Hello Lukas, I encountered another potential bug. Demo app is available at:
http://dl.dropbox.com/u/2167512/20100126_http_post.zip I tried to send HTTP POST commands to some URLs, some of them cause HttpSend to freeze. For example, these two URLs don't work: http://www.gmail.com https://www.gmail.com (with or without SSL) And, HttpSend will freeze if it submits two POST requests to this URL: https://red001.mail.microsoftonline.com/EWS/Exchange.asmx Again, at the command line, the following commands work smoothly: curl -ik -d "Hello" http://www.gmail.com curl -ik -d "Hello" https://www.gmail.com curl -ik -d "Hello" https://red001.mail.microsoftonline.com/EWS/Exchange.asmx This issue may not be related to OpenSSL, because http://www.gmail.com doesn't work either. Please look at this mysterious freezing bug. Thank you. Simon On Fri, Jan 22, 2010 at 6:57 AM, Lukas Gebauer <[email protected]> wrote: >> I tested your DLLs (0.9.8l, compiled using VC), and they also caused >> HttpSend to hang. >> >> I don't know whether this is a bug of OpenSSL or HttpSend.pas. > > I track problem. Background is: > > Was found possible security problem in SSL/TLS protocol. (man-in- > middle attack during renegotiation). And openssl devs disable this > feature at all as prevention, and release it as version 0.9.8l. > > Reason why some https server working well and some not are simple. > Your server, where Synapse hangs, request renegotiation. Servers, > what working well, not requesting renegotiation. :-) > > But renegoitation is disabled now inside OpenSSL, and maybe is > something bad with server communication. Like both side waiting for > read... While I call ssl_recv OpenSSL API, then it hang and waiting > for some data what does not exists. > > I still not found any workaround... > > So, do not use 0.9.8.l version of OpenSSL yet! > > > > -- > Lukas Gebauer. > > http://synapse.ararat.cz/ - Ararat Synapse - TCP/IP Lib. > http://geoget.ararat.cz/ - Geocaching solution > > > ------------------------------------------------------------------------------ > Throughout its 18-year history, RSA Conference consistently attracts the > world's best and brightest in the field, creating opportunities for Conference > attendees to learn about information security's most important issues through > interactions with peers, luminaries and emerging and established companies. > http://p.sf.net/sfu/rsaconf-dev2dev > _______________________________________________ > synalist-public mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/synalist-public > ------------------------------------------------------------------------------ The Planet: dedicated and managed hosting, cloud storage, colocation Stay online with enterprise data centers and the best network in the business Choose flexible plans and management services without long-term contracts Personal 24x7 support from experience hosting pros just a phone call away. http://p.sf.net/sfu/theplanet-com _______________________________________________ synalist-public mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/synalist-public
