Re: [Synalist] mimepart OnWalkPart override?
On 10/31/2013 04:47 PM, waldo kitty wrote: except that i cannot get anything from postpart as desired and expected since it does exist in the code :? This seems to be a bug. The postpart (epilogue in rfc2046 terminology) is added in BodyPart. The problem is fixed by changing line 636 in your mimepart version, line 619 in synapse trunk from else to else if (FPrimaryCode MP_MULTIPART) then Ludo -- Android is increasing in popularity, but the open development platform that developers love is also attractive to malware creators. Download this white paper to learn more about secure code signing practices that can help keep Android apps secure. http://pubads.g.doubleclick.net/gampad/clk?id=65839951iu=/4140/ostg.clktrk ___ synalist-public mailing list synalist-public@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/synalist-public
Re: [Synalist] prolem inet_ntoa on linux
On 09/10/2013 01:49 PM, Lukas Gebauer wrote: I use synapse on linux on typhon 4.4(lazarus) I have a big problem on the compilation of vsRawIP.pas function (inet_addr, inet_ntoa) Type (bool,U_long) don't work I do not know vsRawIP function.. what is it? It is not part of Synapse. Lukas, Codetyphon forks the original synapse code from svn, makes some changes, adds the Visual Synapse component (http://sourceforge.net/projects/visualsynapse/) and then renames it to pl_synapse. Don't count on codetyphon to contribute any code fixes or changes back to the original project. They just take, rarely give back... Marc, Please use the codetyphon forum to get support for pl_synapse. Ludo -- How ServiceNow helps IT people transform IT departments: 1. Consolidate legacy IT systems to a single system of record for IT 2. Standardize and globalize service processes across IT 3. Implement zero-touch automation to replace manual, redundant tasks http://pubads.g.doubleclick.net/gampad/clk?id=5127iu=/4140/ostg.clktrk ___ synalist-public mailing list synalist-public@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/synalist-public
Re: [Synalist] Is TBlockSocket intended to be thread safe?
On 05/10/2013 05:40 AM, Bruce Tulloch wrote: If one opens a TBlockSocket (via one of its descendant classes) and calls the RecvPacket method from a different (i.e. receiving) thread, is TBlockSocket itself designed to support this type of use (i.e. via separate send and receive threads)? Bruce. No it isn't. You have discovered FLastErrorDesc yourself but functions like SockCheck and ExceptCheck use class vars and are not thread safe. Ludo -- Learn Graph Databases - Download FREE O'Reilly Book Graph Databases is the definitive new guide to graph databases and their applications. This 200-page book is written by three acclaimed leaders in the field. The early access version is available now. Download your free book today! http://p.sf.net/sfu/neotech_d2d_may ___ synalist-public mailing list synalist-public@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/synalist-public
Re: [Synalist] How Can I Determine, If The TCP Connection Is Still Active?
On 03/27/2013 01:00 PM, Oleg Kurchenko wrote: Hello, it seems that communicating, described in http://www.ararat.cz/synapse/doku.php/public:howto:activeconnection does not help. I made a simple demo of tcp client, the code is shown below. After I connected to server and took out the LAN cable and there is a red cross on the connection icon in the system tray, I can for about 30 seconds to send messages, and it does not get errors! Can this be fixed? No. TCP is a protocol designed to work on unreliable communication links and will recover from errors. So a broken link is not immediately an error on the TCP layer. There are timeouts that make that TCP will consider a link dead after a certain delay. The red cross on the connection icon you are seeing is on a completely different layer of the network protocol (physical layer) and has nothing to do with TCP. In more complex configurations you can pull out a cable and communication will just go on over a different link without the TCP communication ever being broken down. A nice example is wifi roaming. So if you need to know when a network cable is pulled out, you need to use a different method. Ping your local router (ICMP is not using TCP) with a short timeout (mind alternate routes!) or get your network card status using some OS dependent calls. Ludo -- Own the Future-Intelreg; Level Up Game Demo Contest 2013 Rise to greatness in Intel's independent game demo contest. Compete for recognition, cash, and the chance to get your game on Steam. $5K grand prize plus 10 genre and skill prizes. Submit your demo by 6/6/13. http://p.sf.net/sfu/intel_levelupd2d ___ synalist-public mailing list synalist-public@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/synalist-public
Re: [Synalist] How Can I Determine, If The TCP Connection Is Still Active?
On 03/27/2013 02:05 PM, Oleg Kurchenko wrote: Thank you for reply. Is it possible to adjust the timeout on tcp level for current tcp connection? procedure TBlockSocket.SetSendTimeout(Timeout: Integer); That will set the timeout for a send. Ludo -- Own the Future-Intelreg; Level Up Game Demo Contest 2013 Rise to greatness in Intel's independent game demo contest. Compete for recognition, cash, and the chance to get your game on Steam. $5K grand prize plus 10 genre and skill prizes. Submit your demo by 6/6/13. http://p.sf.net/sfu/intel_levelupd2d ___ synalist-public mailing list synalist-public@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/synalist-public
Re: [Synalist] synadbg
On 02/06/2013 07:39 PM, waldo kitty wrote: On 2/5/2013 05:45, Lukas Gebauer wrote: i'm trying to figure out how to use synadbg... it is something i have to specifically call with the public AppendToLog function or does it automatically engage for logging socket (and all other synapse??) debugging output? how does one enable synapse debugging output? i haven't found anything obvious :( It implementing simple class functions what you can use as OnStatus and OnMonitor event handlers on your sockets. It log socket events to the file. oh... event handlers? there are none in plain (TP6 style) console apps... The event handlers are just callbacks. If you specify an OnStatus function it will be called from synapse. No message loop is required. Synapse is a synchronous library. Ludo -- Free Next-Gen Firewall Hardware Offer Buy your Sophos next-gen firewall before the end March 2013 and get the hardware for free! Learn more. http://p.sf.net/sfu/sophos-d2d-feb ___ synalist-public mailing list synalist-public@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/synalist-public
Re: [Synalist] Problem with httpsend on ARM
On 02/05/2013 09:39 AM, Michael Schnell wrote: (I really would suggest doing an auto-clear or something similar in the HTTPMethod() call to improve the usability of Synapse) A GET with a message body is valid according to the HTTP specs and it is used in some REST applications where complex searches are done. The length of the url is sometimes too short to pass all the GET parameters into the url and the message body has less character restrictions than the URL and makes the use of UTF8 in the queries easier. So where would you auto-clear Document? HTTPMethod can not guess what the programmer intended to do. Ludo -- Free Next-Gen Firewall Hardware Offer Buy your Sophos next-gen firewall before the end March 2013 and get the hardware for free! Learn more. http://p.sf.net/sfu/sophos-d2d-feb ___ synalist-public mailing list synalist-public@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/synalist-public
Re: [Synalist] Problem with httpsend on ARM
On 02/04/2013 11:01 AM, Michael Schnell wrote: Lodo and Waldo I was no yet able to try the debugging tools Ludo suggested. It seems you are not clearing your THTTPSend.document in between sends. You do a simple GET and then send your received document with it. So your last GET looks like ... GET /580E09.htm HTTP/1.1 ... Host: 192.168.71.252 ... Keep-Alive: 300 ... Connection: keep-alive ... Cookie: TAID=754E ... User-Agent: Mozilla/4.0 (compatible; Synapse) ... Content-Type: text/html ... Content-Length: 5897 ... GET /580E09.htm HTTP/1.1 ... Host: 192.168.71.252 ... Keep-Alive: 300 ... Connection: keep-alive ... Cookie: TAID=754E ... User-Agent: Mozilla/4.0 (compatible; Synapse) ... Content-Type: text/html ... Content-Length: 5897 ... GET /580E09.htm HTTP/1.1 ... Host: 192.168.71.252 ... Keep-Alive: 300 ... Connection: keep-alive ... Cookie: TAID=754E ... User-Agent: Mozilla/4.0 (compatible; Synapse) ... Content-Type: text/html ... Content-Length: 5897 ... GET /580E09.htm HTTP/1.1 ... Host: 192.168.71.252 ... Keep-Alive: 300 ... Connection: keep-alive ... Cookie: TAID=754E ... User-Agent: Mozilla/4.0 (compatible; Synapse) ... Content-Type: text/html ... Content-Length: 5897 . Followed by the html code received in the very first GET. More than one HTTP server would give up on that one ;) Ludo -- Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_jan ___ synalist-public mailing list synalist-public@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/synalist-public
Re: [Synalist] Problem with httpsend on ARM
On 02/04/2013 12:21 PM, Michael Schnell wrote: On 02/04/2013 12:07 PM, Michael Van Canneyt wrote: If you want a one-shot operation, just use the httpget() global routine. So you suggest to delete and recreate the ThttpSend class for each request instead of reusing it. (Or in fact using the httpget() global routine.) Apparently you need Cookies so that is not a good solution. BTW there is no httpget in Synapse httpsend. Ludo -- Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_jan ___ synalist-public mailing list synalist-public@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/synalist-public
Re: [Synalist] Problem with httpsend on ARM
On 02/04/2013 12:28 PM, Michael Schnell wrote: On 02/04/2013 12:04 PM, waldo kitty wrote: you may be getting the output sent in chunked format... that means the server sends pieces and they are to be assembled together... not sure if your code needs to handle this or not, though... I see from the logs that Synapse receives the chunks and assembles them and finally provides the complete response to my program. This did work perfectly right from the start. I think Waldo is talking about http://en.wikipedia.org/wiki/Chunked_transfer_encoding. What you are seeing in the logs is httpsend stitching network data packets into one big block. Unfortunately, using a library doesn't relieve from understanding the basics. Ludo -- Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_jan ___ synalist-public mailing list synalist-public@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/synalist-public
Re: [Synalist] Problem with httpsend on ARM
On 02/04/2013 12:49 PM, Michael Schnell wrote: On 02/04/2013 12:35 PM, Ludo Brands wrote: Apparently you need Cookies so that is not a good solution. Ahh. Obviously this is one of the reasons why Thttpsend is done like it is. I'll try to find out more on cookie handling in the docs (might be somewhat hard, as I don't know how this cookie stuff is supposed to work between the server and the browser) . If I do Document.Clear before calling HTTPMethod(), will the cookies received previously be forgotten or will they be handles somehow (magically) automatically, or does the user program need to to something clever with them ? Same http://synapse.ararat.cz/doc/help/httpsend.THTTPSend.html property Cookies: TStringList read FCookies; This is stringlist with name-value stringlist pairs. Each this pair is one cookie. After HTTP request is returned cookies parsed to this stringlist. You can leave this cookies untouched for next HTTP request. You can also save this stringlist for later use. So just clear THTTPSend.Document before doing a GET and clear THTTPSend.Headers if you don't use custom headers. The Cookies will remain in place. Ludo -- Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_jan ___ synalist-public mailing list synalist-public@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/synalist-public
Re: [Synalist] Problem with httpsend on ARM
On 02/04/2013 02:06 PM, Michael Van Canneyt wrote: well: HttpGetText and HttpGetBinary I should've typed the * as in httpget* Ah, OK. I just wasn't sure we were still talking about the same library. In one and the same message TTTPWork.Request(), httpget() and ThttpClient were mentioned. None of them are synapse. Ludo -- Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_jan ___ synalist-public mailing list synalist-public@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/synalist-public
Re: [Synalist] Problem with httpsend on ARM
On 02/01/2013 09:43 AM, Michael Schnell wrote: I see. What OS properties exactly might trigger such behavior ? Kernel version, libraries, ... ? Basically the consts and structures you find in the fpc units sockets and termio and their include files. These are the fpc bindings and the definitions should match the header files for your OS. Is the OS this one: http://sourceforge.net/projects/qosgpl/ ? This seems to be standard linux. Can you make an strace of your program? I need to look up what strace is. But if this is some normal Linux tool I think I will be able to do it. strace is normal linux but will probably have to be installed or perhaps even build from source. Unfortunately up till now, I don't know how I could be able to run an fpc program in some kind of debugger on the headless box.. Possible alternatives could be: - Install some kind of widget set (qt ?) and some kind of remote X server (VNC ?) and compile Lazarus on the system and access it via this remote GUI via SSH. (Sounds like a really huge task :-( ) You need quite some memory to build lazarus on the system. The ARM debian machine I'm using is a cheepo android 7 netbook that boots into Debian on a 2GB SDCard. It leaves debian with 220M to work with. I need another 200MB of swap (external USB stick) to build lazarus. LXDE is installed on it and it allows me to ssh in it with X forwarding. Speed is not terrible but debugging in lazarus works fine. - Install a gdb stub on the box and do remote debugging via SSH with Lazarus on a PC. (Seemingly nobody ever tried to do remote debugging with Lazarus :-( ) - Use the command line debugger on the box via SSH. (I never used the command line debugger yet, (besides some initial tests on simple C programs) and I don't know if pure gdb can decently work with fpc programs :-( ) gdb and fpc work fine together. There are a few limitations but they are also there when using gdb in lazarus. Compared to installing lazarus on the box, this is definitely the easiest solution. The use of gdb and fpc is not that different from gdb and C. When looking up addresses you need to be aware that fpc has its own name mangling. As in C, gdb is also case sensitive for address lookups with fpc. So three times :-( :-( :-( here. What I will do in the weekend is activate the soc Monitor callback and do some tracing with same... That would give more insight in where things are going wrong. A tcpdump would be helpful also. I need to look up what tcpdump is. But if this is some normal Linux tool I think I will be able to do it. The information you gave us doesn't give a lot to go by. I did suppose that and I'm grateful for the instructions on what I need to provide additionally to help finding the problem. Try to get the strace and tcpdump first before starting to debug fpc code. Just by looking at these data and at the synapse/fpc code we can probably find out where things are going wrong. Use strace with -tt to get timing information in the trace. Ludo -- Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_jan ___ synalist-public mailing list synalist-public@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/synalist-public
Re: [Synalist] Problem with httpsend on ARM
On 02/01/2013 03:24 PM, Michael Schnell wrote: As the program does two http requests just fine and fails on the third one (it alternatively does three very different pages and parameters and all fail, just because they are the third ), I think some more internal problem is more likely (buffer overflow or such). Perhaps your connections don't close quick enough and your server refuses more than 2 simultaneous connections from the same IP. Have you tried setting THTTPSend.Protocol to '1.1' to keep the connection alive? That way the connection is not broken, as long as you use the same THTTPSend instance for doing all the requests. Again, the tcpdump would show that problem. Ludo -- Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_jan ___ synalist-public mailing list synalist-public@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/synalist-public
Re: [Synalist] DNS with cheap routers
On 20/12/2012 21:32, Benito van der Zander wrote: However, I figured out, why it does not work. It has nothing to do with http or multithreading, but with the DNS requests. Synapse sends the query correctly to the router (192.168.1.100), but there never comes a response! snip However, it does work fine, if I run it in single threaded mode manually, waiting for a connection to close, before opening the next one. So it seems the router forgets the dns query, if there is another query for the same host in the same second. But there surely are many router like that, and synapse should work . Yes, a lot of personal routers have low limits on the number of connections. Space in the nat table is often an issue. So how can we make it more robust? Try the DNS request again, if the first fails? DNS is using UDP, so no guarantee that the packet is delivered. You can intercept DNS resolution errors by using an THTTPSend.Sock.OnStatus event handler and analyzing Value when Reason=HR_ResolvingEnd. Value=':0' when DNS fails. Note that DNS also fails when the url does not have a valid domain. You can than then retry HTTPMethod from your program as many times as you want and find reasonable. Don't try to do this in the OnStatus method ;) Wait for a reply, before sending any new quest, synchronized among all threads? Cache all queries from all threads, and only send one query for each host? You would have the same issue when several programs or several computers do such a request in the same time over the same router. No local solution will be able to avoid it. Only retry when fail is a robust solution. Ludo -- LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial Remotely access PCs and mobile devices and provide instant support Improve your efficiency, and focus on delivering more value-add services Discover what IT Professionals Know. Rescue delivers http://p.sf.net/sfu/logmein_12329d2d ___ synalist-public mailing list synalist-public@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/synalist-public
Re: [Synalist] SSLConnect returning -1 but ErrGetError giving 0 (Was: Re: error 500 with https??)
On 11/12/2012 00:59, Tomas Hajny wrote: On 10 Dec 12, at 17:52, Tomas Hajny wrote: On Mon, December 10, 2012 14:24, Ludo Brands wrote: There should be no C runtime involved when accessing the standard OS/2 API (which includes both the native BSD sockets and the Winsock compatibility layer). Whatever is done when using EMX libc, it must still go through this OS/2 API in the end. However, I understand that there may be some socket initialization involved on the EMX libc side (this indeed seems to be the case as suggested by peeking into http://svn.netlabs.org/repos/libc/branches/libc-0.6/src/emx/src/os2/tcpip.c - really bad, all this ugly world of mixing file and socket handles together on a platform having these concepts completely separated :-( ). I'll see what I could do (probably start by extending the previous test to import the send call from EMX libc). It would be the best to just allocate the fake file handle expected by EMX libc to the existing socket number if necessary (i.e. if OpenSSL is involved), but I'm afraid that the respective EMX libc function (tcpip_new_handle) may not be exported / accessible externally. Too bad. :-( It seems that there is a call published by the EMX runtime for importing an externally opened socket handle, so this might be the best solution. I'll play with it once I find the needed time and let you know the results. tcpip_impsockhandle? Attached is a modified httpsend and ssl_openssl that uses openssl BIO to make the connection. It only works with https since I didn't change TBlockSocket. TBlockSocket uses SSL_write and SSL_read for ssl connections and send recv for non ssl. Test program: program project1; {$mode objfpc}{$H+} uses Classes,ssl_openssl_openssl,httpsend_openssl; var HTTP: THTTPSend; s:string; begin HTTP := THTTPSend.Create; try if HTTP.HTTPMethod('GET', 'https://www.google.com') then begin setlength(s,HTTP.Document.Size); HTTP.Document.Read(s[1],length(s)); writeln(s); end; finally HTTP.Free; end; end. Tested on windows. You'll need to check the library names in both files. This is a quick and dirty implementation using static linking. If this works, the code can be rather easily adapted to not depend on openssl: - move the statically linked functions to ssl_openssl_lib and load dynamically. - use BIO in THTTPSend.InternalDoConnect when needssl=true, standard sockets when false, eventually test for SSLImplementation = TSSLOpenSSL and ifdef the lot for OS/2. - add error checking to set FSock.LastError BTW, when writing this patch, I lost count of the number of times sslconnect returned -1 and no error ;) Ludo {==| | Project : Ararat Synapse | 001.002.000 | |==| | Content: SSL support by OpenSSL | |==| | Copyright (c)1999-2012, Lukas Gebauer| | All rights reserved. | | | | Redistribution and use in source and binary forms, with or without | | modification, are permitted provided that the following conditions are met: | | | | Redistributions of source code must retain the above copyright notice, this | | list of conditions and the following disclaimer. | | | | Redistributions in binary form must reproduce the above copyright notice,| | this list of conditions and the following disclaimer in the documentation| | and/or other materials provided with the distribution. | | | | Neither the name of Lukas Gebauer nor the names of its contributors may | | be used to endorse or promote products derived from this software without| | specific prior written permission. | | | | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS AS IS | | AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE| | IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | | ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR | | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | | DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR | | SERVICES; LOSS OF USE, DATA, OR PROFITS
Re: [Synalist] SSLConnect returning -1 but ErrGetError giving 0 (Was: Re: error 500 with https??)
On 09/12/2012 22:48, Tomas Hajny wrote: Add a sslcheck after it to see what the error is. SSLCheck doesn't help because ErrGetError again returns 0. :-( You could comment out the lines in THTTPSend.InternalDoConnect that set FSock.SSL.SNIHost but I think this is just a red herring. I'm a little out of ideas also. There is not a problem with calling convention? That also came to my mind, but cdecl is the standard calling convention used for all 32-bit libraries coming from the C world (this makes it a bit easier compared to Win32 with its stdcall versus cdecl). I have noticed that the OpenSSL imports are all declared as cdecl (even under Win32), i.e. this should be OK. This quote from http://www.mail-archive.com/openssl-dev@openssl.org/msg10947.html is interesting since apparently you are using the EMX dll: True, the DLLs will only work properly with EMX gcc compiled apps (though I believe other compilers will work if you avoid stdio sockets and can arrange matching the calling convention) but the primary target of this patch is people porting unix apps to OS/2 that's usually done using EMX gcc. The avoid sockets is important. Apparently the EMX and IBM C-runtime libs conflict. ssl_openssl_lib also uses BaseUnix which loads libc if FPC_USE_LIBC is defined. Don't know if that is the case for OS/2. Is there a way to force the use of the EMX C runtime from pascal? Most of the calls seem to succeed as far as I can see (they return either 1, or some pointer, or non-zero length of generated certificate string). The trouble comes with SSLAccept returning -1 (again :-( ) without providing any other information (the same symptoms as with SSLConnect). The socket is clearly created and listening on the defined port before that. That probably suggests that we are as far as we were before. Indeed. Looked into the openssl source code and the rare cases where SSL_connect or SSL_accept return -1 without setting an error are linked to low level calls such as allocating memory or writing to a fd. Memory allocation does work otherwise you wouldn't get anywhere in the CreateSelfSignedCert routine. The test you did before substituting the winsock send with bsd send which succeeded is using the same c runtime library for both sends. The possibility of conflicting c runtimes still holds with that test. Thanks for all your thoughts so far (and obviously also those possibly coming in the future). I'm afraid that the next step would be skipping the easy path and rewriting the OS/2 support to use the native BSD sockets (possibly in platform specific way rather than trying to re-use and just slightly modify the include file for Unix due to the additional dependencies involved), but that will probably require a lot of time / effort. :-( Try forcing the use of the EMX C-runtime in FPC. If the library conflict is the cause of the problem, using BSD sockets is not going to solve anything if they use the IBM C run time. Ludo -- LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial Remotely access PCs and mobile devices and provide instant support Improve your efficiency, and focus on delivering more value-add services Discover what IT Professionals Know. Rescue delivers http://p.sf.net/sfu/logmein_12329d2d ___ synalist-public mailing list synalist-public@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/synalist-public
Re: [Synalist] SSLConnect returning -1 but ErrGetError giving 0 (Was: Re: error 500 with https??)
You could comment out the lines in THTTPSend.InternalDoConnect that set FSock.SSL.SNIHost but I think this is just a red herring. Will do and let you know. I assume you mean commenting it out temporarily for the debug purposes only, right? Right. SNI host is only used for servers hosting many certificates for different domain names using the same IP address. There should be no C runtime involved when accessing the standard OS/2 API (which includes both the native BSD sockets and the Winsock compatibility layer). Whatever is done when using EMX libc, it must still go through this OS/2 API in the end. However, I understand that there may be some socket initialization involved on the EMX libc side (this indeed seems to be the case as suggested by peeking into http://svn.netlabs.org/repos/libc/branches/libc-0.6/src/emx/src/os2/tcpip.c - really bad, all this ugly world of mixing file and socket handles together on a platform having these concepts completely separated :-( ). I'll see what I could do (probably start by extending the previous test to import the send call from EMX libc). It would be the best to just allocate the fake file handle expected by EMX libc to the existing socket number if necessary (i.e. if OpenSSL is involved), but I'm afraid that the respective EMX libc function (tcpip_new_handle) may not be exported / accessible externally. Too bad. :-( When talking about forcing the use of the EMX library I was thinking about something like the unix LD_PRELOAD where you can force the use of a library by pre-loading it. The loader wouldn't load any other library to resolve externals if they are already in the lib pre-loaded. On windows, you can use the same exported name in several libraries but when the dll's have the same name you can force the use of one or the other by explicitly loading them (dynamically) . I don't know what OS/2 is doing. The OS/2 implementation of BSD sockets should not use any C run time itself, but I could try importing the EMX libc versions of send, recv, accept, bind, select, etc., in the worst case. _Very_ ugly for a Pascal program on a platform not providing any libc as part of its official API at all (i.e. much worse than with Linux where libc may not be necessary for some tasks, but at least it is always included and accessible - OS/2 also includes some libc for certain applications, but the official API doesn't depend on this libc and it is only used for some user-land tools and applications). Thanks anyway. Yes this is ugly. An alternative would be to do everything with openssl instead of winsock or BSD. At least that would be not as messy as trying to sort out libc libraries but you'll need to add 1 or 2 new functions to ssl_openssl_lib. A Connect translates into PBIO:=BIO_new_connect('hostname:port'). Send becomes cnt:=BIO_write(PBIO,buf,len) and recv becomes cnt:=BIO_read(PBIO,buf,len). Closing the connection is just a BIO_free(PBIO). I'm a little short on time right now but later I can help you to get that working on linux or windows. The code should be the same everywhere. Ludo -- LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial Remotely access PCs and mobile devices and provide instant support Improve your efficiency, and focus on delivering more value-add services Discover what IT Professionals Know. Rescue delivers http://p.sf.net/sfu/logmein_12329d2d ___ synalist-public mailing list synalist-public@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/synalist-public
Re: [Synalist] SSLConnect returning -1 but ErrGetError giving 0 (Was: Re: error 500 with https??)
. My trace results are attached. There is WSTrace and IPTrace output for both HTTP and HTTPS plus IPTrace output for wget access of the same URL. WGet uses a statically linked version of the OpenSSL library, so it is no real evidence. However, I've tried the same with the Links browser (which uses exactly the same DLL files) and the beginning of the IPTrace output is identical to the IPTrace output for WGet (I just didn't want to include IPTrace output for Links because it is very long due to the fact that the original URL redirects elsewhere, contains pictures, etc., and Links loads all of this, of course, as opposed to the httpsend example or WGet). There is no handshake in the IP trace, however I don't think that it proves the socket handle not being usable outside winsock due to the other test performed and mentioned in my e-mail sent earlier today. The trace for wget does show the ssl handshake. It starts with packet #6. packet #8 and #9 is the google public key info. Packet #6 in https_iptrace is a ACK FIN which is the start of a tear down of the connection, initiated by the client. In http_iptrace, packet #6 is a send of the GET. Conclusion is that openssl from synapse didn't even start the ssl handshake. Interestingly, the return value for the initial call of the imported _SSLLibraryInit is not checked in ssl_openssl_lib (i.e. it would not be detected if it failed), but I checked it and it gives 1 (which I assume is correct, although I know nothing about OpenSSL so this assumption may be completely wrong). I also checked results of other imported calls invoked before SSLConnect and SSLSetFD returns 1 and SSLCtrl returns 0 (whatever these two mean - if nothing else, there are no negative values returned which seems to suggest success). SSL_library_init always returns 1, whatever happens. The docs therefore also say to not test the return value. SSL_set_fd returning 1 means success (0 is failure). For SSL_ctrl the return value depends on the command parameter but 0 is in general an error. Is that the call with SSL_CTRL_SET_TLSEXT_HOSTNAME? Add a sslcheck after it to see what the error is. SSLMethod* are all initialized. What's the right way for forcing another SSLType? I can obviously add some hack to TSSLOpenSSL.Init for this purpose, but I assume that there is some standard way for selecting it. ;-) Before calling THTTPSend.HTTPMethod do a THTTPSend.Sock.SSL.SSLType:=LT_SSLv2; or any other TSSLType except for LT_SSHv2 which is not supported by openssl. Looking again at the WSTrace - I assume that the AF_UNSPEC family is OK there, right? Note that IPv6 is not supported for OS/2 / eCS (again, I hope that this should not matter in any way, just to show that I'm really out of ideas :/ ). I guess that is indeed OK. I'm a little out of ideas also. There is not a problem with calling convention? Another interesting test would be to run the following test program. It will call TSSLOpenSSL.CreateSelfSignedCert which makes a lot of openssl calls. Put a break point in the function and step through it to see if and when it breaks. If something is wrong with openssl, you'll probably won't get very far into the function without a sigsegv. CreateSelfSignedCert doesn't do a lot of error checking though. program openssltest; {$mode objfpc}{$H+} uses blcksock,ssl_openssl; var sock:TTCPBlockSocket; begin sock:=TTCPBlockSocket.Create; sock.bind('0.0.0.0','12345'); sock.ssl.Accept; end. The program doesn't do anything useful :) Ludo -- LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial Remotely access PCs and mobile devices and provide instant support Improve your efficiency, and focus on delivering more value-add services Discover what IT Professionals Know. Rescue delivers http://p.sf.net/sfu/logmein_12329d2d ___ synalist-public mailing list synalist-public@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/synalist-public
Re: [Synalist] SSLConnect returning -1 but ErrGetError giving 0 (Was: Re: error 500 with https??)
I don't have os/2 and can't do any testing myself. Looking at the winsock traces there is nothing obvious that jumps out although I would have expected some handshaking coming from openssl. You indicated you If I understand it correctly, this handshake is normally initiated by SSLConnect (which fails here i.e. the handshake does not happen), right? Yes, unless openssl on OS/2 doesn't use winsock which your next paragraph suggests but then we have potentially another problem: TSSLOpenSSL.Connect passes a socket handle to openssl obtained with winsock. Is the winsock handle a transparent socket handle and usable by non-winsock apps? . . It should be transparent, but I'll re-check it at least at the OS level (netstat shows the socket number and it should hopefully match the number provided in Winsock trace). Do you have an idea for a test which I could adapt to open a socket using Winsock and use/access it via standard BSD sockets afterwards (obviously, that test would need to use the respective sockets API rather than Synapse)? Tomas I haven't touched OS/2 since 1993 :) From your previous message, I learned that winsock is a compatibility layer. I'm just trying to ask the right questions to get more information on what is going wrong. As a test you could perhaps temporarily patch TBlockSocket.SendBuffer to use the bsd send instead of synsock.Send. If the handle is transparent, fetching a http page should just work. Ludo -- LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial Remotely access PCs and mobile devices and provide instant support Improve your efficiency, and focus on delivering more value-add services Discover what IT Professionals Know. Rescue delivers http://p.sf.net/sfu/logmein_12329d2d ___ synalist-public mailing list synalist-public@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/synalist-public
Re: [Synalist] SSLConnect returning -1 but ErrGetError giving 0 (Was: Re: error 500 with https??)
On 06/12/2012 16:16, waldo kitty wrote: On 12/6/2012 04:48, Ludo Brands wrote: I don't have os/2 and can't do any testing myself. Looking at the winsock traces there is nothing obvious that jumps out although I would have expected some handshaking coming from openssl. You indicated you If I understand it correctly, this handshake is normally initiated by SSLConnect (which fails here i.e. the handshake does not happen), right? Yes, unless openssl on OS/2 doesn't use winsock which your next paragraph suggests but then we have potentially another problem: TSSLOpenSSL.Connect passes a socket handle to openssl obtained with winsock. Is the winsock handle a transparent socket handle and usable by non-winsock apps? so if i'm understanding this, you are saying that the openssl dlls on OS/2 may not be able to use the winsock but are possibly instead compiled for raw (proper term?) access on the network stack? The winsock trace doesn't show any ssl handshake. So, or the openssl library is broken, badly initialized or whatever, or openssl talks to the server using the native berkeley sockets instead of winsock. Ludo -- LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial Remotely access PCs and mobile devices and provide instant support Improve your efficiency, and focus on delivering more value-add services Discover what IT Professionals Know. Rescue delivers http://p.sf.net/sfu/logmein_12329d2d ___ synalist-public mailing list synalist-public@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/synalist-public
Re: [Synalist] SSLConnect returning -1 but ErrGetError giving 0 (Was: Re: error 500 with https??)
On 02/12/2012 23:53, Tomas Hajny wrote: Hello everybody, I guess that it may be easier if I post some additional information here myself... As outlined by Waldo previously, the simple test accessing a HTTPS URL fails under OS/2 (while accessing HTTP URL works flawlessly). The bad thing about it is that it doesn't give much clue what is wrong. Tracing through it line by line in gdb, I get -1 result from the function _SSLConnect (as imported from the OpenSSL DLL) and immediately afterwards (in ssl_openssl.SSLCheck) I get result 0 (i.e. no error) from _ErrGetError. :-( Similarly, the WinSock function WSAGetLastError shows no error (remember, I use the OS/2 WinSock emulation layer for porting Synapse to OS/2). I can also see (from the OS/2 socket API tracing utility) that the socket has been opened properly before that; it's just that the OpenSSL library doesn't like it somehow (just in case - attached is the trace output for testing HTTP and testing HTTPS)... :-( Obviously, any advices are most welcome, but my main questions are: 1) Are there any other ways how to obtain some additional information regarding what goes wrong within the OpenSSL library (note that I use this library with other applications - although not written by me or in Pascal - i.e. it shouldn't be just a buggy OpenSSL DLL binary). 2) I noticed that file winsock2.txt included in the released version stresses that Winsock version 2 is necessary, however sswin32.inc provides support for Winsock 1.1 if compiled with WINSOCK1 conditional symbol defined. Are there reasons why Winsock 1.1 should not be sufficient for the SSL support (or more generally, what are the potential issues with Winsock 1.1 unless talking about newer functionality like IPv6 support)? I'm obviously looking forward to provide my Synapse modifications necessary for OS/2 support to anyone interested for inclusion in the distribution, but I guess that the discovered problems should be fixed first. Anybody having opportunity to play with it directly under OS/2 may get the patches immediately, of course. Thanks in advance Tomas Tomas, I don't have os/2 and can't do any testing myself. Looking at the winsock traces there is nothing obvious that jumps out although I would have expected some handshaking coming from openssl. You indicated you have another app using openssl. It would be worthwhile to take a winsock trace and see if the openssl handshake shows up. _SSLConnect returning -1 and _ErrGetError returning 0 sounds like SSL_library_init() wasn't called or failed somewhere but then other openssl functions would probably have failed before. It does suggest a fatal error in openssl. You can try forcing SSLType to one of the TSSLType values (default=LT_all) to see if you get a more meaningful error message. Check also that SslMethodV23, SslMethodTLSV1, etc are not nil. Ludo -- LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial Remotely access PCs and mobile devices and provide instant support Improve your efficiency, and focus on delivering more value-add services Discover what IT Professionals Know. Rescue delivers http://p.sf.net/sfu/logmein_12329d2d ___ synalist-public mailing list synalist-public@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/synalist-public
Re: [Synalist] SSLConnect returning -1 but ErrGetError giving 0 (Was: Re: error 500 with https??)
I don't have os/2 and can't do any testing myself. Looking at the winsock traces there is nothing obvious that jumps out although I would have expected some handshaking coming from openssl. You indicated you If I understand it correctly, this handshake is normally initiated by SSLConnect (which fails here i.e. the handshake does not happen), right? Yes, unless openssl on OS/2 doesn't use winsock which your next paragraph suggests but then we have potentially another problem: TSSLOpenSSL.Connect passes a socket handle to openssl obtained with winsock. Is the winsock handle a transparent socket handle and usable by non-winsock apps? have another app using openssl. It would be worthwhile to take a winsock trace and see if the openssl handshake shows up. I cannot provide Winsock trace for the other application (it doesn't use the Winsock layer which was included in OS/2 just as an additional emulation layer for easier porting from MS Windows and the used tracing facility is really specific for the winsock library), but I can provide the corresponding IP dump if that helps (that obviously wouldn't show the API parameters and return values, etc., but only the generated IP traffic). Comparing the IP traffic between a working https connection from the other app and synapse would give you more insight in the usability of the winsock socket handle. If you don't see any traffic after the initial tcp connect handshake then I guess you have your answer: the socket handle is not usable outside winsock. _SSLConnect returning -1 and _ErrGetError returning 0 sounds like SSL_library_init() wasn't called or failed somewhere but then other openssl functions would probably have failed before. It does suggest a SSL_library_init() is called. Yes, I know. Only mentioning that the symptoms look as if it wasn't called or failed;) fatal error in openssl. You can try forcing SSLType to one of the TSSLType values (default=LT_all) to see if you get a more meaningful error message. Check also that SslMethodV23, SslMethodTLSV1, etc are not nil. OK, I will try that and let you know the results. Tomas Ludo -- LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial Remotely access PCs and mobile devices and provide instant support Improve your efficiency, and focus on delivering more value-add services Discover what IT Professionals Know. Rescue delivers http://p.sf.net/sfu/logmein_12329d2d ___ synalist-public mailing list synalist-public@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/synalist-public
Re: [Synalist] disable/enable serial ports using SynaSer
Ludo I have experimented with the code you sent me. It compiled after minimal tweaking of the compiler-mode controls ({$mode delphi}{$H+} out, {$APPTYPE CONSOLE} in), but it doesn't work in my environment (Delphi 7, Windows 7/64). The list of ports is successfully constructed, but then the DisableDevice function returns with DCRErrDIF_PROPERTYCHANGE. Do you have any suggestions? I am ready to give up. A call to GetLastError after failure should give you the reason for the failure. I assume you are running the program with admin rights. Possibly you are hitting the problem of 32bit apps trying to setup 64 bit drivers documented here: http://social.msdn.microsoft.com/Forums/en-US/windowsgeneraldevelopmentissu es/thread/7d731747-724d-4a65-9f12-c6af92fa888f/ http://social.msdn.microsoft.com/Forums/en-US/windowsgeneraldevelopmentissue s/thread/7d731747-724d-4a65-9f12-c6af92fa888f/ Ludo -- Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_sfd2d_oct___ synalist-public mailing list synalist-public@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/synalist-public
Re: [Synalist] disable/enable serial ports using SynaSer
Thanks. The 32 app/ 64 driver mismatch is probably it. I have a Windows 7/32 installation somewhere, so maybe I'll find it and see if the problem is repeatable there. In the meantime, I'll try GetLastError to see what it says, but it probably won't be something I can usefully interpret. To convert the errorcode in a more meaningful message you can do: writeln(SysErrorMessage(GetLastError)); Ludo -- Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_sfd2d_oct___ synalist-public mailing list synalist-public@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/synalist-public
Re: [Synalist] disable/enable serial ports using SynaSer
I can warmly recommend Free Pascal;) Dynlibs is a multi platform wrapper for LoadLibrary and GetProcAddress. Attached you'll find a modified unit that works also with Delphi 2006. Since the unit is windows only, I removed the dependency on dynlibs. Ludo Thanks again. I have not kept up with Free Pascal, but I'll download it now. I may need more help with this. Bob Fenichel At 10:29 PM 10/14/2012, you wrote: On 14-10-2012 21:13, Robert R. Fenichel wrote: Thank you. I am trying to understand your code, but it relies on the DynLibs unit that you did not include. That's a unit delivered with the Free Pascal Compiler for loading dlls... unit controlwindevice; { Enable Disable windows devices Copyright (c) 2010-2012 Ludo Brands Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the Software), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED AS IS, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. } {$ifdef fpc} {$mode delphi}{$H+} {$endif fpc} interface uses Classes, SysUtils,windows; const GUID_DEVCLASS_NET : TGUID = '{4D36E972-E325-11CE-BFC1-08002BE10318}'; GUID_DEVCLASS_PORT : TGUID = '{4D36E978-E325-11CE-BFC1-08002BE10318}'; type TDeviceControlResult=(DCROK,DCRErrEnumDeviceInfo,DCRErrSetClassInstallParams, DCRErrDIF_PROPERTYCHANGE); function LoadDevices(GUID_DevClass:TGUID):TStringList; function EnableDevice(SelectedItem: DWord):TDeviceControlResult; function DisableDevice(SelectedItem: DWord):TDeviceControlResult; implementation // Setup api, based on SetupApi.pas JEDI library const DIF_PROPERTYCHANGE= $0012; DICS_ENABLE = $0001; DICS_DISABLE= $0002; DICS_FLAG_GLOBAL = $0001; // make change in all hardware profiles DIGCF_PRESENT = $0002; SPDRP_DEVICEDESC = $; // DeviceDesc (R/W) SPDRP_CLASS = $0007; // Class (R--tied to ClassGUID) SPDRP_CLASSGUID = $0008; // ClassGUID (R/W) SPDRP_FRIENDLYNAME= $000C; // FriendlyName (R/W) type {$ifndef fpc} ULONG_PTR=DWORD; {$endif fpc} HDEVINFO = Pointer; DI_FUNCTION = LongWord;// Function type for device installer PSPClassInstallHeader = ^TSPClassInstallHeader; SP_CLASSINSTALL_HEADER = packed record cbSize: DWORD; InstallFunction: DI_FUNCTION; end; TSPClassInstallHeader = SP_CLASSINSTALL_HEADER; PSPPropChangeParams = ^TSPPropChangeParams; SP_PROPCHANGE_PARAMS = packed record ClassInstallHeader: TSPClassInstallHeader; StateChange: DWORD; Scope: DWORD; HwProfile: DWORD; end; TSPPropChangeParams = SP_PROPCHANGE_PARAMS; PSPDevInfoData = ^TSPDevInfoData; SP_DEVINFO_DATA = packed record cbSize: DWORD; ClassGuid: TGUID; DevInst: DWORD; // DEVINST handle Reserved: ULONG_PTR; end; TSPDevInfoData = SP_DEVINFO_DATA; TSetupDiEnumDeviceInfo = function(DeviceInfoSet: HDEVINFO; MemberIndex: DWORD; var DeviceInfoData: TSPDevInfoData): LongBool; stdcall; TSetupDiSetClassInstallParamsA = function(DeviceInfoSet: HDEVINFO; DeviceInfoData: PSPDevInfoData; ClassInstallParams: PSPClassInstallHeader; ClassInstallParamsSize: DWORD): LongBool; stdcall; TSetupDiSetClassInstallParamsW = function(DeviceInfoSet: HDEVINFO; DeviceInfoData: PSPDevInfoData; ClassInstallParams: PSPClassInstallHeader; ClassInstallParamsSize: DWORD): LongBool; stdcall; TSetupDiSetClassInstallParams = TSetupDiSetClassInstallParamsA; TSetupDiCallClassInstaller = function(InstallFunction: DI_FUNCTION; DeviceInfoSet: HDEVINFO; DeviceInfoData: PSPDevInfoData): LongBool; stdcall; TSetupDiGetClassDevs = function(ClassGuid: PGUID; const Enumerator: PAnsiChar; hwndParent: HWND; Flags: DWORD): HDEVINFO; stdcall; TSetupDiGetDeviceRegistryPropertyA = function(DeviceInfoSet: HDEVINFO; const DeviceInfoData: TSPDevInfoData; Property_: DWORD; var PropertyRegDataType: DWORD; PropertyBuffer: PBYTE; PropertyBufferSize: DWORD; var RequiredSize: DWORD): BOOL; stdcall
Re: [Synalist] Project ___ raised exception class 'External: SIGPIPE' Mac OS X 10.6
When trying to communicate with an Ethernet device, I am occasionally getting the error: Project ___ raised exception class 'External: SIGPIPE' This only happens with Mac (OS X 10.6), not on Linux or Windows. I've read a few postings regarding the issue: http://bugs.freepascal.org/view.php?id=9401 http://www.mail-archive.com/fpc-pascal@lists.freepascal.org/msg27964.html Should there be an SO_NOSIGPIPE option placed in the code somewhere? I am unsure what to look for in the synapse library to test/solve the issue. Thanks for any help! I don't have the necessary equipement to test this but afaiu the following should work. In blcksock.pas change the following: @@ -1829,6 +1829,10 @@ end; procedure TBlockSocket.InternalCreateSocket(Sin: TVarSin); +{$IFDEF DARWIN} +var + on_off:integer; +{$ENDIF} begin FStopFlag := False; FRecvCounter := 0; @@ -1842,6 +1846,10 @@ FSocket := synsock.Socket(integer(Sin.AddressFamily), GetSocketType, GetSocketProtocol); if FSocket = INVALID_SOCKET then FLastError := synsock.WSAGetLastError; +{$IFDEF DARWIN} +on_off:=1; +synsock.SetSockOpt(FSocket, integer(SOL_SOCKET), integer(SO_NOSIGPIPE), @on_off, SizeOf(integer)); +{$ENDIF} {$IFNDEF CIL} FD_ZERO(FFDSet); FD_SET(FSocket, FFDSet); Another option is to handle the sigpipe yourself and do whatever you want with it instead of crashing your app. Again this is the unix way. I assume this works also on Darwin. Procedure MySigPipe(Sig : Longint; Info : PSigInfo; Context : PSigContext); cdecl; Begin // whatever end; Procedure InstallSigHandler; Var act : SigactionRec; begin fpSigaction(SIGTERM,nil,@act); act.sa_handler:=@MySigPipe; act.sa_flags:=act.sa_flags or SA_SIGINFO; fpSigaction(SIGPIPE,@act,nil); end; Ludo -- Don't let slow site performance ruin your business. Deploy New Relic APM Deploy New Relic app performance management and know exactly what is happening inside your Ruby, Python, PHP, Java, and .NET app Try New Relic at no cost today and get our sweet Data Nerd shirt too! http://p.sf.net/sfu/newrelic-dev2dev ___ synalist-public mailing list synalist-public@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/synalist-public
[Synalist] RE : Can`t get page text using https (Delphi XE2 x64, Synapse trunk)
but if i change url to 'https://www.google.com.ua/' this code don`t work Have you added ssl_openssl to the uses clause? What is THTTPSend.Sock.SSL.LibName returning? After it fails what does THTTPSend.Sock.SSL.LastErrorDesc and THTTPSend.Sock.SSL.LastError return. Ludo -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ___ synalist-public mailing list synalist-public@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/synalist-public
[Synalist] TR : WG: Synapse Rel 40
FYI. Problems were caused by mixing libraries from different versions. Ludo -Message d'origine- De : Stefan Fischer [mailto:sfisc...@basis.biz] Envoyé : jeudi 7 juin 2012 15:10 À : Ludo Brands Objet : Re: [Synalist] WG: Synapse Rel 40 Hi Ludo, now it works. I had a libc and ld-linux.so from an intel system in my local directory. After I've deleted them, I could successfully compile most of the synapse files. Thank you very much for your support. Stefan Am 07.06.2012 um 14:21 schrieb Ludo Brands: Hi Ludo, below is the output of objdump. I have a ld-linux.so.3 not a .2. I have the deleted the version in my local directory. I think it was a version that came from my tries on an intel machine. Stefan root@raspberrypi:/lib# ls ld* ld-2.11.3.so ld-linux.so.3 root@raspberrypi:/lib# objdump -T ld-linux.so.3 ld-linux.so.3: file format elf32-littlearm DYNAMIC SYMBOL TABLE: 07e0 ld .text .text 00024d88 ld .data.rel.ro .data.rel.ro 000110ec gDF .text 002c GLIBC_PRIVATE _dl_get_tls_static_info 00024d9c gDO .data.rel.ro0004 GLIBC_PRIVATE __pointer_chk_guard gDO *ABS* GLIBC_PRIVATE GLIBC_PRIVATE gDO *ABS* GLIBC_2.4 GLIBC_2.4 That confirms that your libc installation is mixing different versions. libc.so is looking for __libc_stack_end@GLIBC_2.1 while ld-linux.so.3 is GLIBC_2.4. See if you don't have multiple versions of libc.so on your system. If there is only one version re-install your build-essential package. Ludo -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ___ synalist-public mailing list synalist-public@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/synalist-public
[Synalist] RE : WG: Synapse Rel 40
There is an error in synapse. It uses libc. This unit is only supported on I386 hardware. Just remove the libc unit. Michael. Synapse runs fine here on arm hardware with debian sid and fpc 2.6.1. Compiled testhttp.pas in source/demo/FreePascal/ without a problem. I do have -Fl/usr/lib/$fpctarget-* added to my fpc.cfg to solve some missing library errors I got in the past. Ludo -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ___ synalist-public mailing list synalist-public@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/synalist-public
[Synalist] RE : RE : WG: Synapse Rel 40
Just removed libc in all .pas (uses clause) from synapse. Same problem. How to install the newest compiler (2.6) onto an arm debian system Apt-get istall fpc installs v2.4 In the debian sid repository you can find 2.6.0-3 Ludo -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ___ synalist-public mailing list synalist-public@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/synalist-public
[Synalist] RE : ssl and sourceforge
No, I tried that already and adding http.AddPortNumberToHost:=false; doesn't change anything :( Hi, that server cannot handle port information in host use http.AddPortNumberToHost:=false; Brona; I can confirm that your test program works with https://sourceforge.net/account/login.php when setting http.AddPortNumberToHost:=false. Without this setting I'm getting: getting https://sourceforge.net/account/login.php Headers out: HTTP/1.0 301 Moved Permanently Location: https://sourceforge.net/account/login.php Server: BigIP Connection: close Content-Length: 0 The 301 reply with a Location pointing to the same address is an indication that the site has a problem with the port number in the 'Host:' header. Your initial mail doesn't mention the 301 response. What version of openssl are you using? Writeln(http.Sock.SSL.LibVersion) gives here 'OpenSSL 0.9.8k 25 Mar 2009'. Ludo -- For Developers, A Lot Can Happen In A Second. Boundary is the first to Know...and Tell You. Monitor Your Applications in Ultra-Fine Resolution. Try it FREE! http://p.sf.net/sfu/Boundary-d2dvs2 ___ synalist-public mailing list synalist-public@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/synalist-public
[Synalist] RE : Adding HookStatus and HookMonitor in console application- looking for example
Hello, I'm using FPC 2.6.0 on Linux with newest SVN's Synapse codebase. I'm writing few console based applications which utilise non-blocking TCP connection and I've found Synapse as the best one library on the market, thank you very much for well done job! :) I need to connect HookMonitor and/or HookStatus to my apps, however I'm lacking a bit od knowledge to do so. Could you please point me to some examples for hooking Status and Monitor in console (non-Lazarus) application? Thank you in advance, Jason The only diffculty is that THookSocketStatus and THookMonitor are defined as procedure() of object. This means that you need to pass a class method to the OnStatus and OnMonitor properties. Here is a sample program that creates a class containing the 2 hooks: program Project1; {$mode objfpc}{$H+} uses blcksock,synsock; type { TMonStat } TMonStat=class(TObject) procedure SocketStatus(Sender: TObject; Reason: THookSocketReason; const Value: String); procedure Monitor(Sender: TObject; Writing: Boolean; const Buffer: TMemory; Len: Integer); end; { TMonStat } procedure TMonStat.SocketStatus(Sender: TObject; Reason: THookSocketReason; const Value: String); begin // end; procedure TMonStat.Monitor(Sender: TObject; Writing: Boolean; const Buffer: TMemory; Len: Integer); begin // end; var sock:TTCPBlockSocket; MonStatus:TMonStat; begin MonStatus:=TMonStat.Create; sock:=TTCPBlockSocket.Create; sock.OnStatus:=@MonStatus.SocketStatus; sock.OnMonitor:=@MonStatus.Monitor; // do whatever with sock, as usual needed here sock.Free; MonStatus.Free; end. You can use one TMonStat instance for all the sockets created in your program but you need to make the OnStatus:=@MonStatus.SocketStatus and OnMonitor:=@MonStatus.Monitor assignment for each and every one. In case you run multiple threads, the usual precautions have to be taken when sharing objects accross thread boundaries. Ludo -- This SF email is sponsosred by: Try Windows Azure free for 90 days Click Here http://p.sf.net/sfu/sfd2d-msazure___ synalist-public mailing list synalist-public@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/synalist-public
[Synalist] RE : TUDPBlockSocket rcvsock.RecvPacket returns nothing
Here http://bansky.net/echotool/ i found command line application that does exactly what i want, written in C#, sure the same could be done in Delphi. What? I don't understand why you use 2 sockets. When you send a message you receive the reply on the same socket. Change your code to the following and you can connect to an echo server (code on http://www.ararat.cz/synapse/doku.php/public:howto:udpserver ) procedure TForm1.UniCastTest; var sock: TUDPBlockSocket; buf: string; begin sock := TUDPBlockSocket.Create; try sock.connect('192.168.2.105','9005'); if sock.LastError 0 then exit; sock.SendString(edStr.Text); buf := sock.RecvPacket(3000); Memo1.Lines.Add('' + buf + ''); sock.CloseSocket; finally sock.free; end; end; // UniCastTest Change server IP and port to your liking. Ludo -- Virtualization Cloud Management Using Capacity Planning Cloud computing makes use of virtualization - but cloud computing also focuses on allowing computing to be delivered as a service. http://www.accelacomm.com/jaw/sfnl/114/51521223/___ synalist-public mailing list synalist-public@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/synalist-public
[Synalist] RE : RE : RE : SFTP - error 10091
Ok, so I'm back to stable synapse 39 and cryptlib 3.2.2. So in summary, problem is in function: TSSLCryptLib.Connect In line: if not SSLCheck(cryptSetAttribute(FCryptSession, CRYPT_SESSINFO_ACTIVE, 1)) then Exit; Function cryptSetAttribute return value -22 and send it to SSLCheck. This occur error: FLastErrorDesc := GetString(FCryptSession, CRYPT_ATTRIBUTE_INT_ERRORMESSAGE); Above string is '敓癲牥爠灥牯整㩤䤠癮污摩瀠獡睳牯d'#0#0#0#0#0#0#0#0#0#0#0#0#0#0#0#0. Instead of these chinese chars I see squares. GetString is calling: cryptGetAttributeString(cryptHandle, attributeType, pointer(Result), l); ... where attributeType=13 I think something wrong is with function cryptSetAttribute (which return -22) because it is suspending for 5-10 seconds. 5-10 seconds isn't that long to do the SSH authorization (even when it fails). The chinese characters could mean 2 things. Delphi 10 interpreting the ascii string as unicode or a mismatch with the cryptlib binding and the cryptlib dll loaded. A while ago I was chasing weird bugs in cryptlib which finally turned out to be a wrong cryptlib ddl being picked up. I contributed then a patch to synapse that checks for the correct dll version at run time. I would suggest you try with synapse snapshot or svn and cryptlib 3.2.2. Ludo -- Virtualization Cloud Management Using Capacity Planning Cloud computing makes use of virtualization - but cloud computing also focuses on allowing computing to be delivered as a service. http://www.accelacomm.com/jaw/sfnl/114/51521223/ ___ synalist-public mailing list synalist-public@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/synalist-public
[Synalist] RE : RE : RE : RE : SFTP - error 10091
I have tried this combination too, but this same error Just tried sftp demo with D2006, cl332 and synapse svn. It connects correctly but then raises an out of memory exception in Receive packet in TSimpleSFTP.Init which is well after the SSH authentication. I get also the 10091 error when I mistype the username or password but it gives a nice Server reported: Invalid password after 5-10 seconds. I don't have D2010 so perhaps somebody else can help. Ludo -- Virtualization Cloud Management Using Capacity Planning Cloud computing makes use of virtualization - but cloud computing also focuses on allowing computing to be delivered as a service. http://www.accelacomm.com/jaw/sfnl/114/51521223/ ___ synalist-public mailing list synalist-public@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/synalist-public
[Synalist] RE : RE : RE : RE : RE : RE : SFTP - error 10091
after commenting out all the unused units i now get TApplication.HandleException Out of memory Stack trace: $0040FE3A $00410189 $005C300D TSIMPLESFTP__INIT, line 769 of SimpleSFTP.pas $005C20F3 TSIMPLESFTP__CONNECT, line 595 of SimpleSFTP.pas $0042BFCF TTESTSFTPFORM__CONNECTBUTTONCLICK, line 89 of Main.pas $004B1679 TCONTROL__CLICK, line 2662 of /usr/local/lazarus/lcl-win32/include/control.inc $00563E03 TBUTTONCONTROL__CLICK, line 62 of /usr/local/lazarus/lcl-win32/include/buttoncontrol.inc $00564536 TCUSTOMBUTTON__CLICK, line 174 of /usr/local/lazarus/lcl-win32/include/buttons.inc $00564CF1 TBUTTON__CLICK, line 349 of /usr/local/lazarus/lcl-win32/include/buttons.inc $00563CBE TBUTTONCONTROL__WMDEFAULTCLICKED, line 26 of /usr/local/lazarus/lcl-win32/include/buttoncontrol.inc $0040CF06 $004A166D TWINCONTROL__WNDPROC, line 5276 of /usr/local/lazarus/lcl-win32/include/wincontrol.inc $005A3ECB DELIVERMESSAGE, line 113 of /usr/local/lazarus/lcl-win32/lclmessageglue.pas $005AE160 GTK2WSBUTTON_CLICKED, line 2307 of /usr/local/lazarus/lcl-win32/interfaces/gtk2/gtk2wsstdctrls.pp $63A44124 $63A57879 $63A58A93 WARNING: TLCLComponent.Destroy with LCLRefCount0. Hint: Maybe the component is processing an event? interesting how the user is able to login /var/log/auth.log Feb 22 12:50:07 localhost sshd[20367]: Accepted password for sftp1 from 127.0.0.1 port 51791 ssh2 Feb 22 12:50:07 localhost sshd[20367]: pam_unix(sshd:session): session opened for user sftp1 by (uid=0) Feb 22 12:50:08 localhost sshd[20367]: pam_unix(sshd:session): session closed for user sftp1 As said before, this problem is after the SSH authentication. You are logged in but the FTP protocol negociation fails. Ludo -- Virtualization Cloud Management Using Capacity Planning Cloud computing makes use of virtualization - but cloud computing also focuses on allowing computing to be delivered as a service. http://www.accelacomm.com/jaw/sfnl/114/51521223/ ___ synalist-public mailing list synalist-public@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/synalist-public
[Synalist] RE : RE : RE : RE : RE : RE : SFTP - error 10091
interesting how the user is able to login /var/log/auth.log Feb 22 12:50:07 localhost sshd[20367]: Accepted password for sftp1 from 127.0.0.1 port 51791 ssh2 Feb 22 12:50:07 localhost sshd[20367]: pam_unix(sshd:session): session opened for user sftp1 by (uid=0) Feb 22 12:50:08 localhost sshd[20367]: pam_unix(sshd:session): session closed for user sftp1 The difference between your situation and mine is that we both get logged in but you don't receive an answer for the ftp negotiation and I receive data that can't be interpreted correctly. Probably a difference in server. At the beginning of TSimpleSFTP.Init it says //negotiate protocol version (we support version 3 only!) . Although, when I connect with the sftp command line (mingw), and type 'version' at the sftp prompt after logging in, it says SFTP protocol version 3. So there is apparently something wrong in the TSimpleSFTP implementation. Ludo -- Virtualization Cloud Management Using Capacity Planning Cloud computing makes use of virtualization - but cloud computing also focuses on allowing computing to be delivered as a service. http://www.accelacomm.com/jaw/sfnl/114/51521223/ ___ synalist-public mailing list synalist-public@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/synalist-public
[Synalist] RE : SFTP - error 10091
Hi, I read all posts which match to 10091 on this news group but can't find solution. I am running demo sftp. I set sll_openssl plugin instead of cryptlib (application is not responding with this plugin). But when I click connect I get error 10091 Network subsystem is unusable. I looked at TSimpleSFTP.Connect and this line is strange: FSocket.SSL.SSLType:=LT_SSHv2; Because is seems that this type is not handled in TSSLOpenSSL.Init: case FSSLType of LT_SSLv2: Fctx := SslCtxNew(SslMethodV2); LT_SSLv3: Fctx := SslCtxNew(SslMethodV3); LT_TLSv1: Fctx := SslCtxNew(SslMethodTLSV1); LT_all: Fctx := SslCtxNew(SslMethodV23); else Exit; end; Case is going to ELSE, so exit with result=false; Can you help me? Regards Openssl has no support for ssh. You have to use cryptlib with synapse for sftp. Ludo -- Keep Your Developer Skills Current with LearnDevNow! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-d2d ___ synalist-public mailing list synalist-public@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/synalist-public
[Synalist] Patch for ssfpc.inc function ResolvePortNumber
Hi, ResolvePortNumber in ssfpc.inc returns the port number in network byte order while the same function in sslinux.inc and sswin32.inc return the port in host byte order. The resulting problem occurs in HTTPSend when using a https proxy. TTCPBlockSocketHTTPTunnelDoConnect will send a CONNECT request to the wrong port. Attached is a patch that changes the byte order in ResolvePortNumber. Cheers, Ludo ssfpc.diff Description: Binary data -- Try before you buy = See our experts in action! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-dev2___ synalist-public mailing list synalist-public@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/synalist-public
[Synalist] RE : RE : RE : How to translate Specific trap number for SNMP v1, Generic = Enterprise Specific traps.
So the same OID can be translated differently by different MIBs. Doesn't help if you want to create a general purpose tool, doesn't it. I've done another test, here's the Wireshark trace. Note, this trap is captured whenever i restart Windows SNMP Service - I've added the trap destination which i run the trap receiver daemon. According to Tivoli support http://lists.skills-1st.co.uk/mharc/html/nv-l/2003-10/msg00153.html, the trap 0 oid 1.3.6.1.4.1.311.1.1.3.1.1 is indeed sent every time a snmp service is started and should be interpreted as MSFT-MIB::workstation ColdStart. A server would send trap 0 OID 1.3.6.1.4.1.311.1.1.3.1.2 Ludo -- The demand for IT networking professionals continues to grow, and the demand for specialized networking skills is growing even more rapidly. Take a complimentary Learning@Cisco Self-Assessment and learn about Cisco certifications, training, and career opportunities. http://p.sf.net/sfu/cisco-dev2dev ___ synalist-public mailing list synalist-public@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/synalist-public
[Synalist] RE : RE : How to translate Specific trap number for SNMP v1, Generic = Enterprise Specific traps.
But for non-enterprise specific trap, I'm not sure if I did it correctly. For example, Windows SNMP service sends the following Link up trap v1. OldTrapHost(Source): 127.0.0.1 OldTrapGen(Generic): 3 OldTrapSpec (Specific): 0 OldTrapEnterprise: 1.3.6.1.4.1.311.1.1.3.1.1 I found out that 1.3.6.1.4.1.311.1.1.3.1.1 can be decoded using MSFT-MIB.mib into - MSFT-MIB::workstation. OldTrapEnterprise+'.'+IntToString(OldTrapGen+1). = 1.3.6.1.4.1.311.1.1.3.1.1.4 - decodes into - MSFT-MIB::workstation.4. Not sure if this is correct? Thanks. Strange. 1.3.6.1.4.1.311.1.1.3.1.1 is the Windows-NT-Perfomance root oid: http://www.oidview.com/mibs/311/WINDOWS-NT-PERFORMANCE.html and not a trap. 1.3.6.1.4.1.311.1.1.3.1.1.4 is WINDOWS-NT-PERFORMANCE::pdiskphysicalDiskTable. Do you have any additional parameters. The conversion between v1 and v2 notifications is defined in rfc2576: http://tools.ietf.org/html/rfc2576#page-12 However it seems that the translation for non enterpriseSpecific is working rarely: 1.3.6.1.6.3.1.1.5=SNMPv2-MIB::snmpTraps 1.3.6.1.6.3.1.1.5.1=SNMPv2-MIB::coldStart 1.3.6.1.6.3.1.1.5.2=SNMPv2-MIB::warmStart Etc But 1.3.6.1.4.1.2021.251=UCD-SNMP-MIB::ucdTraps 1.3.6.1.4.1.2021.251.1=UCD-SNMP-MIB::ucdStart 1.3.6.1.4.1.2021.251.2=UCD-SNMP-MIB::ucdShutdown On the other hand the Generic Trap Names are static and can be translated directly. Ludo -- The demand for IT networking professionals continues to grow, and the demand for specialized networking skills is growing even more rapidly. Take a complimentary Learning@Cisco Self-Assessment and learn about Cisco certifications, training, and career opportunities. http://p.sf.net/sfu/cisco-dev2dev ___ synalist-public mailing list synalist-public@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/synalist-public
[Synalist] RE : How to translate Specific trap number for SNMP v1, Generic = Enterprise Specific traps.
Hi, Previously, I asked about translation of OID (Enterprise and Variable bindings). Ludo suggested using snmptranslate.exe, which I managed to get it work using: snmptranslate.exe -MC:\mibs -mALL .1.3.6.1.2.1.39.2.2 I am receiving SNMP v1 traps with generic = enterpriseSpecific (6), hence I need to decode the specific trap number represented by OldTrapSpec in TSNMPSend. See: http://docstore.mik.ua/orelly/networking_2ndEd/snmp/ch02_06.htm (see text To process this trap properly, the NMS has to decode the specific trap number that is part of the SNMP message. ) Thanks for any guidance. You convert a V1 enterprise specific trap to a V2 notification by concatenating enterprise, a 0 and the specific trap code: OldTrapEnterprise+'.0.'+IntToString(OldTrapSpec) This combined OID can be looked up with snmptranslate. For non enterprise specific traps you can look up OldTrapEnterprise+'.'+IntToString(OldTrapGen+1). Parameters returned in MIBName can be looked up directly. Ludo -- The demand for IT networking professionals continues to grow, and the demand for specialized networking skills is growing even more rapidly. Take a complimentary Learning@Cisco Self-Assessment and learn about Cisco certifications, training, and career opportunities. http://p.sf.net/sfu/cisco-dev2dev ___ synalist-public mailing list synalist-public@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/synalist-public
[Synalist] RE : Https error: network subsystem is unusable
I have this simple multi-thread program that makes https requests. Unfortunately the requests are returning this error message: network subsystem is unusable I can't find the cause or explanation. I tried to force the ssl type to v2 and v3, but this error keeps showing up. I also have tried with dlls from both 0.98h and 1.0d. I also have tried to run it on different computers, 32bit Seven and 32bit xp. No luky so far. Some advice? WSASYSNOTREADY (network subsystem is unusable) is the error returned when SSL.Connect fails. You can get more error info from THTTPSend.Sock.SSL.LastError; and THTTPSend.Sock.SSL.LastErrorDesc; . If the error occurs for one site in particular you can get more info from running openssl s_client -connect host:port from the command line. If all https requests fail, check that THTTPSend.Sock.SSL.LibVersion returns the openssl version. If not, the application couldn't load the openssl library. Ludo -- FREE DOWNLOAD - uberSVN with Social Coding for Subversion. Subversion made easy with a complete admin console. Easy to use, easy to manage, easy to install, easy to extend. Get a Free download of the new open ALM Subversion platform now. http://p.sf.net/sfu/wandisco-dev2dev___ synalist-public mailing list synalist-public@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/synalist-public
[Synalist] RE : HttpSend SSL error
Using HttpSend, I have struggled to understand why some pages return no content at all when requested using THttpSend, but are perfectly Quick idea: what OpenSSL version you are using? Some version around 0.9.8m is buggy! openssl s_client -connect dspace.library.uvic.ca:8443 works on OpenSSL 0.9.8l (windows), 0.9.8r (cygwin) but not on 1.0.0d. Error is: 5956:error:140773F2:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert unexpected message:.\ssl\s23_clnt.c:658: This is also the error synapse is receiving. The older versions that work, report a self signed certificate in the chain and curl using 0.9.8r requires a --insecure to get the page. This is strange since firefox doesn't warn about certificates. Normally it refuses self signed certificates. So older versions work but do have problems with this site. Ludo -- BlackBerryreg; DevCon Americas, Oct. 18-20, San Francisco, CA The must-attend event for mobile developers. Connect with experts. Get tools for creating Super Apps. See the latest technologies. Sessions, hands-on labs, demos much more. Register early save! http://p.sf.net/sfu/rim-blackberry-1 ___ synalist-public mailing list synalist-public@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/synalist-public
[Synalist] RE : RE : HttpSend SSL error
Using HttpSend, I have struggled to understand why some pages return no content at all when requested using THttpSend, but are perfectly Quick idea: what OpenSSL version you are using? Some version around 0.9.8m is buggy! openssl s_client -connect dspace.library.uvic.ca:8443 works on OpenSSL 0.9.8l (windows), 0.9.8r (cygwin) but not on 1.0.0d. Error is: 5956:error:140773F2:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert unexpected message:.\ssl\s23_clnt.c:658: This is also the error synapse is receiving. The older versions that work, report a self signed certificate in the chain and curl using 0.9.8r requires a --insecure to get the page. This is strange since firefox doesn't warn about certificates. Normally it refuses self signed certificates. So older versions work but do have problems with this site. Ludo The problem is that the site doesn't support autodetection of ssl version. Force the version to sslv3 and it connects. Uses blcksock ... ht.sock.SSL.SSLType:=LT_SSLv3; openssl s_client -ssl3 -connect dspace.library.uvic.ca:8443 works for version 1.0.0.d. The implementation of autodetection seems to have changed in between. Ludo -- BlackBerryreg; DevCon Americas, Oct. 18-20, San Francisco, CA The must-attend event for mobile developers. Connect with experts. Get tools for creating Super Apps. See the latest technologies. Sessions, hands-on labs, demos much more. Register early save! http://p.sf.net/sfu/rim-blackberry-1 ___ synalist-public mailing list synalist-public@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/synalist-public
[Synalist] RE : RE : GetLocalIPs only returns 127.0.01 (Linux)
Attached is a small I program I created based on ioctl and SIOCGIFCONF. It works fine on linux 32 bits. On 64 bits the record tifmap should be 24 bytes instead of 16. Record alignment on 64 bits doesn't seem to alright. Using i:=i+40 instead of i:=i+sizeof(TIFrec); works for 64 bit. You'll notice that in the function GetLocalIPs I also build the string names which lists the names of the interfaces. That is for debugging only but could be used if needed. Ludo -Message d'origine- De : Sascha-Carsten Wedler [mailto:fxmave...@web.de] Envoyé : mercredi 20 juillet 2011 15:52 À : Ararat Synapse Objet : Re: [Synalist] RE : GetLocalIPs only returns 127.0.01 (Linux) Hello Ludo, thx for this information and the tipps. i think i will try to parse the output of ifconfig... i am wondering, that there is no common way without these output-parsing-tricks... Greets FX -Ursprüngliche Nachricht- Von: Ludo Brands ludo.bra...@free.fr Gesendet: 20.07.2011 14:09:39 An: 'Ararat Synapse' synalist-public@lists.sourceforge.net Betreff: [Synalist] RE : GetLocalIPs only returns 127.0.01 (Linux) GetLocalIPs on linux is using DNS to resolve the name of your local machine. In most cases this is not going to return anything. The most reliable solution would be to parse the output of ifconfig or of /sbin/ip -o addr. I've seen some samples in C that use ioctl with SIOCGIFCONF, which is pretty much what ifconfig does, but they are all rather complicated to implement. Ludo -Message d'origine- De : Sascha-Carsten Wedler [mailto:fxmave...@web.de] Envoyé : mercredi 20 juillet 2011 10:57 À : synalist-public@lists.sourceforge.net Objet : [Synalist] GetLocalIPs only returns 127.0.01 (Linux) Hello, is there a ay to get the GetLocalIPs function working under linux/fpc? I testet the last stable and the trunc version, without success. The function returns 127.0.0.1 only. I'm using Ubuntu 9.04 and FPC 2.4.2 / Lazarus svn Can anyone help? Greets FX Schon gehört? WEB.DE hat einen genialen Phishing-Filter in die Toolbar eingebaut! http://produkte.web.de/go/toolbar - -- --- 10 Tips for Better Web Security Learn 10 ways to better secure your business today. Topics covered include: Web security, SSL, hacker attacks Denial of Service (DoS), private keys, security Microsoft Exchange, secure Instant Messaging, and much more. http://www.accelacomm.com/jaw/sfnl/114/51426210/ ___ synalist-public mailing list synalist-public@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/synalist-public ___ Schon gehört? WEB.DE hat einen genialen Phishing-Filter in die Toolbar eingebaut! http://produkte.web.de/go/toolbar -- 10 Tips for Better Web Security Learn 10 ways to better secure your business today. Topics covered include: Web security, SSL, hacker attacks Denial of Service (DoS), private keys, security Microsoft Exchange, secure Instant Messaging, and much more. http://www.accelacomm.com/jaw/sfnl/114/51426210/ ___ synalist-public mailing list synalist-public@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/synalist-public getlocalips.lpr Description: Binary data -- 10 Tips for Better Web Security Learn 10 ways to better secure your business today. Topics covered include: Web security, SSL, hacker attacks Denial of Service (DoS), private keys, security Microsoft Exchange, secure Instant Messaging, and much more. http://www.accelacomm.com/jaw/sfnl/114/51426210/___ synalist-public mailing list synalist-public@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/synalist-public
[Synalist] RE : RE : RE : GetLocalIPs only returns 127.0.01 (Linux)
Tifmap declaration corrected for 64 bits. It works now both on linux 32 and 64 bits. Ludo -Message d'origine- De : Ludo Brands [mailto:ludo.bra...@free.fr] Envoyé : mercredi 20 juillet 2011 18:14 À : 'Ararat Synapse' Objet : [Synalist] RE : RE : GetLocalIPs only returns 127.0.01 (Linux) Attached is a small I program I created based on ioctl and SIOCGIFCONF. It works fine on linux 32 bits. On 64 bits the record tifmap should be 24 bytes instead of 16. Record alignment on 64 bits doesn't seem to alright. Using i:=i+40 instead of i:=i+sizeof(TIFrec); works for 64 bit. You'll notice that in the function GetLocalIPs I also build the string names which lists the names of the interfaces. That is for debugging only but could be used if needed. Ludo -Message d'origine- De : Sascha-Carsten Wedler [mailto:fxmave...@web.de] Envoyé : mercredi 20 juillet 2011 15:52 À : Ararat Synapse Objet : Re: [Synalist] RE : GetLocalIPs only returns 127.0.01 (Linux) Hello Ludo, thx for this information and the tipps. i think i will try to parse the output of ifconfig... i am wondering, that there is no common way without these output-parsing-tricks... Greets FX -Ursprüngliche Nachricht- Von: Ludo Brands ludo.bra...@free.fr Gesendet: 20.07.2011 14:09:39 An: 'Ararat Synapse' synalist-public@lists.sourceforge.net Betreff: [Synalist] RE : GetLocalIPs only returns 127.0.01 (Linux) GetLocalIPs on linux is using DNS to resolve the name of your local machine. In most cases this is not going to return anything. The most reliable solution would be to parse the output of ifconfig or of /sbin/ip -o addr. I've seen some samples in C that use ioctl with SIOCGIFCONF, which is pretty much what ifconfig does, but they are all rather complicated to implement. Ludo -Message d'origine- De : Sascha-Carsten Wedler [mailto:fxmave...@web.de] Envoyé : mercredi 20 juillet 2011 10:57 À : synalist-public@lists.sourceforge.net Objet : [Synalist] GetLocalIPs only returns 127.0.01 (Linux) Hello, is there a ay to get the GetLocalIPs function working under linux/fpc? I testet the last stable and the trunc version, without success. The function returns 127.0.0.1 only. I'm using Ubuntu 9.04 and FPC 2.4.2 / Lazarus svn Can anyone help? Greets FX Schon gehört? WEB.DE hat einen genialen Phishing-Filter in die Toolbar eingebaut! http://produkte.web.de/go/toolbar - -- --- 10 Tips for Better Web Security Learn 10 ways to better secure your business today. Topics covered include: Web security, SSL, hacker attacks Denial of Service (DoS), private keys, security Microsoft Exchange, secure Instant Messaging, and much more. http://www.accelacomm.com/jaw/sfnl/114/51426210/ ___ synalist-public mailing list synalist-public@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/synalist-public ___ Schon gehört? WEB.DE hat einen genialen Phishing-Filter in die Toolbar eingebaut! http://produkte.web.de/go/toolbar -- 10 Tips for Better Web Security Learn 10 ways to better secure your business today. Topics covered include: Web security, SSL, hacker attacks Denial of Service (DoS), private keys, security Microsoft Exchange, secure Instant Messaging, and much more. http://www.accelacomm.com/jaw/sfnl/114/51426210/ ___ synalist-public mailing list synalist-public@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/synalist-public getlocalips.lpr Description: Binary data -- 10 Tips for Better Web Security Learn 10 ways to better secure your business today. Topics covered include: Web security, SSL, hacker attacks Denial of Service (DoS), private keys, security Microsoft Exchange, secure Instant Messaging, and much more. http://www.accelacomm.com/jaw/sfnl/114/51426210/___ synalist-public mailing list synalist-public@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/synalist-public
[Synalist] RE : THTTPSend GET slower than wget
What download speed are you talking about? I compared downloading a 25M file from http://ftp.fr.debian.org/ with synapse and wget and both download at around 2.9MB/s. This is the max speed of my WAN connection. Wget uses slightly more CPU (saving the file?) but cpu isn't the bottleneck neither. As Michael said, synapse loads everything in memory. The stream data grows with small increments but AFAIK tmemorystream is optimized to not resize in small chunks which would slow down a lot. The web site you're downloading from isn't doing any bandwith throttling depending on the UserAgent? Ludo -Message d'origine- De : Leonardo M. Ramé [mailto:martinr...@yahoo.com] Envoyé : mercredi 20 juillet 2011 19:57 À : Ararat Synapse Objet : Re: [Synalist] THTTPSend GET slower than wget - Original Message - From: Michael Van Canneyt mich...@freepascal.org To: Ararat Synapse synalist-public@lists.sourceforge.net Cc: Sent: Wednesday, July 20, 2011 2:39 PM Subject: Re: [Synalist] THTTPSend GET slower than wget On Wed, 20 Jul 2011, Leonardo M. Ramé wrote: Hi, I'm using THTTPSend to retrieve some files of ~10mb in size aprox. using GET method. As it felt slow, I did some tests using wget and curl to call the same urls and found THTTPSend takes almost twice the time of the other utilities. I use this code to get the files: lHttp := THTTPSend.Create; lHttp.Sock.OnHeartbeat:=@HeartBeat; lHttp.Sock.HeartbeatRate := 5000; if lHttp.HTTPMethod('GET', FUrl) then begin lHttp.Document.Position:= 0; // do something with Document end; lHttp.Free; How can I improve the speed of this transfer?. I've tested commenting out the HeartBeat, but it doesn't improve. If you're saving to file: Set the document property directly to the file stream. If I recall correctly, by default, all is loaded in memory, and then tranferred to file. No, I'm using the stream in memory. -- 10 Tips for Better Web Security Learn 10 ways to better secure your business today. Topics covered include: Web security, SSL, hacker attacks Denial of Service (DoS), private keys, security Microsoft Exchange, secure Instant Messaging, and much more. http://www.accelacomm.com/jaw/sfnl/114/51426210/ ___ synalist-public mailing list synalist-public@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/synalist-public -- 10 Tips for Better Web Security Learn 10 ways to better secure your business today. Topics covered include: Web security, SSL, hacker attacks Denial of Service (DoS), private keys, security Microsoft Exchange, secure Instant Messaging, and much more. http://www.accelacomm.com/jaw/sfnl/114/51426210/ ___ synalist-public mailing list synalist-public@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/synalist-public
[Synalist] RE : RE : SNMPv3 on Solaris
Apparently the MD5 calculation in synacode doesn't work with big endian processors. I verified the md5 implementation in freepascal and that works correctly on sparc. Attached the testprogram I used containing a rewrite of MD5LongHash using fpc md5 routines. Ludo -Message d'origine- De : Ungarn [mailto:ung...@its-pro.net] Envoyé : lundi 18 juillet 2011 17:39 À : Ararat Synapse Objet : Re: [Synalist] RE : SNMPv3 on Solaris hi again, i think i have found the problem with snmpv3 on sparc solaris its in the Pass2Key function of snmpsend the function MD5LongHash below have on linux and windows the same result 54 E4 2E 39 06 06 15 0A 0D CB 67 FA 5B 67 75 CA but cross compiled for sparc solaris this 90 08 0A 2F FA 64 67 25 BC 43 7D AD 58 0A 26 A9 thanks for any advise peter begin s := MD5LongHash( 'testtest', 1048576 ); for cnt := 1 to Length( s ) do begin Write( IntToHex( Ord( s[cnt] ), 2 ) ); Write( ' ' ); end; WriteLn; end. here is my little prog var snmp : TSNMPSend; begin snmp := TSNMPSend.Create; snmp.Query.Clear; snmp.Query.Version := 3; snmp.Query.Flags := AuthPriv; snmp.Query.FlagReportable := True; snmp.Query.UserName := 'snmpv3'; snmp.Query.AuthMode := AuthMD5; snmp.Query.Password := 'testtest'; snmp.Query.PrivMode := PrivDES; snmp.Query.PrivPassword := 'testtest'; snmp.TargetHost := '192.168.10.2'; snmp.Query.PDUType := PDUGetRequest; snmp.Query.MIBAdd( '1.3.6.1.2.1.1.5.0', '', asn1util.ASN1_NULL ); if snmp.SendRequest = True then WriteLn( 'Ok : ' + snmp.Reply.MIBByIndex( 0 ).OID + ' - ' + snmp.Reply.MIBByIndex( 0 ).Value ) else WriteLn( 'Fail' ); end. Works fine here on Solaris x86 when contacting an Ubuntu 64 server. I'm using fpc 2.5.1 svn. Ludo -- AppSumo Presents a FREE Video for the SourceForge Community by Eric Ries, the creator of the Lean Startup Methodology on Lean Startup Secrets Revealed. This video shows you how to validate your ideas, optimize your ideas and identify your business strategy. http://p.sf.net/sfu/appsumosfdev2dev ___ synalist-public mailing list synalist-public@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/synalist-public -- AppSumo Presents a FREE Video for the SourceForge Community by Eric Ries, the creator of the Lean Startup Methodology on Lean Startup Secrets Revealed. This video shows you how to validate your ideas, optimize your ideas and identify your business strategy. http://p.sf.net/sfu/appsumosfdev2dev ___ synalist-public mailing list synalist-public@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/synalist-public
[Synalist] RE : RE : RE : SNMPv3 on Solaris
If you define CIL the synacode md5 is OK (compile with -dCIL). Ludo -Message d'origine- De : Ludo Brands [mailto:ludo.bra...@free.fr] Envoyé : lundi 18 juillet 2011 18:48 À : 'Ararat Synapse' Objet : [Synalist] RE : RE : SNMPv3 on Solaris Apparently the MD5 calculation in synacode doesn't work with big endian processors. I verified the md5 implementation in freepascal and that works correctly on sparc. Attached the testprogram I used containing a rewrite of MD5LongHash using fpc md5 routines. Ludo -Message d'origine- De : Ungarn [mailto:ung...@its-pro.net] Envoyé : lundi 18 juillet 2011 17:39 À : Ararat Synapse Objet : Re: [Synalist] RE : SNMPv3 on Solaris hi again, i think i have found the problem with snmpv3 on sparc solaris its in the Pass2Key function of snmpsend the function MD5LongHash below have on linux and windows the same result 54 E4 2E 39 06 06 15 0A 0D CB 67 FA 5B 67 75 CA but cross compiled for sparc solaris this 90 08 0A 2F FA 64 67 25 BC 43 7D AD 58 0A 26 A9 thanks for any advise peter begin s := MD5LongHash( 'testtest', 1048576 ); for cnt := 1 to Length( s ) do begin Write( IntToHex( Ord( s[cnt] ), 2 ) ); Write( ' ' ); end; WriteLn; end. here is my little prog var snmp : TSNMPSend; begin snmp := TSNMPSend.Create; snmp.Query.Clear; snmp.Query.Version := 3; snmp.Query.Flags := AuthPriv; snmp.Query.FlagReportable := True; snmp.Query.UserName := 'snmpv3'; snmp.Query.AuthMode := AuthMD5; snmp.Query.Password := 'testtest'; snmp.Query.PrivMode := PrivDES; snmp.Query.PrivPassword := 'testtest'; snmp.TargetHost := '192.168.10.2'; snmp.Query.PDUType := PDUGetRequest; snmp.Query.MIBAdd( '1.3.6.1.2.1.1.5.0', '', asn1util.ASN1_NULL ); if snmp.SendRequest = True then WriteLn( 'Ok : ' + snmp.Reply.MIBByIndex( 0 ).OID + ' - ' + snmp.Reply.MIBByIndex( 0 ).Value ) else WriteLn( 'Fail' ); end. Works fine here on Solaris x86 when contacting an Ubuntu 64 server. I'm using fpc 2.5.1 svn. Ludo -- AppSumo Presents a FREE Video for the SourceForge Community by Eric Ries, the creator of the Lean Startup Methodology on Lean Startup Secrets Revealed. This video shows you how to validate your ideas, optimize your ideas and identify your business strategy. http://p.sf.net/sfu/appsumosfdev2dev ___ synalist-public mailing list synalist-public@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/synalist-public -- AppSumo Presents a FREE Video for the SourceForge Community by Eric Ries, the creator of the Lean Startup Methodology on Lean Startup Secrets Revealed. This video shows you how to validate your ideas, optimize your ideas and identify your business strategy. http://p.sf.net/sfu/appsumosfdev2dev ___ synalist-public mailing list synalist-public@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/synalist-public -- AppSumo Presents a FREE Video for the SourceForge Community by Eric Ries, the creator of the Lean Startup Methodology on Lean Startup Secrets Revealed. This video shows you how to validate your ideas, optimize your ideas and identify your business strategy. http://p.sf.net/sfu/appsumosfdev2dev ___ synalist-public mailing list synalist-public@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/synalist-public
[Synalist] RE : RE : RE : RE : SNMPv3 on Solaris
The CIL define is used in a lot of synapse units. I suggest you put a {$define CIL} in the begining of synacode.pas instead. After some research I found that CIL was apparently meant for Delphi.net... Ludo -Message d'origine- De : Ludo Brands [mailto:ludo.bra...@free.fr] Envoyé : lundi 18 juillet 2011 19:06 À : 'Ararat Synapse' Objet : [Synalist] RE : RE : RE : SNMPv3 on Solaris If you define CIL the synacode md5 is OK (compile with -dCIL). Ludo -Message d'origine- De : Ludo Brands [mailto:ludo.bra...@free.fr] Envoyé : lundi 18 juillet 2011 18:48 À : 'Ararat Synapse' Objet : [Synalist] RE : RE : SNMPv3 on Solaris Apparently the MD5 calculation in synacode doesn't work with big endian processors. I verified the md5 implementation in freepascal and that works correctly on sparc. Attached the testprogram I used containing a rewrite of MD5LongHash using fpc md5 routines. Ludo -Message d'origine- De : Ungarn [mailto:ung...@its-pro.net] Envoyé : lundi 18 juillet 2011 17:39 À : Ararat Synapse Objet : Re: [Synalist] RE : SNMPv3 on Solaris hi again, i think i have found the problem with snmpv3 on sparc solaris its in the Pass2Key function of snmpsend the function MD5LongHash below have on linux and windows the same result 54 E4 2E 39 06 06 15 0A 0D CB 67 FA 5B 67 75 CA but cross compiled for sparc solaris this 90 08 0A 2F FA 64 67 25 BC 43 7D AD 58 0A 26 A9 thanks for any advise peter begin s := MD5LongHash( 'testtest', 1048576 ); for cnt := 1 to Length( s ) do begin Write( IntToHex( Ord( s[cnt] ), 2 ) ); Write( ' ' ); end; WriteLn; end. here is my little prog var snmp : TSNMPSend; begin snmp := TSNMPSend.Create; snmp.Query.Clear; snmp.Query.Version := 3; snmp.Query.Flags := AuthPriv; snmp.Query.FlagReportable := True; snmp.Query.UserName := 'snmpv3'; snmp.Query.AuthMode := AuthMD5; snmp.Query.Password := 'testtest'; snmp.Query.PrivMode := PrivDES; snmp.Query.PrivPassword := 'testtest'; snmp.TargetHost := '192.168.10.2'; snmp.Query.PDUType := PDUGetRequest; snmp.Query.MIBAdd( '1.3.6.1.2.1.1.5.0', '', asn1util.ASN1_NULL ); if snmp.SendRequest = True then WriteLn( 'Ok : ' + snmp.Reply.MIBByIndex( 0 ).OID + ' - ' + snmp.Reply.MIBByIndex( 0 ).Value ) else WriteLn( 'Fail' ); end. Works fine here on Solaris x86 when contacting an Ubuntu 64 server. I'm using fpc 2.5.1 svn. Ludo -- AppSumo Presents a FREE Video for the SourceForge Community by Eric Ries, the creator of the Lean Startup Methodology on Lean Startup Secrets Revealed. This video shows you how to validate your ideas, optimize your ideas and identify your business strategy. http://p.sf.net/sfu/appsumosfdev2dev ___ synalist-public mailing list synalist-public@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/synalist-public -- AppSumo Presents a FREE Video for the SourceForge Community by Eric Ries, the creator of the Lean Startup Methodology on Lean Startup Secrets Revealed. This video shows you how to validate your ideas, optimize your ideas and identify your business strategy. http://p.sf.net/sfu/appsumosfdev2dev ___ synalist-public mailing list synalist-public@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/synalist-public -- AppSumo Presents a FREE Video for the SourceForge Community by Eric Ries, the creator of the Lean Startup Methodology on Lean Startup Secrets Revealed. This video shows you how to validate your ideas, optimize your ideas and identify your business strategy. http://p.sf.net/sfu/appsumosfdev2dev ___ synalist-public mailing list synalist-public@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/synalist-public -- AppSumo Presents a FREE Video for the SourceForge Community by Eric Ries, the creator of the Lean Startup Methodology on Lean Startup Secrets Revealed. This video shows you how to validate your ideas, optimize your ideas and identify your business strategy. http://p.sf.net/sfu/appsumosfdev2dev ___ synalist-public mailing list synalist-public
[Synalist] RE : RE : SNMPGetTable error?
SNMPGetTable get's the entries in the table pointed to by OID. In our case OID= .iso.org.dod.internet.mgmt.mib-2.ip.ipRouteTable. The entries are ipRouteTable.ipRouteEntry and elements are ipRouteTable.ipRouteEntry.ipRouteDest, etc. To group elements in an entry you drop the ipRouteDest,etc which is what fetch(row, '.') does. If you want one line per route you'll need to a SNMPGetTable of 1.3.6.1.2.1.4.21.1 instead of 1.3.6.1.2.1.4.21.1.1. You'll get all the elements per line (next hop, mask, etc.) but that is similar to the Routing table tab in Getif. In other words: the ipRouteTable is made up of ipRouteEntry's, not of ipRouteDest's. So, SNMPGetTable gets you the table at OID (ie. entries below OID). What you are looking for is a filter on replies starting with OID. Ludo -Message d'origine- De : John Repucci [mailto:john.repu...@gmail.com] Envoyé : vendredi 15 juillet 2011 03:36 À : Ararat Synapse Objet : Re: [Synalist] RE : SNMPGetTable error? I'm now using v4 and I have the same issue. I added two routes to my test router: 10.0.0.0/32 12.0.0.0/8 and SNMPGetTable returns both of them on one line as 10.0.0.0,12.0.0.0. The above routes are clearly not default routes and they should not be combined. This appears to happen because SNMPGetList sets the index variable x to 0 for any route whose 2,3 4 octet's = '0.0.0' and the following code combines routes thus identified into row 0. The function row := separateright(oid, baseoid + '.');does return the correct and full IP address, but after col := fetch(row, '.'); row only contains the last three octets. Fetch appears to remove the 1st octet from the string contained in row. col does not appear to be used. If I comment out the col := fetch(row, '.'); line, SNMPGetTable works as expected. What is that line doing and does it need to be there? Variable values for the 12.0.0.0 route BASEOID: 0x5f0704 '1.3.6.1.2.1.4.21.1.1' OID: 0x5b2f0 '1.3.6.1.2.1.4.21.1.1.12.0.0.0' ROW 0x3b14b20 '0.0.0' Network/MaskProtoAge Slot Cost NextHop Address AS --- -- - - - 10.0.0.0/32 Static401 1 192.168.170.254 12.0.0.0/8 Static 41 1 192.168.170.254 192.168.170.128/25 Direct 125621 0 192.168.170.254 192.168.255.78/32 Direct 125621 0 192.168.255.78 -- AppSumo Presents a FREE Video for the SourceForge Community by Eric Ries, the creator of the Lean Startup Methodology on Lean Startup Secrets Revealed. This video shows you how to validate your ideas, optimize your ideas and identify your business strategy. http://p.sf.net/sfu/appsumosfdev2dev___ synalist-public mailing list synalist-public@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/synalist-public
[Synalist] RE : RE : SSL Login to Exchange IMAP Server
when I check Capability I get: IMAP4,IMAP4rev1,IDLE,LOGIN-REFERRALS,MAILBOX-REFERRALS,NAMESPA CE,LITERAL+,UIDPLUS,CHILDREN So there is no STARTTLS - AutoTLS shouldn't work. Now I checked the other possibilities of SSLType: LT_SSLv2: Error error:140650B5:SSL routines:CLIENT_HELLO:no ciphers available in function: login LT_SSLv3: Error error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number in function: login LT_TLSv1_1 and LT_SSHv2: Error Network subsystem is unusable in function: login I guess, that the IMAP support on this specific exchange server is not properly setup. Problem is, that I don't have the rights to install anything except my program. So I can't check the IMAP support with another email program. Cheers, Adrian. Connection to port 143 is apparently working (capability returns something). There isn' t a problem with a firewall blocking the ssl port? Also, when you specified FullSSL, did you specify TargetPort as this should be set to the IMAP ssl port used by the server? Ludo -- All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2d-c2 ___ synalist-public mailing list synalist-public@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/synalist-public
[Synalist] RE : SNMPv3 on Solaris
here is my little prog var snmp : TSNMPSend; begin snmp := TSNMPSend.Create; snmp.Query.Clear; snmp.Query.Version := 3; snmp.Query.Flags := AuthPriv; snmp.Query.FlagReportable := True; snmp.Query.UserName := 'snmpv3'; snmp.Query.AuthMode := AuthMD5; snmp.Query.Password := 'testtest'; snmp.Query.PrivMode := PrivDES; snmp.Query.PrivPassword := 'testtest'; snmp.TargetHost := '192.168.10.2'; snmp.Query.PDUType := PDUGetRequest; snmp.Query.MIBAdd( '1.3.6.1.2.1.1.5.0', '', asn1util.ASN1_NULL ); if snmp.SendRequest = True then WriteLn( 'Ok : ' + snmp.Reply.MIBByIndex( 0 ).OID + ' - ' + snmp.Reply.MIBByIndex( 0 ).Value ) else WriteLn( 'Fail' ); end. Works fine here on Solaris x86 when contacting an Ubuntu 64 server. I'm using fpc 2.5.1 svn. Ludo -- All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2d-c2 ___ synalist-public mailing list synalist-public@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/synalist-public
[Synalist] RE : RE : RE : RE : RE : RE : synapse on sparc-solaris
Marco, The patch I'm going to propose is to solaris/unxsockh.inc which is platform specific. It'll include defines from /usr/include/netinet/in.h which are included in linux/unxsockh.inc but missing in solaris/unxsockh.inc. I won't include the MSG_NOSIGNAL HACK. ssfpc.pas/inc has already ifdef's around MSG_NOSIGNAL and adding another platform is indeed the cleanest solution. Ludo No emulations. The policy is roughly this: - if the constant is supported by most platforms it can be added to a platform independant unit (like sockets) with a platform; modifier, and it will not be there or emulated for units that don't support it. - if the constant is only supported by one platform it must move to a platform specific unit. Actually it is on my todo to further clean up the sockets unit that way, marking OS specific functionality that might not be implemented with Platform;. Bootstrapping issues prevented large scale adding of such modifiers till now. (and actually for a time MSG_NOSIGNAL was not there in FreeBSD either, till a later revision added (documented?) the functionality. So it seems to be not an universal constant) -- All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2d-c2 ___ synalist-public mailing list synalist-public@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/synalist-public
[Synalist] RE : RE : RE : RE : RE : RE : synapse on sparc-solaris
Lukas, Attached a patch for ssfpc.inc against svn 146. It includes the solaris definitions for SOCK_STREAM, etc. and the definition (0) for MSG_NOSIGNAL. I've also submitted a patch for rtl/solaris/unxsockh.inc that includes the missing getsockopt and setsockopt parameters. (http://bugs.freepascal.org/view.php?id=19665) Tested on Solaris 10 x86. Ludo Regarding the missing IP_TOS in fpc sockets for Solaris, I'll try to find out if they are supported. If yes, I'll raise a bug to the fpc people. All but one of the missing consts in sockets are defined for solaris but have different values. I'm preparing a patch for fpc. The missing one is perhaps important: MSG_NOSIGNAL. Solaris doesn't support this functionality. I noticed the Libc.SIG_IGN signal handler for SIGPIPE is installed in sslinux. I guess that handles that problem, doesn't it? If so, I'll suggest to fpc the define MSG_NOSIGNAL = 0. Ludo -- All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2d-c2 ___ synalist-public mailing list synalist-public@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/synalist-public solaris_ssfpc.diff Description: Binary data -- All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2d-c2___ synalist-public mailing list synalist-public@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/synalist-public
[Synalist] RE : RE : RE : synapse on sparc-solaris
Bad file number thanks peter Could you try something more basic? Something like Program test. uses Classes, sysutils, blcksock; var sock:tblocksocket; begin sock:=tblocksocket.create; sock.RaiseExcept:=true; sock.Family := SF_IP4; sock.CreateSocket; sock.Bind('0.0.0.0','0'); sock.Connect('77.220.96.52','80'); writeln('Connected!'); sock.CloseSocket; sock.Free; End; -- All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2d-c2 ___ synalist-public mailing list synalist-public@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/synalist-public
[Synalist] RE : RE : RE : synapse on sparc-solaris
Just figured out that Solaris uses different values for SOCK_STREAM and SOCK_DGRAM. In ssfpc.inc change SOCK_STREAM=2; SOCK_DGRAM=1; I tested this on solaris 10 x86 and I get output from your test program. Can you please test this on SPARC? BTW I got a 120 protocol not supported error. Ludo -Message d'origine- De : Ungarn [mailto:ung...@its-pro.net] Envoyé : jeudi 30 juin 2011 13:07 À : Ararat Synapse Objet : Re: [Synalist] RE : RE : synapse on sparc-solaris Bad file number thanks peter What is the error message? Writeln(http.Sock.LastErrorDesc); Ludo -Message d'origine- De : Ungarn [mailto:ung...@its-pro.net] Envoyé : jeudi 30 juin 2011 11:28 À : Ararat Synapse Objet : Re: [Synalist] RE : synapse on sparc-solaris thanks ludo, i have copied all values to unxsockh.inc and now i can compile it for solaris but on windows and linux i get an response, on solaris - nothing i tried with tcpdump and nothing happens on the net thanks peter my simple prog: program test; uses Classes, sysutils, snmpsend, httpsend; var http : THTTPSend; lines : TStringList; begin WriteLn( 'Test sparc' ); lines := TStringList.Create; http := THTTPSend.Create; http.HTTPMethod( 'GET', 'http://www.gauns.org' ); WriteLn( HTTP.Headers.Text ); lines.LoadFromStream( HTTP.Document ); WriteLn( '***' ); WriteLn( lines.Text ); end. I haven't used it on Solaris but a quick look at ssfpc.inc shows that solaris/unxsockh.inc is missing the definitions for the setsockopt and getsockopt options. Solaris supports setsockopt and getsockopt but AFAIK not all of the options listed in linux/unxsockh.inc. What you could do is to copy the missing definitions from linux/unxsockh.inc (line 172 and further) into solaris/unxsockh.inc. Ssfpc.inc is only mapping the constants to the corresponding constants in sockets.pp and, at first sight, the setsockopt and getsockopt options mapped are not used with snmpsend. So if they are not implemented in Solaris, it won't hurt defining them when they are not used. Ludo -Message d'origine- De : Ungarn [mailto:ung...@its-pro.net] Envoyé : jeudi 30 juin 2011 01:30 À : Ararat Synapse Objet : [Synalist] synapse on sparc-solaris Hi everybody, did someone used synapse snmpsend on sparc-solaris i get with every version (2.1.1, 2.4.2) following errors ssfpc.inc(157,32) Error: Identifier not found IP_TOS ssfpc.inc(158,32) Error: Identifier not found IP_TTL ssfpc.inc(159,32) Error: Identifier not found IP_HDRINCL ssfpc.inc(160,32) Error: Identifier not found IP_OPTIONS ssfpc.inc(162,32) Error: Identifier not found IP_RECVOPTS ssfpc.inc(163,32) Error: Identifier not found IP_RETOPTS ssfpc.inc(171,32) Error: Identifier not found IP_MULTICAST_IF ssfpc.inc(172,32) Error: Identifier not found IP_MULTICAST_TTL ssfpc.inc(173,32) Error: Identifier not found IP_MULTICAST_LOOP ssfpc.inc(174,32) Error: Identifier not found IP_ADD_MEMBERSHIP ssfpc.inc(175,32) Error: Identifier not found IP_DROP_MEMBERSHIP ssfpc.inc(211,35) Error: Identifier not found IPV6_UNICAST_HOPS ssfpc.inc(212,35) Error: Identifier not found IPV6_MULTICAST_IF ssfpc.inc(213,35) Error: Identifier not found IPV6_MULTICAST_HOPS ssfpc.inc(214,35) Error: Identifier not found IPV6_MULTICAST_LOOP ssfpc.inc(215,35) Error: Identifier not found IPV6_JOIN_GROUP ssfpc.inc(216,35) Error: Identifier not found IPV6_LEAVE_GROUP i can compile it on solaris box or crosscompile on linux, same result ! on linux and crosscompile windows, there are no problems i can give acces to my solaris-sparc box, if someone will try thanks in advance peter -- All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2d-c2 ___ synalist-public mailing list synalist-public@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/synalist-public - - All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this
[Synalist] RE : RE : RE : RE : How to decode MIBName OIDto readablevalues?
Joshua, The RDBMS-MIB you refer to has some problems. In the mibs.zip from www.elifulkerson.com you'll find rfcmibs.diff listing patches needed for different mibs. When you look for RDBMS-MIB.txt you'll find corrections for errors that are present in this mib. The following mib works for me: http://www.simpleweb.org/ietf/mibs/modules/IETF/txt/RDBMS-MIB snmptranslate.exe -Td -M. -mALL .1.3.6.1.2.1.39.2.2 returns RDBMS-MIB::rdbmsOutOfSpace rdbmsOutOfSpace NOTIFICATION-TYPE -- FROM RDBMS-MIB OBJECTS { rdbmsSrvInfoDiskOutOfSpaces } DESCRIPTION An rdbmsOutOfSpace trap signifies that one of the database servers managed by this agent has been unable to allocate space for one of the databases managed by this agent. Care should be taken to avoid flooding the network with these traps. ::= { iso(1) org(3) dod(6) internet(1) mgmt(2) mib-2(1) rdbmsMIB(39) rdbmsTraps(2) 2 } You'll have to adapt -M. to point to your mib directory. Ludo -- All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2d-c2 ___ synalist-public mailing list synalist-public@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/synalist-public
[Synalist] RE : How to decode MIBName OID to readable values?
Snmptranslate is a tool available on linux and ported to windows. Ludo -Message d'origine- De : Joshua Lim [mailto:joshua__...@hotmail.com] Envoyé : lundi 27 juin 2011 07:54 À : Ararat Synapse Objet : Re: [Synalist] How to decode MIBName OID to readable values? Hi, Here's an example Trap created using Windows Event to Trap translator which sends the trap for events generated by the Service Control Manager. Destination: 192.168.0.10 Source: 192.168.0.10 Enterprise: 1.3.6.1.4.1.311.1.13.1.23.83.101.114.118.105.99.101.32.67.111. 110.116.114.111.108.32.77.97.110.97.103.101.114 Community: public Generic: 6 Specific: 1073748860 Seconds: 34835394 Destination MIBName[0]: 1.3.6.1.4.1.311.1.13.1..1.0 Destination MIBValue[0]: The Dispatcher service entered the running state. How do I interpret 1.3.6.1.4.1.311.1.13.1.23.83.101.114.118.105.99.101.32.67.111. 110.116.114.111.108.32.77.97.110.97.103.101.114 and 1.3.6.1.4.1.311.1.13.1..1.0 into something readable? Thanks. Rgds, Joshua Joshua Lim wrote: Hi, I've successfully received traps using the sample code in http://synapse.ararat.cz/files/contrib/Trap.zip This works fine, at least for SNMP v1 (I'll next need to figure out other versions). In the meantime, I'll like to know how I can decode OID values assigned to MIBName to readable values? e.g. Destination MIBName[0]: 1.3.6.1.2.1.1.1.0 Apologies if this question sounds silly, but I'm an SNMP newbie. Appreciate any tip. :-) Rgds, Joshua -- All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2d-c2 ___ synalist-public mailing list synalist-public@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/synalist-public -- All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2d-c2 ___ synalist-public mailing list synalist-public@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/synalist-public -- All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2d-c2 ___ synalist-public mailing list synalist-public@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/synalist-public
[Synalist] RE : RE : How to decode MIBName OID to readable values?
In this case you're trapping evntwin traps. 1.3.6.1.4.1.311.1.13.1 is the microsoft enterprise base OID. More info on OID's created by windows here: http://support.microsoft.com/kb/318464 23.83.101.114.118.105.99.101.32.67.111.110.116.114.111.108.32.77.97.110.97.1 03.101.114 translates to 23 characters Service Control Manager. 1.3.6.1.4.1.311.1.13.1..1.0 is the summary attribute. Read the value to get the summary message. Ludo -Message d'origine- De : Ludo Brands [mailto:ludo.bra...@free.fr] Envoyé : lundi 27 juin 2011 08:26 À : 'Ararat Synapse' Objet : [Synalist] RE : How to decode MIBName OID to readable values? Snmptranslate is a tool available on linux and ported to windows. Ludo -Message d'origine- De : Joshua Lim [mailto:joshua__...@hotmail.com] Envoyé : lundi 27 juin 2011 07:54 À : Ararat Synapse Objet : Re: [Synalist] How to decode MIBName OID to readable values? Hi, Here's an example Trap created using Windows Event to Trap translator which sends the trap for events generated by the Service Control Manager. Destination: 192.168.0.10 Source: 192.168.0.10 Enterprise: 1.3.6.1.4.1.311.1.13.1.23.83.101.114.118.105.99.101.32.67.111. 110.116.114.111.108.32.77.97.110.97.103.101.114 Community: public Generic: 6 Specific: 1073748860 Seconds: 34835394 Destination MIBName[0]: 1.3.6.1.4.1.311.1.13.1..1.0 Destination MIBValue[0]: The Dispatcher service entered the running state. How do I interpret 1.3.6.1.4.1.311.1.13.1.23.83.101.114.118.105.99.101.32.67.111. 110.116.114.111.108.32.77.97.110.97.103.101.114 and 1.3.6.1.4.1.311.1.13.1..1.0 into something readable? Thanks. Rgds, Joshua Joshua Lim wrote: Hi, I've successfully received traps using the sample code in http://synapse.ararat.cz/files/contrib/Trap.zip This works fine, at least for SNMP v1 (I'll next need to figure out other versions). In the meantime, I'll like to know how I can decode OID values assigned to MIBName to readable values? e.g. Destination MIBName[0]: 1.3.6.1.2.1.1.1.0 Apologies if this question sounds silly, but I'm an SNMP newbie. Appreciate any tip. :-) Rgds, Joshua -- All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2d-c2 ___ synalist-public mailing list synalist-public@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/synalist-public -- All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2d-c2 ___ synalist-public mailing list synalist-public@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/synalist-public -- All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2d-c2 ___ synalist-public mailing list synalist-public@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/synalist-public -- All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2d-c2 ___ synalist-public mailing list synalist-public@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/synalist-public
[Synalist] RE : RE : RE : How to decode MIBName OID to readablevalues?
1.3.6.1.4.1.311. is the Microsoft public mib (.iso.org.dod.internet.private.enterprises.microsoft.) Anything below that is considered private MIB and manufacturers can do basically what they want with it. Translating automatically is going to be done on a per manufacturer, and sometimes per endpoint, base. Some manufacturers behave and their private MIB will help quite a long way in translating automatically. Ludo -Message d'origine- De : Joshua Lim [mailto:joshua__...@hotmail.com] Envoyé : lundi 27 juin 2011 17:01 À : Ararat Synapse Objet : Re: [Synalist] RE : RE : How to decode MIBName OID to readablevalues? Hi Ludo, Thanks. I was able to download snmptranslate.exe from http://www.elifulkerson.com/articles/net-snmp-windows-binary-u nofficial.php The mib txt files must be downloaded separately - i managed to get it from the net snmp nightly tarball - http://www.net-snmp.org/nightly/tarballs - and also had to copied them to C:\usr\share\snmp\mibs in order for snmptranslate.exe to work. Ludo Brands wrote: In this case you're trapping evntwin traps. 1.3.6.1.4.1.311.1.13.1 is the microsoft enterprise base OID. More info on OID's created by windows here: http://support.microsoft.com/kb/318464 Is it possible to get this translated automatically? I mean, for testing, I'm using evntwin traps, it maybe other system in real practice. I would have thought that MIB files would do that translation? By the way, SnmpMgrGetTrapEx (Window's own SNMP Management API) translates 1.3.6.1.4.1.311.1.13.1..1.0 to .iso.org.dod.internet.private.enterprises.microsoft.software.1 3.1..1.0. 23.83.101.114.118.105.99.101.32.67.111.110.116.114.111.108.32.77.97.11 0.97.1 03.101.114 translates to 23 characters Service Control Manager. I noticed that even SnmpMgrGetTrapEx doesn't translate Service Control Manager. 1.3.6.1.4.1.311.1.13.1..1.0 is the summary attribute. Read the value to get the summary message. Ludo -Message d'origine- De : Ludo Brands [mailto:ludo.bra...@free.fr] Envoyé : lundi 27 juin 2011 08:26 À : 'Ararat Synapse' Objet : [Synalist] RE : How to decode MIBName OID to readable values? Snmptranslate is a tool available on linux and ported to windows. Ludo -Message d'origine- De : Joshua Lim [mailto:joshua__...@hotmail.com] Envoyé : lundi 27 juin 2011 07:54 À : Ararat Synapse Objet : Re: [Synalist] How to decode MIBName OID to readable values? Hi, Here's an example Trap created using Windows Event to Trap translator which sends the trap for events generated by the Service Control Manager. Destination: 192.168.0.10 Source: 192.168.0.10 Enterprise: 1.3.6.1.4.1.311.1.13.1.23.83.101.114.118.105.99.101.32.67.111. 110.116.114.111.108.32.77.97.110.97.103.101.114 Community: public Generic: 6 Specific: 1073748860 Seconds: 34835394 Destination MIBName[0]: 1.3.6.1.4.1.311.1.13.1..1.0 Destination MIBValue[0]: The Dispatcher service entered the running state. How do I interpret 1.3.6.1.4.1.311.1.13.1.23.83.101.114.118.105.99.101.32.67.111. 110.116.114.111.108.32.77.97.110.97.103.101.114 and 1.3.6.1.4.1.311.1.13.1..1.0 into something readable? Thanks. Rgds, Joshua Joshua Lim wrote: Hi, I've successfully received traps using the sample code in http://synapse.ararat.cz/files/contrib/Trap.zip This works fine, at least for SNMP v1 (I'll next need to figure out other versions). In the meantime, I'll like to know how I can decode OID values assigned to MIBName to readable values? e.g. Destination MIBName[0]: 1.3.6.1.2.1.1.1.0 Apologies if this question sounds silly, but I'm an SNMP newbie. Appreciate any tip. :-) Rgds, Joshua - - All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2d-c2 ___ synalist-public mailing list synalist-public@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/synalist-public -- All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu
[Synalist] RE : RE : RE : RE : Reading the HTTP headers of a page
I checked that implementation and it is quite different. Anyways, I've adapted my zuncompr and zcompres routines to be compatible with fpc paszlib. Attached are the units. New routines in zCompresfp: - compressGZ: idem as compress but with GZ parameters. No header or trailer. - zcompress: compresses string to string using zlib compression - gzcompress: compresses string to string using gz compression. Header, no trailer. New routines in zuncomprfp: - DecompressBuf: Decompresses the source buffer into the destination buffer, accepts gz or zlib. - Decompress: decompresses string to string, accepts gz or zlib. All routines are in memory. Note that a file created with the output of gzcompress is not a valid gz file. This is probably because of the missing trailer (crc32 and input size). I've used these functions to communicate with an ASP.NET server application and ASP.NET doesn't need the trailer. The routines in zuncomprfp don't need or use the trailer neither. I don't know if browsers require the trailer. Ludo -Message d'origine- De : Marco van de Voort [mailto:f...@pascalprogramming.org] Envoyé : jeudi 23 juin 2011 13:22 À : Ararat Synapse Objet : Re: [Synalist] RE : RE : RE : Reading the HTTP headers of a page ( Probably based on this old Delphification of the TP/D1 lib: http://sageshome.net/oss/paszlib-sg.php ? ) unit zuncomprfp; { uncompr.c -- decompress a memory buffer Copyright (C) 1995-1998 Jean-loup Gailly. Pascal tranlastion Copyright (C) 1998 by Jacques Nomssi Nzali For conditions of distribution and use, see copyright notice in readme.txt } interface uses zbase, zinflate; { === Decompresses the source buffer into the destination buffer. sourceLen is the byte length of the source buffer. Upon entry, destLen is the total size of the destination buffer, which must be large enough to hold the entire uncompressed data. (The size of the uncompressed data must have been saved previously by the compressor and transmitted to the decompressor by some mechanism outside the scope of this compression library.) Upon exit, destLen is the actual size of the compressed buffer. This function can be used to decompress a whole file at once if the input file is mmap'ed. uncompress returns Z_OK if success, Z_MEM_ERROR if there was not enough memory, Z_BUF_ERROR if there was not enough room in the output buffer, or Z_DATA_ERROR if the input data was corrupted. } function uncompress (dest : Pbyte; var destLen : cardinal; const source : array of byte; sourceLen : cardinal) : integer; function DecompressBuf(const InBuf: Pointer; InBytes: Integer; OutEstimate: Integer; out OutBuf: Pointer; out OutBytes: Integer):integer; function decompress(const s:string):string; implementation const Z_EOF = -1; { same value as in STDIO.H } { gzip flag byte } ASCII_FLAG = $01; { bit 0 set: file probably ascii text } HEAD_CRC= $02; { bit 1 set: header CRC present } EXTRA_FIELD = $04; { bit 2 set: extra field present } ORIG_NAME = $08; { bit 3 set: original file name present } COMMENT = $10; { bit 4 set: file comment present } RESERVED= $E0; { bits 5..7: reserved } function DecompressBuf(const InBuf: Pointer; InBytes: Integer; OutEstimate: Integer; out OutBuf: Pointer; out OutBytes: Integer):integer; var strm: z_stream; P: Pointer; BufInc: Integer; err,flags,c : integer; len,ptr: word; function DCheckLoop(code: Integer): boolean; begin err:=code; result:= (code =0) and (codeZ_STREAM_END); end; begin FillChar(strm, sizeof(strm), 0); BufInc := (InBytes + 255) and not 255; if OutEstimate = 0 then OutBytes := BufInc else OutBytes := OutEstimate; GetMem(OutBuf, OutBytes); try strm.next_in := InBuf; strm.avail_in := InBytes; strm.next_out := OutBuf; strm.avail_out := OutBytes; if (pchar(Inbuf)[0]=#$1F) and (pchar(Inbuf)[1]=#$8B) then begin flags:=byte(pchar(Inbuf)[3]); if (byte(pchar(Inbuf)[2]) Z_DEFLATED) or ((flags and RESERVED) 0) then err := Z_DATA_ERROR else begin ptr:=10; { Discard time, xflags and OS code } if ((flags and EXTRA_FIELD) 0) then begin { skip the extra field } len := word(byte(pchar(Inbuf)[ptr])) + (word(byte(pchar(Inbuf)[ptr+1])) shr 8); { len is garbage if EOF but the loop below will quit anyway } ptr:=ptr+2; while (len 0) do begin Dec(len); ptr:=ptr+1; if byte(pchar(Inbuf)[ptr-1]) = Z_EOF then break; end; end; if ((flags and ORIG_NAME) 0) then begin { skip the original file name } repeat c := byte(pchar(Inbuf)[ptr]); ptr:=ptr+1; until (c = 0) or (c = Z_EOF); end;
[Synalist] RE : A Proxy question
This article http://blog.freyguy.com/archives/2006/03/01/proxy-auto-detect-ie-and-firefox / explains how it works. The browser gets the proxy from a dns or dhcp server configured for WPAD. On windows you have the function WinHttpGetProxyForUrl (winhttp.dll) that is supposed to get the proxy info. I've never used it. Ludo -Message d'origine- De : cem zafer demirsoy [mailto:cemza...@gmail.com] Envoyé : mardi 21 juin 2011 20:51 À : synalist-public@lists.sourceforge.net Objet : [Synalist] A Proxy question Hi all, I am looking to get the proxy information automatically like the browsers. How can I do this if I dont know the proxy server address? Thanks. -- Simplify data backup and recovery for your virtual environment with vRanger. Installation's a snap, and flexible recovery options mean your data is safe, secure and there when you need it. Data protection magic? Nope - It's vRanger. Get your free trial download today. http://p.sf.net/sfu/quest-sfdev2dev ___ synalist-public mailing list synalist-public@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/synalist-public
[Synalist] RE : RE : RE : How can I get the real IP the socketbinded?
Yep. UDP is a connectionless protocol and getsockname returns 0.0.0.0. For windows more info here: http://support.microsoft.com/kb/129065 Ludo -Message d'origine- De : Beyond Share Support [mailto:supp...@beyondshare.com] Envoyé : mardi 21 juin 2011 04:42 À : Ararat Synapse Objet : Re: [Synalist] RE : RE : How can I get the real IP the socketbinded? Ludo, I tried but still can't get the address. Maybe that's because I'm using UDP multi-cast? Lewis Ludo Brands wrote: Once the connection is established, the ip isn't changed anymore. You can get the local address under windows with getsockname() once the connection is established. I see that this function is called in TBlockSocket.Connect (through getsins). Calling GetLocalSinIP after the connect should give you the local IP address. Ludo -Message d'origine- De : Beyond Share Support [mailto:supp...@beyondshare.com] Envoyé : lundi 20 juin 2011 19:19 À : Ararat Synapse Objet : Re: [Synalist] RE : How can I get the real IP the socket binded? Ludo, Once the socket is created (or after sent some data maybe?), the binded IP will not changed, right? I want to find out what's the IP. In the remote side, I can use GetRemoteSinIP to find out the IP. But I don't know how to get it in local side. I tried GetLocalSinIP but it returns 0.0.0.0. Lewis Ludo Brands wrote: On windows, if the routing metric of the interfaces is the same then AFAIK any interface could be used to send out the data. Ludo -Message d'origine- De : Beyond Share Support [mailto:supp...@beyondshare.com] Envoyé : lundi 20 juin 2011 18:07 À : Ararat Synapse Objet : [Synalist] How can I get the real IP the socket binded? I'm using following code while creating a socket to send out data: sndsock.Bind('0.0.0.0', '0'); My system has multiple address, how can I know which IP the sndsock actually binded? I mean the ip the remote side will get by using GetRemoteSinIP. Thanks! Lewis -- EditLive Enterprise is the world's most technically advanced content authoring tool. Experience the power of Track Changes, Inline Image Editing and ensure content is compliant with Accessibility Checking. http://p.sf.net/sfu/ephox-dev2dev ___ synalist-public mailing list synalist-public@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/synalist-public - - EditLive Enterprise is the world's most technically advanced content authoring tool. Experience the power of Track Changes, Inline Image Editing and ensure content is compliant with Accessibility Checking. http://p.sf.net/sfu/ephox-dev2dev ___ synalist-public mailing list synalist-public@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/synalist-public -- EditLive Enterprise is the world's most technically advanced content authoring tool. Experience the power of Track Changes, Inline Image Editing and ensure content is compliant with Accessibility Checking. http://p.sf.net/sfu/ephox-dev2dev ___ synalist-public mailing list synalist-public@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/synalist-public -- EditLive Enterprise is the world's most technically advanced content authoring tool. Experience the power of Track Changes, Inline Image Editing and ensure content is compliant with Accessibility Checking. http://p.sf.net/sfu/ephox-dev2dev ___ synalist-public mailing list synalist-public@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/synalist-public -- EditLive Enterprise is the world's most technically advanced content authoring tool. Experience the power of Track Changes, Inline Image Editing and ensure content is compliant with Accessibility Checking. http://p.sf.net/sfu/ephox-dev2dev ___ synalist-public mailing list synalist-public@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/synalist-public -- EditLive Enterprise is the world's most technically advanced content authoring tool. Experience
[Synalist] RE : RE : How can I get the real IP the socket binded?
Once the connection is established, the ip isn't changed anymore. You can get the local address under windows with getsockname() once the connection is established. I see that this function is called in TBlockSocket.Connect (through getsins). Calling GetLocalSinIP after the connect should give you the local IP address. Ludo -Message d'origine- De : Beyond Share Support [mailto:supp...@beyondshare.com] Envoyé : lundi 20 juin 2011 19:19 À : Ararat Synapse Objet : Re: [Synalist] RE : How can I get the real IP the socket binded? Ludo, Once the socket is created (or after sent some data maybe?), the binded IP will not changed, right? I want to find out what's the IP. In the remote side, I can use GetRemoteSinIP to find out the IP. But I don't know how to get it in local side. I tried GetLocalSinIP but it returns 0.0.0.0. Lewis Ludo Brands wrote: On windows, if the routing metric of the interfaces is the same then AFAIK any interface could be used to send out the data. Ludo -Message d'origine- De : Beyond Share Support [mailto:supp...@beyondshare.com] Envoyé : lundi 20 juin 2011 18:07 À : Ararat Synapse Objet : [Synalist] How can I get the real IP the socket binded? I'm using following code while creating a socket to send out data: sndsock.Bind('0.0.0.0', '0'); My system has multiple address, how can I know which IP the sndsock actually binded? I mean the ip the remote side will get by using GetRemoteSinIP. Thanks! Lewis -- EditLive Enterprise is the world's most technically advanced content authoring tool. Experience the power of Track Changes, Inline Image Editing and ensure content is compliant with Accessibility Checking. http://p.sf.net/sfu/ephox-dev2dev ___ synalist-public mailing list synalist-public@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/synalist-public -- EditLive Enterprise is the world's most technically advanced content authoring tool. Experience the power of Track Changes, Inline Image Editing and ensure content is compliant with Accessibility Checking. http://p.sf.net/sfu/ephox-dev2dev ___ synalist-public mailing list synalist-public@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/synalist-public -- EditLive Enterprise is the world's most technically advanced content authoring tool. Experience the power of Track Changes, Inline Image Editing and ensure content is compliant with Accessibility Checking. http://p.sf.net/sfu/ephox-dev2dev ___ synalist-public mailing list synalist-public@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/synalist-public -- EditLive Enterprise is the world's most technically advanced content authoring tool. Experience the power of Track Changes, Inline Image Editing and ensure content is compliant with Accessibility Checking. http://p.sf.net/sfu/ephox-dev2dev ___ synalist-public mailing list synalist-public@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/synalist-public
[Synalist] RE : RE : RE : tcp keepalive under windows, strange problem.
The keepalive would cause the connection to be always alive when you close the socket. That means that the shut-down handshake has always to be done when calling closesocket or shutdown. This is different from an application without keepalive where the server could have already performed the shutdown well before the client closes the socket. In that case closing the socket is not in the background but immediate. Regarding the virus, take a look at this: http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=5069989 . The short version: if an application spawns another process, the process inherits also the socket handle. The socket isn't closed until both processes quit or release the socket. I've seen somewhere a demo of the problem where an app launches notepad, closes a socket and quits. The socket remains open as long as notepad runs!! Running an app from in an IDE or debugging environment could also lead to this type of problem. I don't know (since I'm closing down I don't check the error) There is something going wrong with closing the socket. Looking at the error could give an indication... The closing handshake is only part of the closesocket process. Ludo -Message d'origine- De : Luca Olivetti [mailto:l...@ventoso.org] Envoyé : mercredi 25 mai 2011 22:34 À : Ararat Synapse Objet : Re: [Synalist] RE : RE : tcp keepalive under windows,strange problem. Al 25/05/11 21:42, En/na Ludo Brands ha escrit: SO_LINGER has some side effects in closing a socket. From http://msdn.microsoft.com/en-us/library/ms737582%28v=vs.85%29.aspx: If the l_onoff member of the LINGER structure is zero (the default for a socket), closesocket returns immediately and the connection is gracefully closed in the background. Gracefully means sending remaining data and shutdown handshake. If there's any remaining data, it should send that, not keepalive packets, shouldn't it? I saw the retries in the shutdown handshake when I pulled the cable, even after I closed the application, and I find that normal. The in the background could mean that this could take a while and not finished when the app is already closed. It was a very long while and, again, I think it should send either the remaining data (there was none, BTW) or try to tear down the connection, not sending keepalive packets. Could also explain the fact that the problem is not always repeatable. The additional CloseSocket doesn't return an error? I don't know (since I'm closing down I don't check the error), but I see two FIN on the wire (both acknowledged by the peer). BTW, I later discovered that the computer was infected with conficker, I don't know if that's relevant or not. Bye -- Luca -- vRanger cuts backup time in half-while increasing security. With the market-leading solution for virtual backup and recovery, you get blazing-fast, flexible, and affordable data protection. Download your free trial now. http://p.sf.net/sfu/quest-d2dcopy1 ___ synalist-public mailing list synalist-public@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/synalist-public -- vRanger cuts backup time in half-while increasing security. With the market-leading solution for virtual backup and recovery, you get blazing-fast, flexible, and affordable data protection. Download your free trial now. http://p.sf.net/sfu/quest-d2dcopy1 ___ synalist-public mailing list synalist-public@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/synalist-public
[Synalist] RE : RE : THTTPSend - posting and receiving big files
If I understand this correctly, you are not sending or receiving files in chunks. On the HTTP protocol level I mean. You are solely interested in passing a TFileStream instead of a TMemoryStream. So if the server you are connecting to limits the file upload to fe. 10 MB, then that's it: 10 MB is your limit. If you are using a slow line and the file you receive is sent by a PHP script that has a timeout of say 30 secs, then you are stuck with a low receive limit. My understanding of your original question of chuncked transfer was that you were trying to address these issues. Ludo -Message d'origine- De : Krzysztof [mailto:dib...@wp.pl] Envoyé : mercredi 11 mai 2011 21:37 À : synalist-public@lists.sourceforge.net Objet : [Synalist] RE : THTTPSend - posting and receiving big files Ok, I wrote my own descendant: TMyHTTPSend = class(THTTPSend) private function MyReadUnknown(AFile: TFileStream): Boolean; function MyReadIdentity(AFile: TFileStream; Size: Integer): Boolean; function MyReadChunked(AFile: TFileStream): Boolean; public function UploadFile(const Method, URL, AFileName: string): Boolean; function DownloadFile(const Method, URL, ADestFileName: string): Boolean; end; Which use code from HTTPMethod but instead of FSock.SendBuffer(Document.Memory) it uses FSock.SendStream(f) and FSock.ReadStream(f) where f is TFileStream and it works like a charm :D . Great that all methods and local variables are in protected section. Now I can upload and download very big files without loading them to memory and with all THTTPSend functionality (OnHeartBeat, OnStatus etc) Regards -- Achieve unprecedented app performance and reliability What every C/C++ and Fortran developer should know. Learn how Intel has extended the reach of its next-generation tools to help boost performance applications - inlcuding clusters. http://p.sf.net/sfu/intel-dev2devmay___ synalist-public mailing list synalist-public@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/synalist-public
[Synalist] RE : Wrong HTTPMethod('DELETE') result on SSL
What is the error code? Sock.LastError and Sock.SSL.LastErrorDesc Are you implying that HTTP DELETE works but HTTPS doesn't? Check that your server supports DELETE. IIRC Apache doesn't support DELETE without mod_dav or other plugin. Make sure the plugin is enabled in the config for the https server and write access is correct to the filesystem. SSL doesn't intervene at the http level. Once the connection is established, GET, PUT or DELETE is of no relevence to SSL. It just encrypts the data. -Message d'origine- De : Krzysztof [mailto:dib...@wp.pl] Envoyé : lundi 9 mai 2011 15:34 À : synalist-public@lists.sourceforge.net Objet : [Synalist] Wrong HTTPMethod('DELETE') result on SSL Hi, I notify that THTTPSend.HTTPMethod() return always FALSE if method is DELETE and connection is SSL (ssl_openssl plugin). But after that, everything is ok (correct result code, headers, body etc). I am using synapse on Free Pascal (linux ubuntu 64 bit) Regards -- WhatsUp Gold - Download Free Network Management Software The most intuitive, comprehensive, and cost-effective network management toolset available today. Delivers lowest initial acquisition cost and overall TCO of any competing solution. http://p.sf.net/sfu/whatsupgold-sd___ synalist-public mailing list synalist-public@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/synalist-public
[Synalist] RE : RE : RE : Reading the HTTP headers of a page
I had a quick look at TDecompressionstream and Tcompressionstream. Header processing is indeed missing both for decompression and compression. The parametername SkipHeader suggest more than it really does... As mentioned earlier, the library I'm using is a variant of the Nomssi paszlib that I slightly modified to support in-memory GZ compression. The difference with fpc Nomssi paszlib is quite big. FE: the type z_stream is different, types are named different (Tbytearray -zByteArray), etc. I googled for the function DecompressBuf in zUnCompr to find the original source of the library but no success. There are some results for procedure DecompressBuf but that is in the Delphi zlib implementation and has nothing to do with this function. I have no problem sharing this library knowing that: 1) I haven't written DecompressBuf myself and don't have a clue who has. Readme and Copyright headers in the sources are identical to fpc/Nomssi paszlib. 2) There are no class wrappers. Everything is pure procedurial and in memory (GetMem, ReallocMem). 3) For the compression I took a shortcut for the header in that it is a fixed #$1F#$8B#8#0#0#0#0#0#0#0; (Z_DEFLATED, no time, xflags and OS code, no file name, no .gz file comment and no header crc). This matches the decompression that skips/ignores these flags/fields. 4) No Doc. If you're interested I'll comment the new functions a little bit more. 5) The library works fine on windows and linux, both 32 and 64 bit. However the library contains functions such as zcalloc, zmemcmp (zutil.pas) that use a lot of ifdef's with defines such as CALLDOS, Delphi16, HugeMem, DPMI,... I don't have a clue if they are still functional. Ludo -Message d'origine- De : Michael Van Canneyt [mailto:mich...@freepascal.org] Envoyé : mercredi 13 avril 2011 20:58 À : Ararat Synapse Objet : Re: [Synalist] RE : RE : Reading the HTTP headers of a page On Wed, 13 Apr 2011, Ludo Brands wrote: Downside of TGZFileStream is that it only works with a file. If you only need to decompress an odd page than that is fine. If you have a lot of packets with variable sizes to compress/decompress then using intermediate files slows things down quite a lot. In my case the application runs as a library which also adds file system access complications. Hence the modified paszlib library I mentioned earlier which does everything in memory. TDecompressionstream and TCompressionstream have a SkipHeader parameter which should enable you to compress/decompress gzip streams in memory; You just have to take care of the header blocks yourself. The paszlib library distributed with FPC is the nommsi paszlib library. So if you have a unit with a convenience function/class, please consider donating it to FPC. Michael. Ludo -Message d'origine- De : Michael Van Canneyt [mailto:mich...@freepascal.org] Envoyé : mercredi 13 avril 2011 20:02 À : Ararat Synapse Objet : Re: [Synalist] RE : Reading the HTTP headers of a page On Wed, 13 Apr 2011, Felipe Monteiro de Carvalho wrote: Hello, Does anyone know if zlib will successfully uncompress the data received in gzip method from an HTTP server? I think gzip is the same as zlib, but I'm not sure =o gzip adds an additional header, but this can be read with the TGZFileStream class from zstream. Or else which Pascal bindings or Pascal uncompressor should be used? zstream should be able to handle it. Michael. -- -- -- Forrester Wave Report - Recovery time is now measured in hours and minutes not days. Key insights are discussed in the 2010 Forrester Wave Report as part of an in-depth evaluation of disaster recovery service providers. Forrester found the best-in-class provider in terms of services and vision. Read this report now! http://p.sf.net/sfu/ibm-webcastpromo ___ synalist-public mailing list synalist-public@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/synalist-public -- Forrester Wave Report - Recovery time is now measured in hours and minutes not days. Key insights are discussed in the 2010 Forrester Wave Report as part of an in-depth evaluation of disaster recovery service providers. Forrester found the best-in-class provider in terms of services and vision. Read this report now! http://p.sf.net/sfu/ibm-webcastpromo ___ synalist-public mailing list synalist-public@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/synalist-public -- Benefiting from Server Virtualization: Beyond Initial Workload Consolidation -- Increasing the use of server virtualization is a top priority.Virtualization can reduce costs, simplify management
[Synalist] RE : Reading the HTTP headers of a page
Hi, Tried your code using lazarus and synapse, both from svn and it works fine. The output in memoHeaders for http://labb.comunidadumbria.com/foro/ is (only start shown): HTTP/1.1 200 OK Date: Wed, 13 Apr 2011 11:18:26 GMT Server: Apache Set-Cookie: phpbb2mysql_data=a%3A2%3A%7Bs%3A11%3A%22autologinid%22%3Bs%3A0%3A%22%22%3Bs% 3A6%3A%22userid%22%3Bi%3A-1%3B%7D; expires=Thu, 12-Apr-2012 11:18:26 GMT; path=/; domain=labb.comunidadumbria.com Set-Cookie: phpbb2mysql_sid=472cc27a6827b4108e6da7cba5286635; path=/; domain=labb.comunidadumbria.com Cache-Control: private, pre-check=0, post-check=0, max-age=0 Expires: 0 Pragma: no-cache Connection: close Content-Type: text/html !DOCTYPE HTML PUBLIC -//W3C//DTD HTML 4.01 Transitional//EN html dir=ltr head meta http-equiv=Content-Type content=text/html; charset=iso-8859-1 meta http-equiv=Content-Style-Type content=text/css link rel=top href=./index.php?sid=472cc27a6827b4108e6da7cba5286635 title=?ndice de Foro de Liga de los Amigos del BloodBowl / link rel=search href=./search.php?sid=472cc27a6827b4108e6da7cba5286635 title=Buscar / link rel=help href=./faq.php?sid=472cc27a6827b4108e6da7cba5286635 title=F.A.Q. / link rel=author href=./memberlist.php?sid=472cc27a6827b4108e6da7cba5286635 title=Lista de Miembros / titleForo de Liga de los Amigos del BloodBowl :: ?ndice/title !-- link rel=stylesheet href=templates/subSilver/subSilver.css type=text/css -- style type=text/css !-- /* Cheers, Ludo -Message d'origine- De : Felipe Monteiro de Carvalho [mailto:felipemonteiro.carva...@gmail.com] Envoyé : mercredi 13 avril 2011 13:02 À : Ararat Synapse Cc : Lukas Gebauer Objet : Re: [Synalist] Reading the HTTP headers of a page Hello, I suggest the patch attached to improve a little bit the documentation found here: http://synapse.ararat.cz/doc/help/httpsend.THTTPSend.html#HTTPMethod I eventually figured out what to put in the two parameters, but an example would have helped. On a different topic, I am doing this: procedure TForm1.buttonReadHeadersClick(Sender: TObject); var Client: THttpSend; begin Client := THttpSend.Create; Client.UserAgent := editUserAgent.Text; Client.HttpMethod('GET', editURL.Text); Client.Document.Position := 0; memoHeaders.Lines.LoadFromStream(Client.Document); memoHeaders.Text := Client.Headers.Text + LineEnding + memoHeaders.Text; Client.Free; end; And it works fine for http://www.google.com But I cannot get any HTML code from http://labb.comunidadumbria.com/foro/ Although Firefox displays it correctly. I tryed using the same UserAgent as Firefox without success. Any ideas? thanks, -- Felipe Monteiro de Carvalho -- Forrester Wave Report - Recovery time is now measured in hours and minutes not days. Key insights are discussed in the 2010 Forrester Wave Report as part of an in-depth evaluation of disaster recovery service providers. Forrester found the best-in-class provider in terms of services and vision. Read this report now! http://p.sf.net/sfu/ibm-webcastpromo ___ synalist-public mailing list synalist-public@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/synalist-public
[Synalist] RE : Reading the HTTP headers of a page
I did several other tests with UserAgent set to known useragents and to random strings. Data returned by http://labb.comunidadumbria.com/foro/ is always the same. I checked with wireshark to be sure the useragent specified was transmitted and it was. Example HTTP trace: GET /foro/ HTTP/1.0 Host: labb.comunidadumbria.com Keep-Alive: 300 Connection: keep-alive User-Agent: qhqhdfhdf Are you sure you are not behind a proxy? Some proxies can be configured to filter on user agents. Example: http://docs.endian.com/archive/2.1/efw.proxy.http.html (figure 7.10) Ludo -Message d'origine- De : Felipe Monteiro de Carvalho [mailto:felipemonteiro.carva...@gmail.com] Envoyé : mercredi 13 avril 2011 13:38 À : Ararat Synapse Cc : Petr Fejfar Objet : Re: [Synalist] Reading the HTTP headers of a page On Wed, Apr 13, 2011 at 1:13 PM, Petr Fejfar petr.fej...@seznam.cz wrote: If you are looking for headers only, what to use HEAD method instead of GET one? Well, originally I just wanted the headers, but now want everything =) There is something wrong with this particular server, and I am trying to find out what exactly. In my desktop is gives proper content to Firefox with it's default user Agent but not to Firefox with Opera's user agent. So I wanted to see what would happen with a program which uses Opera's user agent, but here even if I remove the line that changes the user agent I get no HTML document =o memoHeaders.Lines.LoadFromStream(Client.Document); memoHeaders.Text := Client.Headers.Text + LineEnding + memoHeaders.Text; The first command is odd: Document represents a message body and the second command overwrites memo content on the top of that I want to show first the headers and then the document, with as few as possible lines of code. This command works fine. -- Felipe Monteiro de Carvalho -- Forrester Wave Report - Recovery time is now measured in hours and minutes not days. Key insights are discussed in the 2010 Forrester Wave Report as part of an in-depth evaluation of disaster recovery service providers. Forrester found the best-in-class provider in terms of services and vision. Read this report now! http://p.sf.net/sfu/ibm-webcastpromo ___ synalist-public mailing list synalist-public@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/synalist-public -- Forrester Wave Report - Recovery time is now measured in hours and minutes not days. Key insights are discussed in the 2010 Forrester Wave Report as part of an in-depth evaluation of disaster recovery service providers. Forrester found the best-in-class provider in terms of services and vision. Read this report now! http://p.sf.net/sfu/ibm-webcastpromo ___ synalist-public mailing list synalist-public@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/synalist-public
[Synalist] RE : RE : RE : [Feature Request] Https/SNI (Server NameIndication)Support PATCH
Lukas, I also tried to get SNI working for cryptlib. The problem is that SNI support in Cryptlib gets the servername from the CRYPT_SESSINFO_SERVER_NAME attribute which initiates the session. Synapse is using CRYPT_SESSINFO_NETWORKSOCKET attribute to initiate the session. I have raised this on the Cryptlib mailing list. The answer was there's no mechanism in cryptlib for doing this because explicitly specifying the server name (for cryptlib to connect to) is mutually exclusive with providing an already-connected socket.. There is no intention to change cryptlib to provide an alternative way of specifying the SNI servername without initiating the session. Death end :( Ludo -Message d'origine- De : Lukas Gebauer [mailto:gebyl...@mlp.cz] Envoyé : mercredi 13 avril 2011 16:16 À : Ararat Synapse Objet : Re: [Synalist] RE : RE : [Feature Request] Https/SNI (Server NameIndication)Support PATCH Thank you very much. Your patch is excellent quality and I accept it as-is! It is on the SVN now. And I have no a problem with hardcoded OpenSSL constants yet. API seems to be backward compatible very well. Thanks again. L. Simon, There was a file missing in the previous patch (httpsend.pas). Sorry, Ludo -Message d'origine- De : Ludo Brands [mailto:ludo.bra...@free.fr] Envoyé : mercredi 2 mars 2011 11:51 `A : 'Ararat Synapse' Objet : [Synalist] RE : [Feature Request] Https/SNI (Server NameIndication)Support PATCH Simon, I understand you are talking about the client side SNI support. Miha's reply is probably about the utility of synapse server side support for SNI. Attached is a patch that supports client side SNI. You need OpenSSL 0.9.8k or later to get this working. The server name sent to the host is the hostname used in the http header and extracted from the url. You can override the server name with a new string property TCustomSSL.SNIHost. Note that this patch includes my previous patches (openssl and cryptlib) sent recently. I haven't tested this with older versions of OpenSSL but looking at the OpenSSL code there is no harm done calling SSL_ctrl using undefined cmd parameters. Support for the SSL_CTRL_SET_TLSEXT_HOSTNAME can also be disabled when compiling openssl which confirms the no harm done. My only worry is the hardcoding of const SSL_CTRL_SET_TLSEXT_HOSTNAME in ssl_openssl_lib. I don't know how stable the openssl api has been so far. Lukas, can you shed your light on this? I see there are more hardcoded constants in ssl_openssl_lib. Ludo -Message d'origine- De : Simon L [mailto:sim...@gmail.com] Envoyé : mercredi 23 février 2011 17:03 `A : synalist-public@lists.sourceforge.net Objet : [Synalist] [Feature Request] Https/SNI (Server Name Indication)Support Hello Lukas, Apache now supports multiple SSL sites on a single IP address: http://wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI To take advantage of this feature, client software needs to implement Server Name Indication (documented in RFC 4366) Most Web browsers now support SNI. It would be great if you add this feature to Synapse HTTPSend. Thank you. Simon -- -- -- Free Software Download: Index, Search Analyze Logs and other IT data in Real-Time with Splunk. Collect, index and harness all the fast moving IT data generated by your applications, servers and devices whether physical, virtual or in the cloud. Deliver compliance at lower cost and gain new business insights. http://p.sf.net/sfu/splunk-dev2dev ___ synalist-public mailing list synalist-public@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/synalist-public -- Lukas Gebauer. http://synapse.ararat.cz/ - Ararat Synapse - TCP/IP Lib. http://geoget.ararat.cz/ - Geocaching solution -- Forrester Wave Report - Recovery time is now measured in hours and minutes not days. Key insights are discussed in the 2010 Forrester Wave Report as part of an in-depth evaluation of disaster recovery service providers. Forrester found the best-in-class provider in terms of services and vision. Read this report now! http://p.sf.net/sfu/ibm-webcastpromo ___ synalist-public mailing list synalist-public@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/synalist-public -- Forrester Wave Report - Recovery time is now measured in hours and minutes not days. Key insights are discussed in the 2010 Forrester Wave Report as part of an in-depth evaluation of disaster recovery service providers. Forrester found the best-in-class provider in terms of services and vision. Read this report now! http://p.sf.net/sfu/ibm
[Synalist] RE : RE : Reading the HTTP headers of a page
Gzip and zlib are the same except for the GZ magic header #$1F#$8B... I've experimented with different pascal zlib implementations and am finally using a modified one to get both gzip and zlib compression working in full pascal (no external zlib). It is based on (from READM.TXT): _ PASZLIB 1.0 May 11th, 1998 Based on the zlib 1.1.2, a general purpose data compression library. Copyright (C) 1998 by NOMSSI NZALI Jacques H. C. [knn DES] See Legal issues for conditions of distribution and use. _ The modifications were needed for the GZIP compression but decompression works out of the box using the function DecompressBuf(const InBuf: Pointer; InBytes: Integer; OutEstimate: Integer; out OutBuf: Pointer; out OutBytes: Integer):int; in unit zUnCompr. This function accepts both standard zlib compressed and gzip compressed data. Note that this is NOT the paszlib library as distributed with fpc. It does not contain this function. I got the library a long time ago from http://www.tu-chemnitz.de/~nomssi/paszlib.html. However the site points now to a new one which doesn't work. If you want I can send you directly the modified library. I'm using the library both on Windows and Linux 32 and 64 bit. -Message d'origine- De : Felipe Monteiro de Carvalho [mailto:felipemonteiro.carva...@gmail.com] Envoyé : mercredi 13 avril 2011 18:33 À : Ararat Synapse Cc : Ludo Brands Objet : Re: [Synalist] RE : Reading the HTTP headers of a page Hello, Does anyone know if zlib will successfully uncompress the data received in gzip method from an HTTP server? I think gzip is the same as zlib, but I'm not sure =o Or else which Pascal bindings or Pascal uncompressor should be used? thanks, -- Felipe Monteiro de Carvalho -- Forrester Wave Report - Recovery time is now measured in hours and minutes not days. Key insights are discussed in the 2010 Forrester Wave Report as part of an in-depth evaluation of disaster recovery service providers. Forrester found the best-in-class provider in terms of services and vision. Read this report now! http://p.sf.net/sfu/ibm-webcastpromo ___ synalist-public mailing list synalist-public@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/synalist-public
[Synalist] RE : RE : Reading the HTTP headers of a page
Downside of TGZFileStream is that it only works with a file. If you only need to decompress an odd page than that is fine. If you have a lot of packets with variable sizes to compress/decompress then using intermediate files slows things down quite a lot. In my case the application runs as a library which also adds file system access complications. Hence the modified paszlib library I mentioned earlier which does everything in memory. Ludo -Message d'origine- De : Michael Van Canneyt [mailto:mich...@freepascal.org] Envoyé : mercredi 13 avril 2011 20:02 À : Ararat Synapse Objet : Re: [Synalist] RE : Reading the HTTP headers of a page On Wed, 13 Apr 2011, Felipe Monteiro de Carvalho wrote: Hello, Does anyone know if zlib will successfully uncompress the data received in gzip method from an HTTP server? I think gzip is the same as zlib, but I'm not sure =o gzip adds an additional header, but this can be read with the TGZFileStream class from zstream. Or else which Pascal bindings or Pascal uncompressor should be used? zstream should be able to handle it. Michael. -- Forrester Wave Report - Recovery time is now measured in hours and minutes not days. Key insights are discussed in the 2010 Forrester Wave Report as part of an in-depth evaluation of disaster recovery service providers. Forrester found the best-in-class provider in terms of services and vision. Read this report now! http://p.sf.net/sfu/ibm-webcastpromo ___ synalist-public mailing list synalist-public@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/synalist-public -- Forrester Wave Report - Recovery time is now measured in hours and minutes not days. Key insights are discussed in the 2010 Forrester Wave Report as part of an in-depth evaluation of disaster recovery service providers. Forrester found the best-in-class provider in terms of services and vision. Read this report now! http://p.sf.net/sfu/ibm-webcastpromo ___ synalist-public mailing list synalist-public@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/synalist-public
[Synalist] RE : [Feature Request] Https/SNI (Server Name Indication)Support PATCH
Simon, I understand you are talking about the client side SNI support. Miha's reply is probably about the utility of synapse server side support for SNI. Attached is a patch that supports client side SNI. You need OpenSSL 0.9.8k or later to get this working. The server name sent to the host is the hostname used in the http header and extracted from the url. You can override the server name with a new string property TCustomSSL.SNIHost. Note that this patch includes my previous patches (openssl and cryptlib) sent recently. I haven't tested this with older versions of OpenSSL but looking at the OpenSSL code there is no harm done calling SSL_ctrl using undefined cmd parameters. Support for the SSL_CTRL_SET_TLSEXT_HOSTNAME can also be disabled when compiling openssl which confirms the no harm done. My only worry is the hardcoding of const SSL_CTRL_SET_TLSEXT_HOSTNAME in ssl_openssl_lib. I don't know how stable the openssl api has been so far. Lukas, can you shed your light on this? I see there are more hardcoded constants in ssl_openssl_lib. Ludo -Message d'origine- De : Simon L [mailto:sim...@gmail.com] Envoyé : mercredi 23 février 2011 17:03 À : synalist-public@lists.sourceforge.net Objet : [Synalist] [Feature Request] Https/SNI (Server Name Indication)Support Hello Lukas, Apache now supports multiple SSL sites on a single IP address: http://wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI To take advantage of this feature, client software needs to implement Server Name Indication (documented in RFC 4366) Most Web browsers now support SNI. It would be great if you add this feature to Synapse HTTPSend. Thank you. Simon -- Free Software Download: Index, Search Analyze Logs and other IT data in Real-Time with Splunk. Collect, index and harness all the fast moving IT data generated by your applications, servers and devices whether physical, virtual or in the cloud. Deliver compliance at lower cost and gain new business insights. http://p.sf.net/sfu/splunk-dev2dev ___ synalist-public mailing list synalist-public@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/synalist-public sni.diff Description: Binary data -- Free Software Download: Index, Search Analyze Logs and other IT data in Real-Time with Splunk. Collect, index and harness all the fast moving IT data generated by your applications, servers and devices whether physical, virtual or in the cloud. Deliver compliance at lower cost and gain new business insights. http://p.sf.net/sfu/splunk-dev2dev ___ synalist-public mailing list synalist-public@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/synalist-public
[Synalist] RE : [HttpSend] PATCH for cryptlib
Lukas, Due to a bug in the cryptlib library it fails to load some valid pem formatted certificates. I have reported the problem + patch to the cryptlib mailing list. Attached you'll find a modified cryptlib patch that has a workaround for the problem so that existing cryptlib libraries will work. Basically, it removes the '-BEGIN CERTIFICATE-' '-END CERTIFICATE-' tags from the certificate before calling cryptImportCert. Note that the cryptlib patches include the openssl patch submitted on feb 24 (OnVerifyCert). Ludo -Message d'origine- De : Ludo Brands [mailto:ludo.bra...@free.fr] Envoyé : dimanche 27 février 2011 15:43 À : 'Ararat Synapse' Objet : [Synalist] [HttpSend] PATCH for cryptlib Hi Lukas, Attached a patch for cryptlib that implements server certificate verification. It corrects also the following problems/bugs: - run-time check for cryptlib library version matching cryptlib.pas version (dll hell!!) - GetPeerFingerprint: CRYPT_CERTINFO_FINGERPRINT returns already the MD5 of the certificate. - cryptSetAttribute(cert, CRYPT_CERTINFO_ISSUERNAME, CRYPT_UNUSED) isn't working. Has to be cryptSetAttribute(cert, CRYPT_ATTRIBUTE_CURRENT, CRYPT_CERTINFO_ISSUERNAME); - cryptlib 3.4.0 has changed some constant names. Added conditional compile. - added TCustomSSL.CertComplianceLevel. Cryptlib is very picky on standards. The default compliance level is too high for most sites. For example, it needs to be set to CRYPT_COMPLIANCELEVEL_OBLIVIOUS to connect to https://www.microsoft.com ... Something that you may consider changing, or add a comment in ssl_cryptlib: cryptlib 3.4.0 has changed the default for CRYPT_SESSINFO_VERSION. Now one needs to set SSL.SSLType:=LT_SSLv3 to connect to most sites. In 3.3.2 this was not necessary. Changing TSSLCryptLib.Init line 315 from x := -1; to x := 0; would keep the earlier default behavior. Cheers, Ludo cryptlibverify2.diff Description: Binary data -- Free Software Download: Index, Search Analyze Logs and other IT data in Real-Time with Splunk. Collect, index and harness all the fast moving IT data generated by your applications, servers and devices whether physical, virtual or in the cloud. Deliver compliance at lower cost and gain new business insights. http://p.sf.net/sfu/splunk-dev2dev ___ synalist-public mailing list synalist-public@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/synalist-public
[Synalist] [HttpSend] PATCH for cryptlib
Hi Lukas, Attached a patch for cryptlib that implements server certificate verification. It corrects also the following problems/bugs: - run-time check for cryptlib library version matching cryptlib.pas version (dll hell!!) - GetPeerFingerprint: CRYPT_CERTINFO_FINGERPRINT returns already the MD5 of the certificate. - cryptSetAttribute(cert, CRYPT_CERTINFO_ISSUERNAME, CRYPT_UNUSED) isn't working. Has to be cryptSetAttribute(cert, CRYPT_ATTRIBUTE_CURRENT, CRYPT_CERTINFO_ISSUERNAME); - cryptlib 3.4.0 has changed some constant names. Added conditional compile. - added TCustomSSL.CertComplianceLevel. Cryptlib is very picky on standards. The default compliance level is too high for most sites. For example, it needs to be set to CRYPT_COMPLIANCELEVEL_OBLIVIOUS to connect to https://www.microsoft.com ... Something that you may consider changing, or add a comment in ssl_cryptlib: cryptlib 3.4.0 has changed the default for CRYPT_SESSINFO_VERSION. Now one needs to set SSL.SSLType:=LT_SSLv3 to connect to most sites. In 3.3.2 this was not necessary. Changing TSSLCryptLib.Init line 315 from x := -1; to x := 0; would keep the earlier default behavior. Cheers, Ludo cryptlibverify.diff Description: Binary data -- Free Software Download: Index, Search Analyze Logs and other IT data in Real-Time with Splunk. Collect, index and harness all the fast moving IT data generated by your applications, servers and devices whether physical, virtual or in the cloud. Deliver compliance at lower cost and gain new business insights. http://p.sf.net/sfu/splunk-dev2dev ___ synalist-public mailing list synalist-public@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/synalist-public
[Synalist] RE : RE : RE : [HttpSend] How to verify server'scertificate?
Hi Simon, That would be extremely complex. From what I can see Synapse doesn't have any support for that. When calling the openssl library directly the only way I see is to implement your own certificate verification callback function using SslCtxSetVerify() and/or SSL_CTX_set_cert_verify_callback() (good luck!!!). OpenSSL is coming from unix where everything is a file, hence But why would you want to so? Root CA's are a moving target. The file on curl.haxx.se for example is auto-generated on a weekly basis. If distributing the root ca file is the concern you can always include it in your program as a resource and save the data to disk when executing your program. Ludo -Message d'origine- De : Simon L [mailto:sim...@gmail.com] Envoyé : mercredi 23 février 2011 05:05 À : Ararat Synapse Objet : Re: [Synalist] RE : RE : [HttpSend] How to verify server'scertificate? Hi Ludo, Is it possible to store the root CA in memory instead of in an external file? Thanks. Simon On Tue, Feb 15, 2011 at 5:32 AM, Ludo Brands ludo.bra...@free.fr wrote: Hi Simon, If HTTPMethod returns false then check HTTP.Sock.SSL.LastErrorDesc. When it says something like 'error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed' and the site opens correctly in your browser, then openssl probably hasn't any root certificate authorities to compare with. As www.openssl.org/support/faq.html says: The OpenSSL software is shipped without any root CA certificate as the OpenSSL project does not have any policy on including or excluding any specific CA and does not intend to set up such a policy. Deciding about which CAs to support is up to application developers or administrators. Ludo -Message d'origine- De : Simon L [mailto:sim...@gmail.com] Envoyé : lundi 14 février 2011 22:46 À : Ararat Synapse Objet : Re: [Synalist] RE : [HttpSend] How to verify server's certificate? Hi Ludo, Unfortunately this doesn't seem to work. When HTTP.Sock.SSL.VerifyCert is true, HTTPMethod returns immediately. Please advise. Thanks. Simon On Sun, Feb 13, 2011 at 9:00 AM, Ludo Brands ludo.bra...@free.fr wrote: Hi, HTTP := THTTPSend.Create; HTTP.Sock.SSL.VerifyCert:=true; does the certificate verification. Works apparently only with the openssl library. Ludo -Message d'origine- De : Simon L [mailto:sim...@gmail.com] Envoyé : dimanche 13 février 2011 12:06 À : synalist-public@lists.sourceforge.net Objet : [Synalist] [HttpSend] How to verify server's certificate? Before data is transfered over an HTTPS connection, I want to make sure that the website's certificate is genuine. How to do that? Thanks. Simon - - -- -- The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE: Pinpoint memory and threading errors before they happen. Find and fix more than 250 security defects in the development cycle. Locate bottlenecks in serial and parallel code that limit performance. http://p.sf.net/sfu/intel-dev2devfeb ___ synalist-public mailing list synalist-public@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/synalist-public - - The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE: Pinpoint memory and threading errors before they happen. Find and fix more than 250 security defects in the development cycle. Locate bottlenecks in serial and parallel code that limit performance. http://p.sf.net/sfu/intel-dev2devfeb ___ synalist-public mailing list synalist-public@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/synalist-public -- -- -- The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE: Pinpoint memory and threading errors before they happen. Find and fix more than 250 security defects in the development cycle. Locate bottlenecks in serial and parallel code that limit performance. http://p.sf.net/sfu/intel-dev2devfeb ___ synalist-public mailing list synalist-public@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/synalist-public -- The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE: Pinpoint memory and threading errors before they happen. Find and fix more than 250 security defects in the development cycle. Locate bottlenecks in serial and parallel code that limit performance. http://p.sf.net/sfu/intel-dev2devfeb ___ synalist-public mailing list synalist-public@lists.sourceforge.net https
[Synalist] RE : RE : RE : RE : [HttpSend] How to verify server'scertificate?
Hi Simon, Openssl certificate verification only verifies the CA chain up to the root CA to check if they are not tampered with. It does not verify if the CN in the server certificate matches the domain name in the URL used. That is up to the application. This is a limitation in openssl, not a bug in synapse. HTTP.Sock.SSL.GetPeerName corresponds indeed with CN in the certificate. But ... HTTP.HTTPMethod closes the socket (and the link to openssl) per default and GetPeerName returns an empty string. You can set HTTP.Protocol:='1.1'; to not close the connection per default. This will work for https://65.55.12.249 but not for https://suivi.orange.fr who sends a connection close in the header. I'm afraid this needs some changes in Synapse. Adding a TTCPBlockSocket.OnBeforeDisconnect handler would be an elegant solution. Perhaps somebody else on the mailinglist has another idea?? Ludo -Message d'origine- De : Simon L [mailto:sim...@gmail.com] Envoyé : mercredi 23 février 2011 14:34 À : Ararat Synapse Objet : Re: [Synalist] RE : RE : RE : [HttpSend] How to verify server'scertificate? Hi Ludo, I noticed a problem with the certificate verification process: even if the certificate doesn't match the website, HTTPSend won't complain as long as the root CA of the certificate is found in the CertCAFile. For example, in C:\Windows\System32\drivers\etc\hosts, if you change the IP of suivi.orange.fr to point to 65.55.12.249 (Microsoft's website), your code still succeeds. Is this a bug, or should we manually compare and check the value in HTTP.Sock.SSL.GetPeerName? Thank you. Simon On Tue, Feb 15, 2011 at 6:02 AM, Ludo Brands ludo.bra...@free.fr wrote: Hi Simon, The trusted CA's to check against can be specified with HTTP.Sock.SSL.CertCAFile:='full.path.to.CAcert.pem'; You can find pem conversion of the Mozilla trusted CA's here: http://curl.haxx.se/ca/cacert.pem Here is a working example using above pem file(Form with Memo1 to display result or error) procedure TForm1.FormCreate(Sender: TObject); var HTTP:THTTPSend; res:boolean; s:string; begin HTTP := THTTPSend.Create; HTTP.Sock.SSL.VerifyCert:=true; HTTP.Sock.SSL.CertCAFile:='CAcert.pem'; s:='nothing'; try res := HTTP.HTTPMethod('GET', 'https://suivi.orange.fr'); if res then begin setlength(s,HTTP.Document.size); HTTP.Document.Write(s[1],HTTP.Document.size); end else s:= HTTP.Sock.SSL.LastErrorDesc; finally HTTP.Free; Memo1.Text:=s; end; end; Ludo -Message d'origine- De : Ludo Brands [mailto:ludo.bra...@free.fr] Envoyé : mardi 15 février 2011 10:32 À : 'Ararat Synapse' Objet : [Synalist] RE : RE : [HttpSend] How to verify server's certificate? Hi Simon, If HTTPMethod returns false then check HTTP.Sock.SSL.LastErrorDesc. When it says something like 'error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed' and the site opens correctly in your browser, then openssl probably hasn't any root certificate authorities to compare with. As www.openssl.org/support/faq.html says: The OpenSSL software is shipped without any root CA certificate as the OpenSSL project does not have any policy on including or excluding any specific CA and does not intend to set up such a policy. Deciding about which CAs to support is up to application developers or administrators. Ludo -Message d'origine- De : Simon L [mailto:sim...@gmail.com] Envoyé : lundi 14 février 2011 22:46 À : Ararat Synapse Objet : Re: [Synalist] RE : [HttpSend] How to verify server's certificate? Hi Ludo, Unfortunately this doesn't seem to work. When HTTP.Sock.SSL.VerifyCert is true, HTTPMethod returns immediately. Please advise. Thanks. Simon On Sun, Feb 13, 2011 at 9:00 AM, Ludo Brands ludo.bra...@free.fr wrote: Hi, HTTP := THTTPSend.Create; HTTP.Sock.SSL.VerifyCert:=true; does the certificate verification. Works apparently only with the openssl library. Ludo -Message d'origine- De : Simon L [mailto:sim...@gmail.com] Envoyé : dimanche 13 février 2011 12:06 À : synalist-public@lists.sourceforge.net Objet : [Synalist] [HttpSend] How to verify server's certificate? Before data is transfered over an HTTPS connection, I want to make sure that the website's certificate is genuine. How to do that? Thanks. Simon - - -- -- The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE: Pinpoint memory and threading errors before they happen. Find and fix more than 250 security defects in the development cycle. Locate bottlenecks in serial and parallel code that limit performance. http://p.sf.net/sfu/intel-dev2devfeb ___ synalist-public mailing list synalist-public@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/synalist
[Synalist] RE : [HttpSend] How to verify server's certificate?
Hi, HTTP := THTTPSend.Create; HTTP.Sock.SSL.VerifyCert:=true; does the certificate verification. Works apparently only with the openssl library. Ludo -Message d'origine- De : Simon L [mailto:sim...@gmail.com] Envoyé : dimanche 13 février 2011 12:06 À : synalist-public@lists.sourceforge.net Objet : [Synalist] [HttpSend] How to verify server's certificate? Before data is transfered over an HTTPS connection, I want to make sure that the website's certificate is genuine. How to do that? Thanks. Simon -- The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE: Pinpoint memory and threading errors before they happen. Find and fix more than 250 security defects in the development cycle. Locate bottlenecks in serial and parallel code that limit performance. http://p.sf.net/sfu/intel-dev2devfeb ___ synalist-public mailing list synalist-public@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/synalist-public -- The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE: Pinpoint memory and threading errors before they happen. Find and fix more than 250 security defects in the development cycle. Locate bottlenecks in serial and parallel code that limit performance. http://p.sf.net/sfu/intel-dev2devfeb ___ synalist-public mailing list synalist-public@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/synalist-public
[Synalist] TR : unexpected http 1.1 100 continue status
Well, since we are resending old patches that were not reacted upon... I won't send patches in the middle of the summer holiday season again ;) -Message d'origine- De : Ludo Brands [mailto:ludo.bra...@free.fr] Envoyé : jeudi 22 juillet 2010 10:31 À : 'synalist-public@lists.sourceforge.net' Objet : unexpected http 1.1 100 continue status attached you find a patch to httpsend that solves the problem of unexpected 100 continue status messages. This bug was reported earlier in http://www.mail-archive.com/synalist-public@lists.sourceforge.net/msg01557.h tml This patch drops all 1xx informational status messages when expecting a reply from the server and was made against the latest svn version. thanks, Ludo Brands httpsend.patch Description: Binary data -- Protect Your Site and Customers from Malware Attacks Learn about various malware tactics and how to avoid them. Understand malware threats, the impact they can have on your business, and how you can protect your company and customers by using code signing. http://p.sf.net/sfu/oracle-sfdevnl___ synalist-public mailing list synalist-public@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/synalist-public