[twsocket] SSL Certificates check
Hello Arno, I have updated to the last version of ICS and I used OpenSSL 1.0.0d and it works perfectly. Again THANK YOU for your help. -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
[twsocket] Computer's name
Hello,
I have now been thinking of this for a while and don’t know if I have already
asked but here it comes,
We can get some remote info of the connected client from the following code but,
are there any possibilities of getting the computername as well?
if yes,
Please do help me out with it.
--[ C O D E
]
{-|<<< - [ Socket Client connect ] - >>>|-}
procedure TfrmMain.SslWSocketServerClientConnect(Sender : TObject;
Client : TWSocketClient;
Error : Word);
begin
with Client as TTcpSrvClient do begin
Inc(FClientNo); // Increment unique client no
Tag := FClientNo; // tag connecting client with it's id
Display('There is now ' +
IntToStr(TWSocketServer(Sender).ClientCount) +
' clients connected.');
Display('Client connected:|' +IntToStr(Tag)+ '|' +
' Remote:' +PeerAddr+ ':' +PeerPort+ '|' +
' Local:' +GetXAddr+ ':' +GetXPort);
LineMode:= True;
LineEdit:= True;
LineLimit := 80; { Do not accept long lines }
OnDataAvailable := ClientDataAvailable;
OnLineLimitExceeded := ClientLineLimitExceeded;
OnBgException := ClientBgException;
ConnectTime := Now;
//You need to start inserting data into the xml here
end;
end;
--[ C O D E
]
--
To unsubscribe or change your settings for TWSocket mailing list
please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be
Re: [twsocket] OpenSSL 1.0.0d migration issue
Fastream Technologies wrote:
> Hello,
>
> I have,
> 1. Downloaded the latest snapshot from the wiki page.
> 2. Modified ICS conditionals as
> NDEBUG;NO_STRICT;PANTERA;NOFORMS;NO_DEBUG_LOG;USE_SSL;SECURITY_WIN32;NO_ADVANCED_HTTP_CLIENT_FEATURES;NO_ADV_MT
> 3. Enabled TLSEXT from the SSL inc file
> 4. Compiled our proxy server and web stress tester tool.
>
> It all worked except that when SSL is stress tested, it gives the AV
> as, http://www.fastream.com/ics/opensslissue.png
Did you know that ctrl + c copies content of the message box to the
clipboard, no need to upload screen shots.
Since the AV happens in code introduced in v1.0.0+ I would
test v0.9.8r and see whether that solves the problem.
Doesn't look like an ICS issue.
LIBEAY32.EVP_PKEY_missing_parameters:
1105C060 8B4C2404 mov ecx,[esp+$04]
1105C064 8B410C mov eax,[ecx+$0c]
1105C067 85C0 test eax,eax
1105C069 740D jz $1105c078
1105C06B 8B4040 mov eax,[eax+$40] <=
1105C06E 85C0 test eax,eax
1105C070 7406 jz $1105c078
1105C072 894C2404 mov [esp+$04],ecx
1105C076 FFE0 jmp eax
1105C078 33C0 xor eax,eax
1105C07A C3 ret
1105C07B CC int 3
1105C07C CC int 3
1105C07D CC int 3
1105C07E CC int 3
1105C07F CC int 3
int EVP_PKEY_missing_parameters(const EVP_PKEY *pkey)
{
if (pkey->ameth && pkey->ameth->param_missing)
return pkey->ameth->param_missing(pkey);
return 0;
}
struct evp_pkey_asn1_method_st
{
int pkey_id;
int pkey_base_id;
unsigned long pkey_flags;
char *pem_str;
char *info;
int (*pub_decode)(EVP_PKEY *pk, X509_PUBKEY *pub);
int (*pub_encode)(X509_PUBKEY *pub, const EVP_PKEY *pk);
int (*pub_cmp)(const EVP_PKEY *a, const EVP_PKEY *b);
int (*pub_print)(BIO *out, const EVP_PKEY *pkey, int indent,
ASN1_PCTX *pctx);
int (*priv_decode)(EVP_PKEY *pk, PKCS8_PRIV_KEY_INFO *p8inf);
int (*priv_encode)(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pk);
int (*priv_print)(BIO *out, const EVP_PKEY *pkey, int indent,
ASN1_PCTX *pctx);
int (*pkey_size)(const EVP_PKEY *pk);
int (*pkey_bits)(const EVP_PKEY *pk);
int (*param_decode)(EVP_PKEY *pkey,
const unsigned char **pder, int derlen);
int (*param_encode)(const EVP_PKEY *pkey, unsigned char **pder);
int (*param_missing)(const EVP_PKEY *pk);<=
[..]
} /* EVP_PKEY_ASN1_METHOD */;
--
To unsubscribe or change your settings for TWSocket mailing list
please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be
Re: [twsocket] OpenSSL 1.0.0d migration issue
I need to re-ask: Can I use one SSL Context per thread instead of per client
object?
Regards,
SubZero
On Tue, May 10, 2011 at 11:43, Arno Garrels wrote:
> Fastream Technologies wrote:
> > Hello,
> >
> > I have,
> > 1. Downloaded the latest snapshot from the wiki page.
> > 2. Modified ICS conditionals as
> >
> NDEBUG;NO_STRICT;PANTERA;NOFORMS;NO_DEBUG_LOG;USE_SSL;SECURITY_WIN32;NO_ADVANCED_HTTP_CLIENT_FEATURES;NO_ADV_MT
> > 3. Enabled TLSEXT from the SSL inc file
> > 4. Compiled our proxy server and web stress tester tool.
> >
> > It all worked except that when SSL is stress tested, it gives the AV
> > as, http://www.fastream.com/ics/opensslissue.png
>
> Did you know that ctrl + c copies content of the message box to the
> clipboard, no need to upload screen shots.
>
> Since the AV happens in code introduced in v1.0.0+ I would
> test v0.9.8r and see whether that solves the problem.
> Doesn't look like an ICS issue.
>
> LIBEAY32.EVP_PKEY_missing_parameters:
> 1105C060 8B4C2404 mov ecx,[esp+$04]
> 1105C064 8B410C mov eax,[ecx+$0c]
> 1105C067 85C0 test eax,eax
> 1105C069 740D jz $1105c078
> 1105C06B 8B4040 mov eax,[eax+$40] <=
> 1105C06E 85C0 test eax,eax
> 1105C070 7406 jz $1105c078
> 1105C072 894C2404 mov [esp+$04],ecx
> 1105C076 FFE0 jmp eax
> 1105C078 33C0 xor eax,eax
> 1105C07A C3 ret
> 1105C07B CC int 3
> 1105C07C CC int 3
> 1105C07D CC int 3
> 1105C07E CC int 3
> 1105C07F CC int 3
>
>
> int EVP_PKEY_missing_parameters(const EVP_PKEY *pkey)
> {
> if (pkey->ameth && pkey->ameth->param_missing)
> return pkey->ameth->param_missing(pkey);
> return 0;
> }
>
> struct evp_pkey_asn1_method_st
> {
> int pkey_id;
> int pkey_base_id;
> unsigned long pkey_flags;
>
> char *pem_str;
> char *info;
>
> int (*pub_decode)(EVP_PKEY *pk, X509_PUBKEY *pub);
> int (*pub_encode)(X509_PUBKEY *pub, const EVP_PKEY *pk);
> int (*pub_cmp)(const EVP_PKEY *a, const EVP_PKEY *b);
> int (*pub_print)(BIO *out, const EVP_PKEY *pkey, int indent,
> ASN1_PCTX *pctx);
>
> int (*priv_decode)(EVP_PKEY *pk, PKCS8_PRIV_KEY_INFO *p8inf);
> int (*priv_encode)(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pk);
> int (*priv_print)(BIO *out, const EVP_PKEY *pkey, int indent,
> ASN1_PCTX *pctx);
>
> int (*pkey_size)(const EVP_PKEY *pk);
> int (*pkey_bits)(const EVP_PKEY *pk);
>
> int (*param_decode)(EVP_PKEY *pkey,
>const unsigned char **pder, int derlen);
> int (*param_encode)(const EVP_PKEY *pkey, unsigned char **pder);
> int (*param_missing)(const EVP_PKEY *pk);<=
> [..]
>
> } /* EVP_PKEY_ASN1_METHOD */;
>
>
> --
> To unsubscribe or change your settings for TWSocket mailing list
> please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
> Visit our website at http://www.overbyte.be
>
--
To unsubscribe or change your settings for TWSocket mailing list
please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be
Re: [twsocket] OpenSSL 1.0.0d migration issue
Fastream Technologies wrote:
> I need to re-ask: Can I use one SSL Context per thread instead of per
> client object?
Sure, one SslContext per thread is the safe way as long as you
only assign it to client objects created in the same thread
(or .ThreadAttached). One context per client was true overkill.
The AV might be a multi-thread issue indeed. Either in the OpenSSL
libraries or elsewhere in your code. Do you enable a single
TSslDynamicLock object in main thread before any other OpenSSL call?
--
Arno Garrels
>
> Regards,
>
> SubZero
> On Tue, May 10, 2011 at 11:43, Arno Garrels
> wrote:
>
>> Fastream Technologies wrote:
>>> Hello,
>>>
>>> I have,
>>> 1. Downloaded the latest snapshot from the wiki page.
>>> 2. Modified ICS conditionals as
>>>
>> NDEBUG;NO_STRICT;PANTERA;NOFORMS;NO_DEBUG_LOG;USE_SSL;SECURITY_WIN32;NO_ADVANCED_HTTP_CLIENT_FEATURES;NO_ADV_MT
>>> 3. Enabled TLSEXT from the SSL inc file
>>> 4. Compiled our proxy server and web stress tester tool.
>>>
>>> It all worked except that when SSL is stress tested, it gives the AV
>>> as, http://www.fastream.com/ics/opensslissue.png
>>
>> Did you know that ctrl + c copies content of the message box to the
>> clipboard, no need to upload screen shots.
>>
>> Since the AV happens in code introduced in v1.0.0+ I would
>> test v0.9.8r and see whether that solves the problem.
>> Doesn't look like an ICS issue.
>>
>> LIBEAY32.EVP_PKEY_missing_parameters:
>> 1105C060 8B4C2404 mov ecx,[esp+$04]
>> 1105C064 8B410C mov eax,[ecx+$0c]
>> 1105C067 85C0 test eax,eax
>> 1105C069 740D jz $1105c078
>> 1105C06B 8B4040 mov eax,[eax+$40] <=
>> 1105C06E 85C0 test eax,eax
>> 1105C070 7406 jz $1105c078
>> 1105C072 894C2404 mov [esp+$04],ecx
>> 1105C076 FFE0 jmp eax
>> 1105C078 33C0 xor eax,eax
>> 1105C07A C3 ret
>> 1105C07B CC int 3
>> 1105C07C CC int 3
>> 1105C07D CC int 3
>> 1105C07E CC int 3
>> 1105C07F CC int 3
>>
>>
>> int EVP_PKEY_missing_parameters(const EVP_PKEY *pkey)
>> {
>> if (pkey->ameth && pkey->ameth->param_missing)
>> return pkey->ameth->param_missing(pkey);
>> return 0;
>> }
>>
>> struct evp_pkey_asn1_method_st
>> {
>> int pkey_id;
>> int pkey_base_id;
>> unsigned long pkey_flags;
>>
>> char *pem_str;
>> char *info;
>>
>> int (*pub_decode)(EVP_PKEY *pk, X509_PUBKEY *pub);
>> int (*pub_encode)(X509_PUBKEY *pub, const EVP_PKEY *pk);
>> int (*pub_cmp)(const EVP_PKEY *a, const EVP_PKEY *b);
>> int (*pub_print)(BIO *out, const EVP_PKEY *pkey, int indent,
>> ASN1_PCTX *pctx);
>>
>> int (*priv_decode)(EVP_PKEY *pk, PKCS8_PRIV_KEY_INFO *p8inf);
>> int (*priv_encode)(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pk);
>> int (*priv_print)(BIO *out, const EVP_PKEY *pkey, int indent,
>> ASN1_PCTX *pctx);
>>
>> int (*pkey_size)(const EVP_PKEY *pk);
>> int (*pkey_bits)(const EVP_PKEY *pk);
>>
>> int (*param_decode)(EVP_PKEY *pkey,
>>const unsigned char **pder, int derlen);
>> int (*param_encode)(const EVP_PKEY *pkey, unsigned char **pder);
>> int (*param_missing)(const EVP_PKEY *pk);<=
>> [..]
>>
>> } /* EVP_PKEY_ASN1_METHOD */;
>>
>>
>> --
>> To unsubscribe or change your settings for TWSocket mailing list
>> please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
>> Visit our website at http://www.overbyte.be
--
To unsubscribe or change your settings for TWSocket mailing list
please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be
[twsocket] TFtpCli and FTP server in passive mode
Hello, I have a problem to upload a file on some server which are only reachable in passive mode. Tested with a lot of version of ICS (V7, octobre 2010, V6 octobre 2009) and on Delphi 2006, 2007, 2010. In passive mode with Ftpclient.passivemode:=true; command "put" (same with "get") seems to be ignored. I only do this : procedure TForm8.icsClick(Sender: TObject); begin FtpClient1.HostName:=site.text; FtpClient1.username:=login.text; FtpClient1.password:=password.text; FtpClient1.connect; FtpClient1.HostDirName :='.'; FtpClient1.cwd; FtpClient1.LocalFileName:='h:\test.txt'; FtpClient1.HostFileName:='test.txt'; FtpClient1.TypeBinary; FtpClient1.Passive:=true; FtpClient1.put; FtpClient1.Quit; end; Log returned by TFtpClient (useing TftpClient events) is : < 220-FileZilla Server version 0.9.37 beta < 220-written by Tim Kosse (tim.ko...@gmx.de) < 220 Please visit http://sourceforge.net/projects/filezilla/ USER auser > USER auser < 331 Password required for auser PASS apass > PASS apass < 230 Logged on CWD . > CWD . < 250 CWD successful. "/" is current directory. TYPE I > TYPE I < 200 Type set to I PASV > PASV < 27 Entering Passive Mode (213,56,128,2,4,27) QUIT > QUIT < 221 Goodbye In active mode without the line "FtpClient1.Passive:=true;" I Have : < 220-FileZilla Server version 0.9.37 beta < 220-written by Tim Kosse (tim.ko...@gmx.de) < 220 Please visit http://sourceforge.net/projects/filezilla/ USER auser > USER auser < 331 Password required for auser PASS apass > PASS apass < 230 Logged on CWD . > CWD . < 250 CWD successful. "/" is current directory. TYPE I > TYPE I < 200 Type set to I PORT 192,168,1,13,195,101 > PORT 192,168,1,13,195,101 < 200 Port command successful ! Upload Size 2,08K STOR test.txt > STOR test.txt < 150 Opening data channel for file transfer. < 425 Can't open data connection. ! STOR Failed QUIT > QUIT < 221 Goodbye I get an error 425 "Can't open data connection." ! So how to set passive mode and upload a file ? What I have missed ? Command like FtpClient1.dele works fine This FTP server work fine with a Filezilla client. Best regards, - Fabrice -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
[twsocket] ANN: IQ Proxy Server with OpenSSL 1.0.0d available
Hello, *What's new in IQ Proxy Server 5.5.1R *- SSL module re-designed - GUI 100% CPU utilization bug fixed http://www.iqproxyserver.com 30-day trial available. It can now achieve an average of *700SSL TPS*(connection: close with no session caching, the lowest performance case) with *1000 concurrent clients* on dual core 2.8GHz AMD system! RAM usage is less than 64MB (except cache). If you have some quality software, we can exhange licenses (barter) with ICS developers! Thanks to Jerry (for his bug report) and Arno. Best Regards, SubZero -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] ANN: IQ Proxy Server with OpenSSL 1.0.0d available
Does that mean OpenSSL 1.0.0d was not the cause of the AV but some bug in your code? -- Arno Garrels -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] ANN: IQ Proxy Server with OpenSSL 1.0.0d available
Yes indeed. The issue was with multi-threaded code, assignment of server instance SslContext was left over... :-o I had fixed that some time ago but somehow it became not working. I also fixed another bug in R2 of 5.5.1 (available now). Regards, SZ On Tue, May 10, 2011 at 15:46, Arno Garrels wrote: > Does that mean OpenSSL 1.0.0d was not the cause of the AV > but some bug in your code? > > -- > Arno Garrels > -- > To unsubscribe or change your settings for TWSocket mailing list > please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket > Visit our website at http://www.overbyte.be > -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] Computer's name
We can get some remote info of the connected client from the following code but, are there any possibilities of getting the computername as well? Are you asking about Windows networking "computername" ? This is completly independent of the TCP/IP protocol. It may even be different that the DNS name associated with the computer's IP address. if the remote computer is on the same LAN (or WAn transporting Windows networking), then Windows API has function to enumerate computers on the network (this is what Windows Explorer uses to show the network neightborhood). You may use that API into your application. -- francois.pie...@overbyte.be The author of the freeware multi-tier middleware MidWare The author of the freeware Internet Component Suite (ICS) http://www.overbyte.be -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] ANN: IQ Proxy Server with OpenSSL 1.0.0d available
Fastream Technologies wrote: >> Does that mean OpenSSL 1.0.0d was not the cause of the AV >> but some bug in your code? > Yes indeed. The issue was with multi-threaded code, assignment of > server instance SslContext was left over... :-o That's good to know. -- Arno Garrels -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] ANN: IQ Proxy Server with OpenSSL 1.0.0d available
One other thing: With the latest ICS/OpenSSL, the HTTPS POST 10053 issue is also gone away..! :-)) SubZero On Tue, May 10, 2011 at 20:32, Arno Garrels wrote: > Fastream Technologies wrote: > >> Does that mean OpenSSL 1.0.0d was not the cause of the AV > >> but some bug in your code? > > Yes indeed. The issue was with multi-threaded code, assignment of > > server instance SslContext was left over... :-o > > That's good to know. > > -- > Arno Garrels > > -- > To unsubscribe or change your settings for TWSocket mailing list > please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket > Visit our website at http://www.overbyte.be > -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
[twsocket] EmulVT bugs...
Hi, I've just downloaded ICS as I need a telnet client with a COM interface and haven't found one that works well enough for me yet (so I'm going to write one...) I'm in the process of extending the EmulVT component to support xterm emulation. In the process I have identified 2 bugs in the core vt100 emulation: 1) Reverse Video At the end of ProcessCSI_m_lc, the foreground and background colours are swapped if the FReverseVideo flag is set. This is incorrect. The actual attribute to use needs to be calculated in WriteLiteralChar. Consider the following sequence: [0;7m[31m[40m The current implementation will not handle this correctly. 2) Graphics (line drawing) characters Line drawing characters are done by switching character sets and performing a translation. The translation should *not* be done if we are currently processing an escape sequence. Consider the following sequence: [0;7m(0[31m[40m The current implementation does not do the colour change as the 'm' has been translated to a line drawing character. The character sequences above are captured from a Linux app using ncurses -- Alistair Ward Senior Software Engineer Noel Leeming Group Any views expressed in this message are those of the individual sender, except where the sender specifically states them to be the views of Noel Leeming Group Limited. This e-mail message and any accompanying data may contain confidential information. If you are not the intended recipient, you are notified that any use, dissemination, distribution or copying of this message or data is prohibited. -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] EmulVT bugs...
Hello Alistair, If you are going to fix the bugs you've found, please be absolutely sure to start with the latest version of the entire ICS. For that, download it from the SVN repository. See instructions there: http://wiki.overbyte.be/wiki/index.php/ICS_Download Once fixed, email me the complete files you've updated. Regards, -- francois.pie...@overbyte.be The author of the freeware multi-tier middleware MidWare The author of the freeware Internet Component Suite (ICS) http://www.overbyte.be - Original Message - From: "Alistair Ward" To: Sent: Wednesday, May 11, 2011 7:05 AM Subject: [twsocket] EmulVT bugs... Hi, I've just downloaded ICS as I need a telnet client with a COM interface and haven't found one that works well enough for me yet (so I'm going to write one...) I'm in the process of extending the EmulVT component to support xterm emulation. In the process I have identified 2 bugs in the core vt100 emulation: 1) Reverse Video At the end of ProcessCSI_m_lc, the foreground and background colours are swapped if the FReverseVideo flag is set. This is incorrect. The actual attribute to use needs to be calculated in WriteLiteralChar. Consider the following sequence: [0;7m[31m[40m The current implementation will not handle this correctly. 2) Graphics (line drawing) characters Line drawing characters are done by switching character sets and performing a translation. The translation should *not* be done if we are currently processing an escape sequence. Consider the following sequence: [0;7m(0[31m[40m The current implementation does not do the colour change as the 'm' has been translated to a line drawing character. The character sequences above are captured from a Linux app using ncurses -- Alistair Ward Senior Software Engineer Noel Leeming Group Any views expressed in this message are those of the individual sender, except where the sender specifically states them to be the views of Noel Leeming Group Limited. This e-mail message and any accompanying data may contain confidential information. If you are not the intended recipient, you are notified that any use, dissemination, distribution or copying of this message or data is prohibited. -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
