Re: [twsocket] How to fill ICS SSL with different certificates ?
> But is it safe to upgrade to a SVN version rather to stay on the > stable version provided on the getit platform for our customers ? > A SVN version come with patches but with new bugs too, so;) > > Actually GetIt has the 8.44 and SVN is already on 8.50 I hope it > would be a stable number by the way but... What constitutes a stable release is highly debatable, it is really any release that has no outstanding show stopping bugs, and that is only known with time, usually a couple of weeks. But no guarantee that it is bug free even then, depends how many people have built projects using it. For the web server, SMTP, POP3 and FTP in particular, I only put stuff into SVN that is live on my own public web site, but bugs do still arise, just fixed web redirection. V8.50 is the next planned stable release, I have no outstanding bugs to fix and no planned changes, but did make changes last week and have not rebuilt all my applications yet. GetIt submissions are handled manually by email, and people keep leaving and don't answer emails, so they are not necessarily up to date. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] How to fill ICS SSL with different certificates ?
Ok I understood. But is it safe to upgrade to a SVN version rather to stay on the stable version provided on the getit platform for our customers ? A SVN version come with patches but with new bugs too, so;) Actually GetIt has the 8.44 and SVN is already on 8.50 I hope it would be a stable number by the way but... Le 22/09/2017 à 18:37, Angus Robertson - Magenta Systems Ltd a écrit : So this sequence is not needed : For backward compatibly, there are several ways of loading certificates and private keys, and they may be in separate or bundled files. You only need to use the method that matches the files you are expecting, and only once. Threre is a key file too, which property should I input ? PrivateKeyLoadFromPemFile You can look at the PemTool sample which loads and displays certificates, private keys and CAs, so see what you have and whether ICS will load them. But you really need a new version, it keeps changing, there was a new version V8.50 today in SVN. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] How to fill ICS SSL with different certificates ?
> So this sequence is not needed : For backward compatibly, there are several ways of loading certificates and private keys, and they may be in separate or bundled files. You only need to use the method that matches the files you are expecting, and only once. > Threre is a key file too, which property should I input ? PrivateKeyLoadFromPemFile You can look at the PemTool sample which loads and displays certificates, private keys and CAs, so see what you have and whether ICS will load them. But you really need a new version, it keeps changing, there was a new version V8.50 today in SVN. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] How to fill ICS SSL with different certificates ?
Hi Angus, Your code is then confused about loading certificates, you seem to be doing it repeatedly from different locations, using different functions, setting SslCertFile to SslCAFile, then LoadFromFile(CertificatSSL, xx which is different. I masked some of my code and I forgot this variable "CertificatSSL" : It is equal to "D:\Web\CertificatSSL.p7b". So this sequence is not needed : SslCAFile := "D:\Web\CertificatSSL.p7b"; SslCAPath := ExtractFilePath(SslCAFile); SslCertFile := SslCAFile; I should use only this one : SslCertX509.LoadFromFile(CertificatSSL, croTry, croTry); ?? I assume all those intermediates are in the certificate file? Seems a lot. Or are they in CertificatSSL.p7b? While PEM and PFX/P12 files can include a private key, P7B files are only certificates so the key will be in a separate file. Threre is a key file too, which property should I input ? I'd suggest you look at the new OverbyteIcsSslMultiWebServ sample added with ICS V8.49 that uses the new IcsHosts structure and hides all this SSLContext stuff away. I'd take a look, thanks a lot ! Guillaume Le 22/09/2017 à 09:54, Angus Robertson - Magenta Systems Ltd a écrit : 'd like to use a PKCS#7 certificate with ICS 8.44. and OpenSSL 1.1.0f, but I don't know which properties to initialize. You should load OpenSSL at the start, before calling any SSL functions, otherwise it may get loaded and reloaded and be unpredictable. Your code is then confused about loading certificates, you seem to be doing it repeatedly from different locations, using different functions, setting SslCertFile to SslCAFile, then LoadFromFile(CertificatSSL, xx which is different. I assume all those intermediates are in the certificate file? Seems a lot. Or are they in CertificatSSL.p7b? The real error would appear to be 'Pkey not Loaded' and I don't see a private key being loaded anywhere? Without a private key, an SSL server will not work. While PEM and PFX/P12 files can include a private key, P7B files are only certificates so the key will be in a separate file. I'd suggest you look at the new OverbyteIcsSslMultiWebServ sample added with ICS V8.49 that uses the new IcsHosts structure and hides all this SSLContext stuff away. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] How to fill ICS SSL with different certificates ?
> 'd like to use a PKCS#7 certificate with ICS 8.44. and OpenSSL > 1.1.0f, but I don't know which properties to initialize. You should load OpenSSL at the start, before calling any SSL functions, otherwise it may get loaded and reloaded and be unpredictable. Your code is then confused about loading certificates, you seem to be doing it repeatedly from different locations, using different functions, setting SslCertFile to SslCAFile, then LoadFromFile(CertificatSSL, xx which is different. I assume all those intermediates are in the certificate file? Seems a lot. Or are they in CertificatSSL.p7b? The real error would appear to be 'Pkey not Loaded' and I don't see a private key being loaded anywhere? Without a private key, an SSL server will not work. While PEM and PFX/P12 files can include a private key, P7B files are only certificates so the key will be in a separate file. I'd suggest you look at the new OverbyteIcsSslMultiWebServ sample added with ICS V8.49 that uses the new IcsHosts structure and hides all this SSLContext stuff away. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
