[twsocket] SAN SSL certificates
Hello, I wonder how should we support SAN (Subject Alternative Name) certificates with ICS? These are certificates with multi domains. Are they implicitly supported? Best Regards, Gorkem Ates *Fastream Technologies* *Software IQ: Innovation Quality* http://www.fastream.com | http://twitter.com/fastream | http://www.iqproxyserver.com *Sales Support: Email:* sa...@fastream.com, supp...@fastream.com | *Intl. Hotline:* +90-312-223-2830 (weekdays, 9am-6pm *GMT+300*) Join *IQ Proxy Server Yahoo group* at http://groups.yahoo.com/group/IQProxyServer Join *IQWF Server Yahoo group* at http://groups.yahoo.com/group/IQWFServer This is a *no-nonsense* signature! Please do *join our yahoo groups for announcements of future versions* of IQ Proxy Server and IQ Web/FTP Server (traffic level is *very low*). -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] Socket flushing
Hi Arno, Why? Do you have arguments? No, just something I recall, but it is very long time ago so I assume you are right. I agree that Flush generally violates the async paradigm and _might cause problems, however removing the call to MessagePump should not make a difference. OK -- mvg, Wilfried http://www.mestdagh.biz http://www.comfortsoftware.be http://www.expertsoftware.be -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] Socket flushing
If the reason that you call the Flush method is because you want to be sure all is sent before closing the socket then you can better call ShutDown(1) method. Yes, thats it, it is something like this Socket.Send(@Data[0], Length(Data)); Socket.Close; But I have found that if my data is small enough to fit on sending buffer, it is actually sent, even not calling Flush method, and since where I need flush my data is small I have removed Flush method from my entire code. Thank you for the replies! Eric -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] SAN SSL certificates
Fastream Technologies wrote: Hello, I wonder how should we support SAN (Subject Alternative Name) certificates with ICS? These are certificates with multi domains. Are they implicitly supported? What is the problem? Please be more specific. -- Arno Garrels -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] SAN SSL certificates
On Mon, Aug 1, 2011 at 16:43, Arno Garrels arno.garr...@gmx.de wrote: Fastream Technologies wrote: Hello, I wonder how should we support SAN (Subject Alternative Name) certificates with ICS? These are certificates with multi domains. Are they implicitly supported? What is the problem? Please be more specific. Honestly I am not yet sure. It is just one customer says he could not get SAN SSL cert to work. I told him to alter Accepted Hosts and use the wildcard SNI domain. I asked here to learn if it is supported or not. If it is not, I need to know to announce. If you know a way to get it working, let me know. Best Regards, SZ -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] Socket flushing
Hi Eric, Socket.Send(@Data[0], Length(Data)); Socket.Close; I think this is better: Socket.Send(@Data[0], Length(Data)); Socket.Shutdown(1); This will send all data, telling the other end to signal to close when received. There is in your case no need to call the Flush method. -- mvg, Wilfried http://www.mestdagh.biz http://www.comfortsoftware.be http://www.expertsoftware.be -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] SAN SSL certificates
Fastream Technologies wrote: What is the problem? Please be more specific. Honestly I am not yet sure. It is just one customer says he could not get SAN SSL cert to work. I told him to alter Accepted Hosts and use the wildcard SNI domain. I asked here to learn if it is supported or not. If it is not, I need to know to announce. If you know a way to get it working, let me know. As far as I know there is no problem. OpenSSL doesn't use these certificate fields for verification, only TX509Base.PostConnectionCheck() and it has to be called explicitly. This method searchs for the passed string in fields subject alternative name and common name. -- Arno Garrels -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] Socket flushing
Wilfried Mestdagh wrote: Hi Eric, Socket.Send(@Data[0], Length(Data)); Socket.Close; I think this is better: Socket.Send(@Data[0], Length(Data)); Socket.Shutdown(1); This can be dangerous, Shutdown(1) disables sends on the socket, if not all has been sent yet you'll get a socket exception on the next internal send attempt. Best practise is to set a flag and call it from OnDataSent if that flag is set. Well, you could check WSocket.AllSent however what would you do if it returnd False? -- Arno Garrels -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] SAN SSL certificates
Arno, On Mon, Aug 1, 2011 at 17:56, Arno Garrels arno.garr...@gmx.de wrote: Fastream Technologies wrote: What is the problem? Please be more specific. Honestly I am not yet sure. It is just one customer says he could not get SAN SSL cert to work. I told him to alter Accepted Hosts and use the wildcard SNI domain. I asked here to learn if it is supported or not. If it is not, I need to know to announce. If you know a way to get it working, let me know. As far as I know there is no problem. OpenSSL doesn't use these certificate fields for verification, only TX509Base.PostConnectionCheck() and it has to be called explicitly. This method searchs for the passed string in fields subject alternative name and common name. So would the additional domains work with ICS or not? If not, what to do? I notice our customers are getting more and more high end every day and this is making them harder to support. Regards, SZ -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] SAN SSL certificates
Fastream Technologies wrote: Arno, On Mon, Aug 1, 2011 at 17:56, Arno Garrels arno.garr...@gmx.de wrote: Fastream Technologies wrote: What is the problem? Please be more specific. Honestly I am not yet sure. It is just one customer says he could not get SAN SSL cert to work. I told him to alter Accepted Hosts and use the wildcard SNI domain. I asked here to learn if it is supported or not. If it is not, I need to know to announce. If you know a way to get it working, let me know. As far as I know there is no problem. OpenSSL doesn't use these certificate fields for verification, only TX509Base.PostConnectionCheck() and it has to be called explicitly. This method searchs for the passed string in fields subject alternative name and common name. So would the additional domains work with ICS or not? If not, what to do? I notice our customers are getting more and more high end every day and this is making them harder to support. As I said, I do not see any reason why ICS/OpenSSL should not handle them correctly. If you think you found a bug please provide a simple, reproducible test case. -- Arno Garrels -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] Socket flushing
Then use Shutdown(2); Easy to do a testcase for Eric I think. His proposition to use Close() is not good, CloseDelayed should give a little better but not on a LAN. -- mvg, Wilfried http://www.mestdagh.biz http://www.comfortsoftware.be http://www.expertsoftware.be -Oorspronkelijk bericht- Van: twsocket-boun...@elists.org [mailto:twsocket-boun...@elists.org] Namens Arno Garrels Verzonden: maandag 1 augustus 2011 16:57 Aan: ICS support mailing Onderwerp: Re: [twsocket] Socket flushing Wilfried Mestdagh wrote: Hi Eric, Socket.Send(@Data[0], Length(Data)); Socket.Close; I think this is better: Socket.Send(@Data[0], Length(Data)); Socket.Shutdown(1); This can be dangerous, Shutdown(1) disables sends on the socket, if not all has been sent yet you'll get a socket exception on the next internal send attempt. Best practise is to set a flag and call it from OnDataSent if that flag is set. Well, you could check WSocket.AllSent however what would you do if it returnd False? -- Arno Garrels -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] Socket flushing
Then use Shutdown(2); Easy to do a testcase for Eric I think. His proposition to use Close() is not good, CloseDelayed should give a little better but not on a LAN. I see The problem is that I can´t wait, because actually this is can be even done on classes destructors such as: procedure TMyClass.SendTeardown; begin FSocket.Send(@Data[0], Length(Data)); end; destructor TMyClass.destroy; begin // Send RTSP Teardown message SendTeardown; // Release the socket FSocket.Free; inherited Destroy; end; So, I can´t wait for events or anything because the socket will be destroyed In my testing, if I send the data and destroy the socket, the data is actually sent (I can see it on sniffer), even on remote internet hosts Eric -Oorspronkelijk bericht- Van: twsocket-boun...@elists.org [mailto:twsocket-boun...@elists.org] Namens Arno Garrels Verzonden: maandag 1 augustus 2011 16:57 Aan: ICS support mailing Onderwerp: Re: [twsocket] Socket flushing Wilfried Mestdagh wrote: Hi Eric, Socket.Send(@Data[0], Length(Data)); Socket.Close; I think this is better: Socket.Send(@Data[0], Length(Data)); Socket.Shutdown(1); This can be dangerous, Shutdown(1) disables sends on the socket, if not all has been sent yet you'll get a socket exception on the next internal send attempt. Best practise is to set a flag and call it from OnDataSent if that flag is set. Well, you could check WSocket.AllSent however what would you do if it returnd False? -- Arno Garrels -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
