC_INT, but PIdC_INT.
The next_proto_select_cb function pointer field in the definition of SSL_CTX record: Its definition should be either 'outlen : PIdAnsiChar' or 'out outlen: TIdAnsiChar' .
Remy Lebeau
@rlebeau
@rkmanaz the original DumpCert code is fine. Look at the declaration of BIO_get_mem_data() in IdSSLOpenSSLHeaders.pas: function BIO_get_mem_data(b : PBIO; out pp : Pointer) : TIdC_INT; In Delphi, out: Pointer is equivilent to void** in C. The original code was already passing a pointer-to-pointer. Your change is passing a pointer-to-pointer-to-pointer instead
Remy Lebeau
@rlebeau
@mercedwang I don't have time right now to review everything you have pointed out, I'll do it tomorrow
rkmanaz
@rkmanaz
@rlebeau point beeing, the dumpcert function does not work, aka it never prints anything, because Assigned(LBufPtr) is always false.
i checked it with d7 as well as with dx
OpenSSL 1.0.2j 26 Sep 2016(VC-WIN32) compiler: cl /MD /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DRC4_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_USE_APPLINK -I. -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_SSL2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_WEAK_SSL_CIPHERS -DOPENSSL_NO_STATIC_ENGINE
the used indy lib is somewhat older and abit adjusted to make it work under linux as well
but i checkede with the indy trunk and the important parts are the same
the only way it does work is, when i have a pointer var that i point to another pointer var and which one i pass to BIO_get_mem_data
under d7 nothing happens under dx i get an EA
rkmanaz
@rkmanaz
when i adjust the BIO_get_mem_data and remove the 'out' (which in my opinion is wrong - looking at linux man page for BIO_get_mem_data) then its same for d7 and dx, nothing happens cos nothing is assigned
rkmanaz
@rkmanaz
to make sure, i tested with OpenSSL 1.0.2n 7 Dec 2017(VC-WIN32) compiler: cl /MD /Ox /O2 /Ob2 -DOPENSSL_THREADS -DDSO_WIN32 -W3 -WX -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -D_WINSOCK_DEPRECATED_NO_WARNINGS -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DRC4_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DOPENSSL_USE_APPLINK -I. -DOPENSSL_NO_RC5 -DOPENSSL_NO_MD2 -DOPENSSL_NO_SSL2 -DOPENSSL_NO_KRB5 -DOPENSSL_NO_JPAKE -DOPENSSL_NO_WEAK_SSL_CIPHERS -DOPENSSL_NO_STATIC_ENGINE
same thing
Remy Lebeau
@rlebeau
@rkmanaz I found the problem, and it is not in DumpCert() at all, its original code is fine. The real problem is in BIO_get_mem_data() itself in IdSSLOpenSSLHeaders.pas. When it calls BIO_ctrl(), it is not passing the correct output pointer - Result := BIO_ctrl(b,BIO_CTRL_INFO,0,pp); should be Result := BIO_ctrl(b,BIO_CTRL_INFO,0,@pp); Looks like other functions, like BIO_get_mem_ptr and BIO_get_ssl, are also affected by a similar bug
Remy Lebeau
@rlebeau
@mercedwang I have checked in an update for the declarations you mentioned, and several others
mercedwang
@mercedwang
@rlebeau Great!
Jeroen Wiert Pluimers
@jpluimers
Remy Lebeau
@rlebeau
@jpluimers I don't visit Google groups very often
Remy Lebeau
@rlebeau
@jpluimers I'll review it when I have some time
@jpluimers I updated IndySockets/Indy#49 with the link to Paul's implementation so I don't lose it
Kudzu
@czhower
Looks cool.. definitely to look at integrating...
Remy Lebeau
@rlebeau
Indy has an SSPI implementation that it uses for TIdSSPINTLMAuthentication for NTLM over HTTP, but last time I looked at it, I seem to recall that it is not generalized enough for reuse with SChannel, which also uses SSPI. If we can finish fleshing out the IdSSPI unit with some missing pieces, and maybe port some of the code from the IdAuthenticationSSPI unit into IdSSPI or another common unit, that would go a long way to making an SChannel IOHandler easier to implement within Indy. I'm sure there are pieces of Paul's implementation that duplicate pieces that Indy already has and should reuse. I was already working on learning the SSPI API for SChannel use, but that effort is still in test code and not in Indy yet.
Jacek
@jaclas
Only Embarcadero knows the exact reason
Kudzu
@czhower
blob
was it in one of those paths?
mezen
@mezen
Nop:
Hm, my image upload does not work atm :(
File only in Indy SVN: 'Protocols\IdSASL_NTLM.pas'
Kudzu
@czhower
not sure then... its up to EMBT.. but you can always just pull from svn or update Indy to latest anyway
Kudzu
@czhower
@jaclas Love your avatar BTW :) Where's Lucky?
Jacek
@jaclas

@czhower Can I safely uninstall Indy from delphi and install the current ones from the repo? Do not other delphi controls use Indy (e.g. REST library)?

@czhower Lucky is in my... ekhmm.. in a safe place ;-)

thx for help

Kudzu
@czhower
I'm not sure - better to ask @rlebeau . When Atozed uses Indy, we alias all units to avoid conflicts as Delphi has no native multi version support.
Remy Lebeau
@rlebeau
@jaclas this is actually covered in Indy's installation notes. And no, the REST library does not use Indy, but DataSnap and LiveTiles do
DelphiWorlds
@DelphiWorlds
Is the Bindings property editor somewhere in the Indy source? Can't seem to find it
DelphiWorlds
@DelphiWorlds
Backing up a little.. Using a binding that's added at design time seems to be different to what I'm doing at runtime:
var
  LBinding: TIdSocketHandle;
begin
  IdIPMCastClient1.IPVersion := TIdIPVersion.Id_IPv6;
  IdIPMCastClient1.DefaultPort := 6000;
  IdIPMCastClient1.MulticastGroup := 'FF02::1';
  IdIPMCastClient1.Bindings.Clear;
  LBinding := IdIPMCastClient1.Bindings.Add;
  LBinding.IPVersion := IdIPMCastClient1.IPVersion;
  LBinding.IP := '::';
  LBinding.Port := IdIPMCastClient1.DefaultPort;
  IdIPMCastClient1.Active := True;
end;
When there are no connections to an IPv6 network, it crashes on the setSockOpt call (called from TIdStackVCLPosix.SetSocketOption) when AddMulticastMembership is called. If I use the bindings editor to do the same thing (at least I hope it's the same), it does not crash
DelphiWorlds
@DelphiWorlds
D'Oh.. Just realised I can look at the form as text..