Re: [twsocket] HttpCli - autorization - proxy - bugs
On 16-Oct-05 07:29:49 Arno Garrels wrote: >Maurizio Lotauro wrote: >> >> Can you explain what happen? >> Because you get the loop problem I imagine that your situation is: >> - the client request an URI >> - the proxy answer with a 407 code >> - the client authenticate to the proxy and start the SSL >> - the remote server answer with a 401 code and close the connection >> - the proxy close the connetcion too (otherwise you will not get the >> loop problem) >> - the client authenticate again on the proxy. >> >> Why do you think that the proxy credential will be sent to the remote >> server? >It happens only when the SSL is enabled. >Proxy-states are changed/set OnStateChange when state is httpReady (or so), >however that event is triggered neither when the handshake starts nor >when the handshake is done. Possibly logic should be changed to implement >request CONNECT more as a common request. I agree with that. ATM I'm quite busy but I'll return on this in a few days to study the tunnelling topic. Bye, Maurizio. -- To unsubscribe or change your settings for TWSocket mailing list please goto http://www.elists.org/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] HttpCli - autorization - proxy - bugs
Maurizio Lotauro wrote: > > Can you explain what happen? > Because you get the loop problem I imagine that your situation is: > - the client request an URI > - the proxy answer with a 407 code > - the client authenticate to the proxy and start the SSL > - the remote server answer with a 401 code and close the connection > - the proxy close the connetcion too (otherwise you will not get the > loop problem) > - the client authenticate again on the proxy. > > Why do you think that the proxy credential will be sent to the remote > server? It happens only when the SSL is enabled. Proxy-states are changed/set OnStateChange when state is httpReady (or so), however that event is triggered neither when the handshake starts nor when the handshake is done. Possibly logic should be changed to implement request CONNECT more as a common request. -- To unsubscribe or change your settings for TWSocket mailing list please goto http://www.elists.org/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] HttpCli - autorization - proxy - bugs
On 14-Oct-05 16:32:53 Arno Garrels wrote: >Maurizio Lotauro wrote: [...] >> No please keep they as string for two reasons: >> - if someone implement another authentication in an inherited compnent >> he/her must change HttpProt.pas to add a new item to the set >Hmm, but that's how it is done in ICS since the beginning. I also don't >think that there will be lots of new auth-types in the future, and a new >item is added in a few milliseconds, however string comparisons are >terrible slow. With the actual implementation of authentication it will be a nightmare adding a new one. This is not a critic, it is only a consideration after I made the fix. As said, I have ready a version that handle the authentication in a different way (I'm using it in a production environment since months). It has some advantages: - each authentication do not need to know all others as it happens now. - A new authentication can be added without changing the HttpCli code. This mean that a developer can add a custom one or even replace for example the NTLM. - The HttpCli code will get cleaner and easier to maintain. If you followed the thread about content conding it is based on the same principle But to get all this the properties should remain string to keep they open. And don't worry about string comparison, in that version are a lot less :-) If you want look into it I can send you a copy. [...] >I already have merged the above changes and sent V4c to Francois, it's >no problem to revert them back to string type, Francois? I think that in this moment and for this kind of change it should not be a problem. Bye, Maurizio. -- To unsubscribe or change your settings for TWSocket mailing list please goto http://www.elists.org/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] HttpCli - autorization - proxy - bugs
Maurizio Lotauro wrote: > Scrive Arno Garrels <[EMAIL PROTECTED]>: > >> Maurizio Lotauro wrote: > > [...] > >> Just tested you code, so far it is working smoothly, good job! > > Thank you :-) > >> However, I changed the string-type of new properties ServerAuth as well >> as ProxyAuth to a new custom type: >> THttpAuthType = (httpAuthNone, httpAuthBasic, httpAuthNtlm); >> This is much better practice and also faster because a lot of calls to >> CompareStr() can be exchanged by faster checks (i.e. if FProxyAuth <> >> httpAuthNone then), >> any veto? > > No please keep they as string for two reasons: > - if someone implement another authentication in an inherited compnent > he/her must change HttpProt.pas to add a new item to the set Hmm, but that's how it is done in ICS since the beginning. I also don't think that there will be lots of new auth-types in the future, and a new item is added in a few milliseconds, however string comparisons are terrible slow. > - I already have a version of HttpCli that implement the authentication > in a different way (like the beta of content conding). It use a > registration class mechanism to let know the component what kind of > authentication are available. > > It is like other properties (Connection for example) where practically > they can contain only specific values but actualy you can specify > whatever you want. It is developer responsability to set they to a proper > value. I already have merged the above changes and sent V4c to Francois, it's no problem to revert them back to string type, Francois? -- To unsubscribe or change your settings for TWSocket mailing list please goto http://www.elists.org/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] HttpCli - autorization - proxy - bugs
Scrive Arno Garrels <[EMAIL PROTECTED]>: > Maurizio Lotauro wrote: [...] > Just tested you code, so far it is working smoothly, good job! Thank you :-) > However, I changed the string-type of new properties ServerAuth as well > as ProxyAuth to a new custom type: > THttpAuthType = (httpAuthNone, httpAuthBasic, httpAuthNtlm); > This is much better practice and also faster because a lot of calls to > CompareStr() can be exchanged by faster checks (i.e. if FProxyAuth <> > httpAuthNone then), > any veto? No please keep they as string for two reasons: - if someone implement another authentication in an inherited compnent he/her must change HttpProt.pas to add a new item to the set - I already have a version of HttpCli that implement the authentication in a different way (like the beta of content conding). It use a registration class mechanism to let know the component what kind of authentication are available. It is like other properties (Connection for example) where practically they can contain only specific values but actualy you can specify whatever you want. It is developer responsability to set they to a proper value. Bye, Maurizio. This mail has been sent using Alpikom webmail system http://www.alpikom.it -- To unsubscribe or change your settings for TWSocket mailing list please goto http://www.elists.org/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] HttpCli - autorization - proxy - bugs
Maurizio Lotauro wrote: > On 13-Oct-05 15:33:39 Arno Garrels wrote: > >> Maurizio Lotauro wrote: > > [...] > >>> It is a know issue. I already fix it and a "corrected" version of >>> httpcli is on the ics site as beta. > >> Good to know, I was going to waste my time fixing it myself (not easy). > > Don't remaind me, it needed two weeks of work :-) Just tested you code, so far it is working smoothly, good job! However, I changed the string-type of new properties ServerAuth as well as ProxyAuth to a new custom type: THttpAuthType = (httpAuthNone, httpAuthBasic, httpAuthNtlm); This is much better practice and also faster because a lot of calls to CompareStr() can be exchanged by faster checks (i.e. if FProxyAuth <> httpAuthNone then), any veto? Arno Garrels -- To unsubscribe or change your settings for TWSocket mailing list please goto http://www.elists.org/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] HttpCli - autorization - proxy - bugs
On 13-Oct-05 15:33:39 Arno Garrels wrote: >Maurizio Lotauro wrote: [...] >> It is a know issue. I already fix it and a "corrected" version of httpcli >> is on the ics site as beta. >Good to know, I was going to waste my time fixing it myself (not easy). Don't remaind me, it needed two weeks of work :-) FYI the problem occur when proxy and remote needs an authentication and the proxy close the connection with the client when the remote answer with 401. So the whole authentication process restart again. In my test this doesn't happen with ISA server because it keep the connection alive. Bye, Maurizio. -- To unsubscribe or change your settings for TWSocket mailing list please goto http://www.elists.org/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] HttpCli - autorization - proxy - bugs
On 13-Oct-05 15:33:48 Arno Garrels wrote: >Francois Piette wrote: [...] >> You can apply it to the version in ICS-SSL V4. >> Those not using ICS-SSL may use the beta already available from my >> website. >That's a good idea, I'll test it hard ;-) >Maurizio, can you please send me a copy, so I can add it to V4c? Is it ok for you if I apply the fix on the original V4b? Bye, Maurizio. -- To unsubscribe or change your settings for TWSocket mailing list please goto http://www.elists.org/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] HttpCli - autorization - proxy - bugs
Francois Piette wrote: >> It is a know issue. I already fix it and a "corrected" version of >> httpcli is on the ics site as beta. If Francois want I can apply this >> fix (it is quite complicated because I need to change some logic) I can >> do it for the version he want. > > You can apply it to the version in ICS-SSL V4. > Those not using ICS-SSL may use the beta already available from my > website. That's a good idea, I'll test it hard ;-) Maurizio, can you please send me a copy, so I can add it to V4c? > > -- > Contribute to the SSL Effort. Visit > http://www.overbyte.be/eng/ssl.html > -- > [EMAIL PROTECTED] > Author of ICS (Internet Component Suite, freeware) > Author of MidWare (Multi-tier framework, freeware) > http://www.overbyte.be > > > > - Original Message - > From: "Maurizio Lotauro" <[EMAIL PROTECTED]> > To: "ICS support mailing" > Sent: Thursday, October 13, 2005 4:12 PM > Subject: Re: [twsocket] HttpCli - autorization - proxy - bugs > > >> Scrive Arno Garrels <[EMAIL PROTECTED]>: >> >>> Hello, >>> >>> It's the first time I use the HttpCli component (I'm disappointed). >>> Basic authorization after basic proxy-authorization does not work >>> (infinite loop). >>> NTLM authorization in combination with basic proxy-authorization does >>> not work. >>> NTLM authorization in combination with NTLM proxy-authorization does not >>> work. >>> However basic authorization in combination with NTLM proxy-authorization >>> DOES. >>> >>> SSL is disabled!! >>> >>> I havn't tried authorization w/o a proxy. >> >> It is a know issue. I already fix it and a "corrected" version of >> httpcli is on the ics site as beta. If Francois want I can apply this >> fix (it is quite complicated because I need to change some logic) I can >> do it for the version he want. >> >> >> Bye, Maurizio. >> >> >> This mail has been sent using Alpikom webmail system >> http://www.alpikom.it >> >> -- >> To unsubscribe or change your settings for TWSocket mailing list >> please goto http://www.elists.org/mailman/listinfo/twsocket >> Visit our website at http://www.overbyte.be -- To unsubscribe or change your settings for TWSocket mailing list please goto http://www.elists.org/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] HttpCli - autorization - proxy - bugs
Maurizio Lotauro wrote: > Scrive Arno Garrels <[EMAIL PROTECTED]>: > >> Hello, >> >> It's the first time I use the HttpCli component (I'm disappointed). >> Basic authorization after basic proxy-authorization does not work >> (infinite loop). >> NTLM authorization in combination with basic proxy-authorization does not >> work. >> NTLM authorization in combination with NTLM proxy-authorization does not >> work. >> However basic authorization in combination with NTLM proxy-authorization >> DOES. >> >> SSL is disabled!! >> >> I havn't tried authorization w/o a proxy. > > It is a know issue. I already fix it and a "corrected" version of httpcli > is on the ics site as beta. Good to know, I was going to waste my time fixing it myself (not easy). > If Francois want I can apply this fix (it is > quite complicated because I need to change some logic) I can do it for > the version he want. -- To unsubscribe or change your settings for TWSocket mailing list please goto http://www.elists.org/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] HttpCli - autorization - proxy - bugs
> It is a know issue. I already fix it and a "corrected" version of httpcli is > on the ics site as beta. If Francois want I can apply this fix (it is quite > complicated because I need to change some logic) I can do it for the version > he want. You can apply it to the version in ICS-SSL V4. Those not using ICS-SSL may use the beta already available from my website. -- Contribute to the SSL Effort. Visit http://www.overbyte.be/eng/ssl.html -- [EMAIL PROTECTED] Author of ICS (Internet Component Suite, freeware) Author of MidWare (Multi-tier framework, freeware) http://www.overbyte.be - Original Message - From: "Maurizio Lotauro" <[EMAIL PROTECTED]> To: "ICS support mailing" Sent: Thursday, October 13, 2005 4:12 PM Subject: Re: [twsocket] HttpCli - autorization - proxy - bugs > Scrive Arno Garrels <[EMAIL PROTECTED]>: > > > Hello, > > > > It's the first time I use the HttpCli component (I'm disappointed). > > Basic authorization after basic proxy-authorization does not work (infinite > > loop). > > NTLM authorization in combination with basic proxy-authorization does not > > work. > > NTLM authorization in combination with NTLM proxy-authorization does not > > work. > > However basic authorization in combination with NTLM proxy-authorization > > DOES. > > > > SSL is disabled!! > > > > I havn't tried authorization w/o a proxy. > > It is a know issue. I already fix it and a "corrected" version of httpcli is > on the ics site as beta. If Francois want I can apply this fix (it is quite > complicated because I need to change some logic) I can do it for the version > he want. > > > Bye, Maurizio. > > > This mail has been sent using Alpikom webmail system > http://www.alpikom.it > > -- > To unsubscribe or change your settings for TWSocket mailing list > please goto http://www.elists.org/mailman/listinfo/twsocket > Visit our website at http://www.overbyte.be -- To unsubscribe or change your settings for TWSocket mailing list please goto http://www.elists.org/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] HttpCli - autorization - proxy - bugs
Scrive Arno Garrels <[EMAIL PROTECTED]>: > Hello, > > It's the first time I use the HttpCli component (I'm disappointed). > Basic authorization after basic proxy-authorization does not work (infinite > loop). > NTLM authorization in combination with basic proxy-authorization does not > work. > NTLM authorization in combination with NTLM proxy-authorization does not > work. > However basic authorization in combination with NTLM proxy-authorization > DOES. > > SSL is disabled!! > > I havn't tried authorization w/o a proxy. It is a know issue. I already fix it and a "corrected" version of httpcli is on the ics site as beta. If Francois want I can apply this fix (it is quite complicated because I need to change some logic) I can do it for the version he want. Bye, Maurizio. This mail has been sent using Alpikom webmail system http://www.alpikom.it -- To unsubscribe or change your settings for TWSocket mailing list please goto http://www.elists.org/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be