Re: [twsocket] THttpCli bug with no-content-length and nochunckedencoding
Fastream Technologies wrote:
To elaborate: You need a page with no content-length and no chunked
encoding that returns 401 to see it.
THttpCli.GetHeaderLineNext;
[..]
{ FContentLength = -1 when server doesn't send a value }
if ((FContentLength = -1) and{ Added 12/03/2004 }
(FTransferEncoding 'chunked') and { Added 09/10/2006 by FP }
((FStatusCode 200) or { Added 12/03/2004 }
(FStatusCode = 204) or { Added 12/03/2004 }
(FStatusCode = 301) or { Added 06/10/2004 }
(FStatusCode = 302) or { Added 06/10/2004 }
(FStatusCode = 304) )) { Added 12/03/2004 }
or
(FContentLength = 0)
or
[..]
Looks like the 401 and 407 have to be removed again from the condition
above. At least both do work when excluded, with and without a body
and connection: close, tested with custom responses from THttpServer
however without any real authentication.
You should heavily test that change especially with all kinds of
authentication and against all kinds of proxy servers as well. I don't
have that time currently.
--
Arno Garrels
Best Regards,
SZ
On Wed, Oct 5, 2011 at 07:07, Fastream Technologies
ga...@fastream.comwrote:
Here is a screenshot of the issue as a picture is worth a thousand
words: http://www.fastream.com/ics/ICSHTTPCLI.png
Regards,
SZ
On Wed, Oct 5, 2011 at 06:26, Fastream Technologies
ga...@fastream.comwrote:
Dear Arno,
The new problem happens with GET on pages with no content-length
and no chunked-encoding. This bug had once been there, and then was
fixed. Now it happens again. Please try against such a page with
Httptst demo and you will see that the OnDocData is never called
but instead all the data is assumed as header lines. I am using
v7.18.
Thanks for your efforts,
SubZero
On Tue, Oct 4, 2011 at 20:11, Arno Garrels arno.garr...@gmx.de
wrote:
Fastream Technologies wrote:
We had actually paid for HttpCli bug fixes to Arno. I hope he will
show up and fix it soon. We do not use content coding so I do not
think Yuri's fix would work.
I made your test case working by a fix of chunked decoding.
So what actually is the problem now?
Without a simple test case I won't look at it.
--
Arno Garrels
BTW Yuri, your code lacks the latest 7.18 bug fix by us (me and
Arno). Regards,
SZ
On Tue, Oct 4, 2011 at 19:24, Angus Robertson - Magenta Systems
Ltd an...@magsys.co.uk wrote:
I wrote about a similar bug, but got no response from the
administration.
It is on my list of things to investigate this week, but paying
work has to come before minor bug fixes like this.
Angus
--
To unsubscribe or change your settings for TWSocket mailing list
please goto
http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit
our website at http://www.overbyte.be
--
To unsubscribe or change your settings for TWSocket mailing list
please goto
http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit
our website at http://www.overbyte.be
--
To unsubscribe or change your settings for TWSocket mailing list
please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be
Re: [twsocket] HTTP SSL Server vs p7b certificate's format
ROQUES Guillaume wrote:
Do you ask for how to get a ICS TSslHttpServer working with a bought
server certificate?
Yes, and if I need to convert p7b's certificate or not ?
Open the MyCertificate.pem in a text editor that understands UNIX
line breaks. Does MyCertificate.pem include multiple certificates?
With a bought commercial certificate there should be at least 2
certificates included in MyCertificate.pem.
Make sure that the order of these certificates is correct.
First has to be the server certificate followed by possible
intermediate certificates followed by the root CA certificate.
That's right, I found 3 certificates : 1 for the domain name
*.mydomain.com, 1 for GlobalSign Domain Validation CA and 1 for
GlobalSign root CA.
So that looks correct, the handshake error may happen due to the
client closes the connection, so I ask again: What client is connecting
when that error happens? Common browsers should have the GlobalSign root
CA in there trusted certificate store, TSslHttpCli clients not
(by default).
--
Arno Garrels
Gratefully,
Guillaume ROQUES
http://www.canyon.fr/
Le 20:59, Arno Garrels a écrit :
ROQUES Guillaume wrote:
That's confusing description. Did he buy a SSL server certificate
in order to access your server? Or are you talking about client
certificates?
The customer already have a SSL certificate on his domain, so he
want that my HttpServer use SSL with this certificate.
Do you ask for how to get a ICS TSslHttpServer working with a bought
server certificate?
Please provide more details about how you setup the component to
use your the certificates. What HTTP client application is used?
Here is my initialization :
interface
[...]
TMyService =lass(TService)
SslHttpServer: TSslHttpServer;
TWSslAvlSessionCache: TSslAvlSessionCache;
TWSslContext: TSslContext;
[...]
end;
implementation
[...]
procedure TMyService.ServiceStart(Sender: TService; var Started:
Boolean); begin
[...]
SslCertFile :=Path + 'MyCertificate.pem';
SslPassPhrase :=';
SslPrivKeyFile :=Path + 'MyCertificate.pem';
SslCAFile :=Path + 'MyCertificate.pem';
SslCAPath :=Path;
SslVerifyPeer :=alse;
// Pre-loads OpenSSL DLL's
TWSslContext.InitContext;
DoLog('OpenSslVersion : ' + OpenSslVersion);
DoLog(OpenSslCompilerFlags + #13#10 + OpenSslBuiltOn
+ #13#10 + OpenSslPlatForm + #13#10 + OpenSslDir);
SslHttpServer.Start;
end;
Open the MyCertificate.pem in a text editor that understands UNIX
line breaks. Does MyCertificate.pem include multiple certificates?
With a bought commercial certificate there should be at least 2
certificates included in MyCertificate.pem.
Make sure that the order of these certificates is correct.
First has to be the server certificate followed by possible
intermediate certificates followed by the root CA certificate.
--
Arno Garrels
--
To unsubscribe or change your settings for TWSocket mailing list
please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be
Re: [twsocket] THttpCli bug with no-content-length and no chunckedencoding
Actually I tested with our Linksys routers admin page... So how to do you propose the fix you are requesting is tested? Do many people use ICS to access a router admin page without the correct password, I'm surprised it gave a 401 error and not just another login window. My two Linksys routers died, gave up on the brand. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] HTTP SSL Server vs p7b certificate's format
What client is connecting when that error happens? IE 7 to 9 or Firefox But none ask to add certificate, both say that the site is unreachablesounds weird I know T_T Cordialement, Guillaume ROQUES http://www.canyon.fr/ Le 20:59, Arno Garrels a écrit : ROQUES Guillaume wrote: Do you ask for how to get a ICS TSslHttpServer working with a bought server certificate? Yes, and if I need to convert p7b's certificate or not ? Open the MyCertificate.pem in a text editor that understands UNIX line breaks. Does MyCertificate.pem include multiple certificates? With a bought commercial certificate there should be at least 2 certificates included in MyCertificate.pem. Make sure that the order of these certificates is correct. First has to be the server certificate followed by possible intermediate certificates followed by the root CA certificate. That's right, I found 3 certificates : 1 for the domain name *.mydomain.com, 1 for GlobalSign Domain Validation CA and 1 for GlobalSign root CA. So that looks correct, the handshake error may happen due to the client closes the connection, so I ask again: What client is connecting when that error happens? Common browsers should have the GlobalSign root CA in there trusted certificate store, TSslHttpCli clients not (by default). -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] HTTP SSL Server vs p7b certificate's format
ROQUES Guillaume wrote: What client is connecting when that error happens? IE 7 to 9 or Firefox But none ask to add certificate, both say that the site is unreachablesounds weird I know T_T Have you tried newer OpenSSL libraries? http://wiki.overbyte.be/wiki/index.php/ICS_Download If that doesn't help, use a TIcsLogger to get a full debug log and send that to me if you don't find the error yourself. -- Arno Garrels Cordialement, Guillaume ROQUES http://www.canyon.fr/ Le 20:59, Arno Garrels a écrit : ROQUES Guillaume wrote: Do you ask for how to get a ICS TSslHttpServer working with a bought server certificate? Yes, and if I need to convert p7b's certificate or not ? Open the MyCertificate.pem in a text editor that understands UNIX line breaks. Does MyCertificate.pem include multiple certificates? With a bought commercial certificate there should be at least 2 certificates included in MyCertificate.pem. Make sure that the order of these certificates is correct. First has to be the server certificate followed by possible intermediate certificates followed by the root CA certificate. That's right, I found 3 certificates : 1 for the domain name *.mydomain.com, 1 for GlobalSign Domain Validation CA and 1 for GlobalSign root CA. So that looks correct, the handshake error may happen due to the client closes the connection, so I ask again: What client is connecting when that error happens? Common browsers should have the GlobalSign root CA in there trusted certificate store, TSslHttpCli clients not (by default). -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
