Re: [twsocket] THttpCli bug with no-content-length and nochunckedencoding
Fastream Technologies wrote: To elaborate: You need a page with no content-length and no chunked encoding that returns 401 to see it. THttpCli.GetHeaderLineNext; [..] { FContentLength = -1 when server doesn't send a value } if ((FContentLength = -1) and{ Added 12/03/2004 } (FTransferEncoding 'chunked') and { Added 09/10/2006 by FP } ((FStatusCode 200) or { Added 12/03/2004 } (FStatusCode = 204) or { Added 12/03/2004 } (FStatusCode = 301) or { Added 06/10/2004 } (FStatusCode = 302) or { Added 06/10/2004 } (FStatusCode = 304) )) { Added 12/03/2004 } or (FContentLength = 0) or [..] Looks like the 401 and 407 have to be removed again from the condition above. At least both do work when excluded, with and without a body and connection: close, tested with custom responses from THttpServer however without any real authentication. You should heavily test that change especially with all kinds of authentication and against all kinds of proxy servers as well. I don't have that time currently. -- Arno Garrels Best Regards, SZ On Wed, Oct 5, 2011 at 07:07, Fastream Technologies ga...@fastream.comwrote: Here is a screenshot of the issue as a picture is worth a thousand words: http://www.fastream.com/ics/ICSHTTPCLI.png Regards, SZ On Wed, Oct 5, 2011 at 06:26, Fastream Technologies ga...@fastream.comwrote: Dear Arno, The new problem happens with GET on pages with no content-length and no chunked-encoding. This bug had once been there, and then was fixed. Now it happens again. Please try against such a page with Httptst demo and you will see that the OnDocData is never called but instead all the data is assumed as header lines. I am using v7.18. Thanks for your efforts, SubZero On Tue, Oct 4, 2011 at 20:11, Arno Garrels arno.garr...@gmx.de wrote: Fastream Technologies wrote: We had actually paid for HttpCli bug fixes to Arno. I hope he will show up and fix it soon. We do not use content coding so I do not think Yuri's fix would work. I made your test case working by a fix of chunked decoding. So what actually is the problem now? Without a simple test case I won't look at it. -- Arno Garrels BTW Yuri, your code lacks the latest 7.18 bug fix by us (me and Arno). Regards, SZ On Tue, Oct 4, 2011 at 19:24, Angus Robertson - Magenta Systems Ltd an...@magsys.co.uk wrote: I wrote about a similar bug, but got no response from the administration. It is on my list of things to investigate this week, but paying work has to come before minor bug fixes like this. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] HTTP SSL Server vs p7b certificate's format
ROQUES Guillaume wrote: Do you ask for how to get a ICS TSslHttpServer working with a bought server certificate? Yes, and if I need to convert p7b's certificate or not ? Open the MyCertificate.pem in a text editor that understands UNIX line breaks. Does MyCertificate.pem include multiple certificates? With a bought commercial certificate there should be at least 2 certificates included in MyCertificate.pem. Make sure that the order of these certificates is correct. First has to be the server certificate followed by possible intermediate certificates followed by the root CA certificate. That's right, I found 3 certificates : 1 for the domain name *.mydomain.com, 1 for GlobalSign Domain Validation CA and 1 for GlobalSign root CA. So that looks correct, the handshake error may happen due to the client closes the connection, so I ask again: What client is connecting when that error happens? Common browsers should have the GlobalSign root CA in there trusted certificate store, TSslHttpCli clients not (by default). -- Arno Garrels Gratefully, Guillaume ROQUES http://www.canyon.fr/ Le 20:59, Arno Garrels a écrit : ROQUES Guillaume wrote: That's confusing description. Did he buy a SSL server certificate in order to access your server? Or are you talking about client certificates? The customer already have a SSL certificate on his domain, so he want that my HttpServer use SSL with this certificate. Do you ask for how to get a ICS TSslHttpServer working with a bought server certificate? Please provide more details about how you setup the component to use your the certificates. What HTTP client application is used? Here is my initialization : interface [...] TMyService =lass(TService) SslHttpServer: TSslHttpServer; TWSslAvlSessionCache: TSslAvlSessionCache; TWSslContext: TSslContext; [...] end; implementation [...] procedure TMyService.ServiceStart(Sender: TService; var Started: Boolean); begin [...] SslCertFile :=Path + 'MyCertificate.pem'; SslPassPhrase :='; SslPrivKeyFile :=Path + 'MyCertificate.pem'; SslCAFile :=Path + 'MyCertificate.pem'; SslCAPath :=Path; SslVerifyPeer :=alse; // Pre-loads OpenSSL DLL's TWSslContext.InitContext; DoLog('OpenSslVersion : ' + OpenSslVersion); DoLog(OpenSslCompilerFlags + #13#10 + OpenSslBuiltOn + #13#10 + OpenSslPlatForm + #13#10 + OpenSslDir); SslHttpServer.Start; end; Open the MyCertificate.pem in a text editor that understands UNIX line breaks. Does MyCertificate.pem include multiple certificates? With a bought commercial certificate there should be at least 2 certificates included in MyCertificate.pem. Make sure that the order of these certificates is correct. First has to be the server certificate followed by possible intermediate certificates followed by the root CA certificate. -- Arno Garrels -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] THttpCli bug with no-content-length and no chunckedencoding
Actually I tested with our Linksys routers admin page... So how to do you propose the fix you are requesting is tested? Do many people use ICS to access a router admin page without the correct password, I'm surprised it gave a 401 error and not just another login window. My two Linksys routers died, gave up on the brand. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] HTTP SSL Server vs p7b certificate's format
What client is connecting when that error happens? IE 7 to 9 or Firefox But none ask to add certificate, both say that the site is unreachablesounds weird I know T_T Cordialement, Guillaume ROQUES http://www.canyon.fr/ Le 20:59, Arno Garrels a écrit : ROQUES Guillaume wrote: Do you ask for how to get a ICS TSslHttpServer working with a bought server certificate? Yes, and if I need to convert p7b's certificate or not ? Open the MyCertificate.pem in a text editor that understands UNIX line breaks. Does MyCertificate.pem include multiple certificates? With a bought commercial certificate there should be at least 2 certificates included in MyCertificate.pem. Make sure that the order of these certificates is correct. First has to be the server certificate followed by possible intermediate certificates followed by the root CA certificate. That's right, I found 3 certificates : 1 for the domain name *.mydomain.com, 1 for GlobalSign Domain Validation CA and 1 for GlobalSign root CA. So that looks correct, the handshake error may happen due to the client closes the connection, so I ask again: What client is connecting when that error happens? Common browsers should have the GlobalSign root CA in there trusted certificate store, TSslHttpCli clients not (by default). -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] HTTP SSL Server vs p7b certificate's format
ROQUES Guillaume wrote: What client is connecting when that error happens? IE 7 to 9 or Firefox But none ask to add certificate, both say that the site is unreachablesounds weird I know T_T Have you tried newer OpenSSL libraries? http://wiki.overbyte.be/wiki/index.php/ICS_Download If that doesn't help, use a TIcsLogger to get a full debug log and send that to me if you don't find the error yourself. -- Arno Garrels Cordialement, Guillaume ROQUES http://www.canyon.fr/ Le 20:59, Arno Garrels a écrit : ROQUES Guillaume wrote: Do you ask for how to get a ICS TSslHttpServer working with a bought server certificate? Yes, and if I need to convert p7b's certificate or not ? Open the MyCertificate.pem in a text editor that understands UNIX line breaks. Does MyCertificate.pem include multiple certificates? With a bought commercial certificate there should be at least 2 certificates included in MyCertificate.pem. Make sure that the order of these certificates is correct. First has to be the server certificate followed by possible intermediate certificates followed by the root CA certificate. That's right, I found 3 certificates : 1 for the domain name *.mydomain.com, 1 for GlobalSign Domain Validation CA and 1 for GlobalSign root CA. So that looks correct, the handshake error may happen due to the client closes the connection, so I ask again: What client is connecting when that error happens? Common browsers should have the GlobalSign root CA in there trusted certificate store, TSslHttpCli clients not (by default). -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be