Re: [twsocket] OpenSSL 1.1.0d and 1.0.2k support
> The code you say you added is already there, but after the > > WSocket_Synchronized_WSAASyncSelect call, so what needs to be understood > is > if this call, and the related in the finally section of the try > block, is > really needed when not in a SSL request, as the non-SSL > version of the > component doesn't call this WSAASyncSelect method, and > this inherited > Do_FD_READ(msg) is the only code that will be called in a > non-SSL situation > anyway. And this is exactly the problem... calling WSocket_Synchronize_WSAAsyncSelect in Do_FD_READ when NOT in SSL.. by just adding the SSL socket to the inheritance of classe (Activating USE_SSL) will change the behavior or Do_FD_READ of NON SSL sockets.. and this screws our whole software and I bet it must screw other users as well. I have a theory that it might be only affecting sockets with Naggle disabled (which we do by default), but I have to test and confirm it (because nobody else reported this issue and it is a very very visible problem for us) I added that verification code BEFORE WSocket_Synchronize_WSAAsyncSelect so it won't be called if not in SSL, but apparently Angus did not like it... > The move of this WSocket_Synchronized_WSAASyncSelect calls to this > method, done in the V8.22, is about a fix in SSL, so I suppose this > "Fixed SSL bug where two consecutive requests from a client would leave > a server in a waiting state and not process any other requests" is not > needed in non-SSL requests? I agree that they must have added to fix some SSL problem, but that is causing issue for NON-SSL sockets... while on SSL it looks like it is working fine for us as well, but it screws the non-ssl sockets entirely for us. Eric -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] OpenSSL 1.1.0d and 1.0.2k support
inside TCustomSslWsocket.Do_FD_READ:
I added
if (not FSslEnable) or (FSocksState <> socksData) or
(FHttpTunnelState <> htsData) then begin
inherited Do_FD_READ(msg);
Exit;
end;
before
WSocket_Synchronized_WSAASyncSelect({$IFDEF POSIX}Self,{$ENDIF}
FHSocket, Handle, FMsg_WM_ASYNCSELECT, FD_WRITE or FD_CLOSE or
FD_CONNECT);
The code you say you added is already there, but after the
WSocket_Synchronized_WSAASyncSelect call, so what needs to be understood
is if this call, and the related in the finally section of the try
block, is really needed when not in a SSL request, as the non-SSL
version of the component doesn't call this WSAASyncSelect method, and
this inherited Do_FD_READ(msg) is the only code that will be called in a
non-SSL situation anyway.
The move of this WSocket_Synchronized_WSAASyncSelect calls to this
method, done in the V8.22, is about a fix in SSL, so I suppose this
"Fixed SSL bug where two consecutive requests from a client would leave
a server in a waiting state and not process any other requests" is not
needed in non-SSL requests?
There is also badly positioned
BuffSize := (GSSL_BUFFER_SIZE * 2)-1; { V8.27 size now configurable }
SetLength(Buffer, BuffSize);
that is not needed if the inherited Do_FD_READ(msg), followed by an
exit, is the only code that will run.
--
To unsubscribe or change your settings for TWSocket mailing list
please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be
Re: [twsocket] OpenSSL 1.1.0d and 1.0.2k support (?ric Fleming Bonilha)
I may have overreacted... I trully admire the work of ICS team and am very thankful for all the work the team has done for free for all these years to provide a great communications library.. Im just very disapointed right now for being disregarded as I feel that other users will have issues as well On Feb 4, 2017 9:07 PM, "Éric Fleming Bonilha" wrote: Well do you know how long I've been asking them to fix this broken code? It has been months... The code is clearly broken and I've even provided demo programs showing one of the issues. Im already fed up... So I just fixed my local code and don't care anymore if they will fix it or not... This bug has rendered ICS completely usuable for us, and I bet many other users will have the same problems but may not realise where the problem lies... Angus might have done a lot, but he is simply ignoring this critical bug for too long now. I've provided a very good way to fix the code but he simply wont do it.. He even told in one message that he wont change anything because of only 1 user... Or simply maybe nobody uses ICS anymore and nobody else has reported this... Anyway.. I don't care anymore... I've tried to be friendly and that got me nowhere... I will just keep fixing my local copy until this bug crashes some other important ICS user and then maybe they will look into it... On Feb 4, 2017 12:03 PM, wrote: > > > > > Or you can just ignore it and disregard your users... > > This was my last attempt to give you an advice to fix a broken code... > > I miss that old times when ICS team actually cared about the users... > > Wow, I would tell you to take a hike. > Angus does great work for ICS and ICS users and you are being ... > > -- > To unsubscribe or change your settings for TWSocket mailing list > please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket > Visit our website at http://www.overbyte.be > -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] OpenSSL 1.1.0d and 1.0.2k support (?ric Fleming Bonilha)
Well do you know how long I've been asking them to fix this broken code? It has been months... The code is clearly broken and I've even provided demo programs showing one of the issues. Im already fed up... So I just fixed my local code and don't care anymore if they will fix it or not... This bug has rendered ICS completely usuable for us, and I bet many other users will have the same problems but may not realise where the problem lies... Angus might have done a lot, but he is simply ignoring this critical bug for too long now. I've provided a very good way to fix the code but he simply wont do it.. He even told in one message that he wont change anything because of only 1 user... Or simply maybe nobody uses ICS anymore and nobody else has reported this... Anyway.. I don't care anymore... I've tried to be friendly and that got me nowhere... I will just keep fixing my local copy until this bug crashes some other important ICS user and then maybe they will look into it... On Feb 4, 2017 12:03 PM, wrote: > > > > > Or you can just ignore it and disregard your users... > > This was my last attempt to give you an advice to fix a broken code... > > I miss that old times when ICS team actually cared about the users... > > Wow, I would tell you to take a hike. > Angus does great work for ICS and ICS users and you are being ... > > -- > To unsubscribe or change your settings for TWSocket mailing list > please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket > Visit our website at http://www.overbyte.be > -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] OpenSSL 1.1.0d and 1.0.2k support (?ric Fleming Bonilha)
> Or you can just ignore it and disregard your users... > This was my last attempt to give you an advice to fix a broken code... > I miss that old times when ICS team actually cared about the users... Wow, I would tell you to take a hike. Angus does great work for ICS and ICS users and you are being ... -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] OpenSSL 1.1.0d and 1.0.2k support
Angus
Did you have a chance to check that SSL problem on FD_READ that we have?
I have fixed my local copy of ICS and it works fine for both with and
without SSL (We are using SSL for one equipment we are testing).
inside TCustomSslWsocket.Do_FD_READ:
I added
if (not FSslEnable) or (FSocksState <> socksData) or
(FHttpTunnelState <> htsData) then begin
inherited Do_FD_READ(msg);
Exit;
end;
before
WSocket_Synchronized_WSAASyncSelect({$IFDEF POSIX}Self,{$ENDIF}
FHSocket, Handle, FMsg_WM_ASYNCSELECT, FD_WRITE or FD_CLOSE or
FD_CONNECT);
So, first thing FD_READ will do is checking if Ssl is enabled, if it is not
enabled it will simply call inherited without calling
WSocket_Synchronized_WSAASyncSelect that is causing all the issues we have,
and if SSL is active it will work as you designed
Anyway, I fixed my copy and it is working fine for us.. I was just
wondering if you are going to fix the official release because I'm sure
other users will have similar experiences as we are having and they won't
know what is happening, and what is causing their software to behave odd..
Or you can just ignore it and disregard your users...
This was my last attempt to give you an advice to fix a broken code... if
you think it is not broken, just ignore it... I've helped ICS team before
and some bugs that I reported were fixed by Arno Garrels... I miss that old
times when ICS team actually cared about the users...
Eric
On Thu, Feb 2, 2017 at 10:23 AM, Angus Robertson - Magenta Systems Ltd <
an...@magsys.co.uk> wrote:
> Four new zips for Win32 and Win64 versions of OpenSSL 1.1.0d and
> 1.0.2k should be downloadable from the Wiki at:
>
> http://wiki.overbyte.be/wiki/index.php/ICS_Download
>
> Unfortunately the web site itself is currently misbehaving so I've not
> been able to update the web page itself.
>
> Meanwhile, the new zips can be downloaded from my web site instead.
>
> https://www.magsys.co.uk/delphi/magics.asp
>
> SVN and the overnight zip have also been updated to include OpenSSL
> 1.1.0d and can also be downloaded from my web site.
>
> The new OpenSSL releases fix three moderate risk and one low risk
> security bugs that could potentially cause a server to crash.
>
> Angus
>
>
> --
> To unsubscribe or change your settings for TWSocket mailing list
> please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
> Visit our website at http://www.overbyte.be
>
--
To unsubscribe or change your settings for TWSocket mailing list
please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be
[twsocket] OpenSSL 1.1.0d and 1.0.2k support
Four new zips for Win32 and Win64 versions of OpenSSL 1.1.0d and 1.0.2k should be downloadable from the Wiki at: http://wiki.overbyte.be/wiki/index.php/ICS_Download Unfortunately the web site itself is currently misbehaving so I've not been able to update the web page itself. Meanwhile, the new zips can be downloaded from my web site instead. https://www.magsys.co.uk/delphi/magics.asp SVN and the overnight zip have also been updated to include OpenSSL 1.1.0d and can also be downloaded from my web site. The new OpenSSL releases fix three moderate risk and one low risk security bugs that could potentially cause a server to crash. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
