Re: [twsocket] OpenSSL 1.1.0c support
Thanks a lot will Install after 2th update of Delphi Met vriendelijke groeten - Best regards - Mit freundlichen Grüßen - Bestu kveðjur - Sincères salutations 👤 Jasja Glasbeek | Sales/Export/ICT | Machandel BV <http://www.machandel.com> ☎ +31 (0)516 - 425020 | 📱 +31 (0)6 - 20165848 | 📧 ja...@machandel.com -- Origineel bericht -- Van: "Angus Robertson - Magenta Systems Ltd" Aan: twsocket@lists.elists.org Verzonden: 15-11-2016 18:28:00 Onderwerp: Re: [twsocket] OpenSSL 1.1.0c support ICS V8.38 is now available in SVN and the overnight zip. It includes changes to support checking of the authenticode code signing digital certificates on the latest versions of the ICS built OpenSSL DLLs. The new IcsVerifyTrust function can also be used to self test digitally signed end user applications to check they are not corrupted or maliciously altered. To ensure only the latest signed OpenSSL DLLs are used from the local directory, all applications should add the following lines in FormCreate or at least before any calls that may cause OpenSSL to be initialised: GSSLEAY_DLL_IgnoreNew := False; { V8.38 don't ignore OpenSSL 1.1.0 and later } GSSLEAY_DLL_IgnoreOld := True; { V8.38 ignore OpenSSL 1.0.2 and earlier } GSSL_DLL_DIR := ExtractFilePath(ParamStr(0)); { V8.38 only from our directory } GSSL_SignTest_Check := True; { V8.38 check digitally signed } GSSL_SignTest_Certificate := True; { V8.38 check digital certificate } Without these lines, your application may load old OpenSSL versions found in the Windows path, with unpredictable results. Note that currently information from the digital certificate can not be accessed, so you can not easily ensure it's our signed DLL, this needs several more Windows certificate APIs or new OpenSSL functionality (which I'll attempt first). The OverbyteIcsPemTool sample has been updated to stop use of unsigned OpenSSL DLLs. It also adds a Check Signed button that allows a single file to be selected and it's digital certificate tested, which may be useful for those interested in using the new IcsVerifyTrust function in their own digitally signed applications. Other recent ICS changes include: A new property SocketErrs added to most major components that may be set to wsErrFriendly (default is wsErrTech) for more friendly low level wsocket exceptions without numbers. Note this is a work in progress, exceptions are generated in numerous places in various formats, and it's a lot of work to standardise and clean them all up. There is a new ESocketException that has extra properties for low level exceptions. A new property ExclusiveAddr for servers to stop other applications trying to listen on same socket, defaults to True. The HTTP Client component has another POST relocation fix. The HTTP Client component also fixes a long term bug that meant many wsocket exceptions were suppressed and only partially reported in the OnSocketError event was used (and the exception description was still lost). Beware this fix means more exceptions may need to be handled in HTTP Client applications, so please do some simple functional testing after using this new ICS version. Several of my own applications failed because I was trying to increase the socket buffer size before the socket was connected, which now raised an exception which was previously hidden. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] OpenSSL 1.1.0c support
ICS V8.38 is now available in SVN and the overnight zip. It includes changes to support checking of the authenticode code signing digital certificates on the latest versions of the ICS built OpenSSL DLLs. The new IcsVerifyTrust function can also be used to self test digitally signed end user applications to check they are not corrupted or maliciously altered. To ensure only the latest signed OpenSSL DLLs are used from the local directory, all applications should add the following lines in FormCreate or at least before any calls that may cause OpenSSL to be initialised: GSSLEAY_DLL_IgnoreNew := False; { V8.38 don't ignore OpenSSL 1.1.0 and later } GSSLEAY_DLL_IgnoreOld := True; { V8.38 ignore OpenSSL 1.0.2 and earlier } GSSL_DLL_DIR := ExtractFilePath(ParamStr(0)); { V8.38 only from our directory } GSSL_SignTest_Check := True; { V8.38 check digitally signed } GSSL_SignTest_Certificate := True; { V8.38 check digital certificate } Without these lines, your application may load old OpenSSL versions found in the Windows path, with unpredictable results. Note that currently information from the digital certificate can not be accessed, so you can not easily ensure it's our signed DLL, this needs several more Windows certificate APIs or new OpenSSL functionality (which I'll attempt first). The OverbyteIcsPemTool sample has been updated to stop use of unsigned OpenSSL DLLs. It also adds a Check Signed button that allows a single file to be selected and it's digital certificate tested, which may be useful for those interested in using the new IcsVerifyTrust function in their own digitally signed applications. Other recent ICS changes include: A new property SocketErrs added to most major components that may be set to wsErrFriendly (default is wsErrTech) for more friendly low level wsocket exceptions without numbers. Note this is a work in progress, exceptions are generated in numerous places in various formats, and it's a lot of work to standardise and clean them all up. There is a new ESocketException that has extra properties for low level exceptions. A new property ExclusiveAddr for servers to stop other applications trying to listen on same socket, defaults to True. The HTTP Client component has another POST relocation fix. The HTTP Client component also fixes a long term bug that meant many wsocket exceptions were suppressed and only partially reported in the OnSocketError event was used (and the exception description was still lost). Beware this fix means more exceptions may need to be handled in HTTP Client applications, so please do some simple functional testing after using this new ICS version. Several of my own applications failed because I was trying to increase the socket buffer size before the socket was connected, which now raised an exception which was previously hidden. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] OpenSSL 1.1.0c support
Thanks very much for the update Verstuurd vanaf mijn iPhonet > Op 11 nov. 2016 om 18:29 heeft François Piette > het volgende geschreven: > > I think we should thank Angus for managing the whole process of code > signing. > This is a real plus toward a better ICS. > > -- > francois.pie...@overbyte.be > The author of the freeware multi-tier middleware MidWare > The author of the freeware Internet Component Suite (ICS) > http://www.overbyte.be > > > > -Message d'origine- > De : TWSocket [mailto:twsocket-boun...@lists.elists.org] De la part de Angus > Robertson - Magenta Systems Ltd > Envoyé : vendredi 11 novembre 2016 17:03 > À : twsocket@lists.elists.org > Objet : [twsocket] OpenSSL 1.1.0c support > > OpenSSL has issued a new version 1.1.0c fixing several security issues. > > > Two new DLLs for Win32 and Win64 versions of OpenSSL 1.1.0c may be loaded > from the Wiki at: > > http://wiki.overbyte.be/wiki/index.php/ICS_Download > > SVN and the overnight zip will be updated tonight. > > The OpenSSL DLLs and EXE files included in the OpenSSL 1.1.0c and 1.0.2j > zips are now digitally code signed 'Open Source Developer, François PIETTE', > the lead developer for ICS. > > Digital code signing allows Windows to automatically check the authenticity > and origin of binaries and whether they have been corrupted or patched. In > File Explorer, right click on a file, Properties, Digital Signatures should > show two signatures with SHA1 and > SHA256 algorithms, and allow the digital certificate to be viewed and it's > status checked. > > The Magenta Systems Code Signing Trust and Certificate Check component at > https://www.magsys.co.uk/delphi/magtrustchk.asp may be used in applications > to check the correctly signed DLLs are being used by ICS, with this > functionality planned to be included in ICS itself. The component can also > self check a signed application for corruption and tampering. > > Angus > > > -- > To unsubscribe or change your settings for TWSocket mailing list please goto > http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket > Visit our website at http://www.overbyte.be > > -- > To unsubscribe or change your settings for TWSocket mailing list > please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket > Visit our website at http://www.overbyte.be -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] OpenSSL 1.1.0c support
I think we should thank Angus for managing the whole process of code signing. This is a real plus toward a better ICS. -- francois.pie...@overbyte.be The author of the freeware multi-tier middleware MidWare The author of the freeware Internet Component Suite (ICS) http://www.overbyte.be -Message d'origine- De : TWSocket [mailto:twsocket-boun...@lists.elists.org] De la part de Angus Robertson - Magenta Systems Ltd Envoyé : vendredi 11 novembre 2016 17:03 À : twsocket@lists.elists.org Objet : [twsocket] OpenSSL 1.1.0c support OpenSSL has issued a new version 1.1.0c fixing several security issues. Two new DLLs for Win32 and Win64 versions of OpenSSL 1.1.0c may be loaded from the Wiki at: http://wiki.overbyte.be/wiki/index.php/ICS_Download SVN and the overnight zip will be updated tonight. The OpenSSL DLLs and EXE files included in the OpenSSL 1.1.0c and 1.0.2j zips are now digitally code signed 'Open Source Developer, François PIETTE', the lead developer for ICS. Digital code signing allows Windows to automatically check the authenticity and origin of binaries and whether they have been corrupted or patched. In File Explorer, right click on a file, Properties, Digital Signatures should show two signatures with SHA1 and SHA256 algorithms, and allow the digital certificate to be viewed and it's status checked. The Magenta Systems Code Signing Trust and Certificate Check component at https://www.magsys.co.uk/delphi/magtrustchk.asp may be used in applications to check the correctly signed DLLs are being used by ICS, with this functionality planned to be included in ICS itself. The component can also self check a signed application for corruption and tampering. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
[twsocket] OpenSSL 1.1.0c support
OpenSSL has issued a new version 1.1.0c fixing several security issues. Two new DLLs for Win32 and Win64 versions of OpenSSL 1.1.0c may be loaded from the Wiki at: http://wiki.overbyte.be/wiki/index.php/ICS_Download SVN and the overnight zip will be updated tonight. The OpenSSL DLLs and EXE files included in the OpenSSL 1.1.0c and 1.0.2j zips are now digitally code signed 'Open Source Developer, François PIETTE', the lead developer for ICS. Digital code signing allows Windows to automatically check the authenticity and origin of binaries and whether they have been corrupted or patched. In File Explorer, right click on a file, Properties, Digital Signatures should show two signatures with SHA1 and SHA256 algorithms, and allow the digital certificate to be viewed and it's status checked. The Magenta Systems Code Signing Trust and Certificate Check component at https://www.magsys.co.uk/delphi/magtrustchk.asp may be used in applications to check the correctly signed DLLs are being used by ICS, with this functionality planned to be included in ICS itself. The component can also self check a signed application for corruption and tampering. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be