Jump to content

baka0815

Members
  • Content Count

    46
  • Joined

  • Last visited

Community Reputation

12 Good

About baka0815

  • Birthday June 21

Technical Information

  • Delphi-Version
    Delphi 11 Alexandria

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. baka0815

    Release or Debug?

    How about creating a "release" Script? That would compile the files and write the build-version to an include file. Then it would bundle that include file with the source and the pre-built bpl file as a release file?
  2. baka0815

    Release or Debug?

    No, that is way to over-simplified. If there is something that the build-script generate every time you run a build (pre- and post-build scripts) then the intermediate files should *not* be part of the version control, because they get regenerated each and every time you start a new build. However it should build using the scripts.
  3. baka0815

    Any chance of getting a signed installer?

    Well, we need to trust the exe (and @dummzeuch) as it is currently and that doesn't change in the future. So @dummzeuchcould just create a new self-signed certificate and use that to sign the executable. Sure, Windows will complain at first, because the certificate is not trusted, but adding that certificate to the local store shouldn't be a problem and from that point onward it would work.
  4. baka0815

    Any chance of getting a signed installer?

    Well regarding social engineering attacks like in the case of the XZ backdoor, a signed executable would hardly deliver additional protection. @dummzeuchwouldn't it be possible to get a certificate from let's encrypt (https://letsencrypt.org/de/)? Otherwise a self-created certificate should be enough. One would only need to install this into the machines certificate store to the list of trusted certs.
  5. baka0815

    TIdHTTPWebBrokerBridge: Require TLS

    I'm using a TIdHTTPWebBrokerBridge and therefore assigning OnCommandGet (via TIdHTTPWebBrokerBridgeAccess) or OnCommandOther didn't do anything, those events never happen. What works for me is assigning OnConnect as in the link posted and to check if it's a TLS handshake and therefore setting PassThrough. In the OnAction-event of the WebModule-Actions I then check if I wanted to have a TLS connection and return a 400 statuscode with a message that encryption is required. Is that a feasible way or am I holding it the wrong way up?
  6. baka0815

    TIdHTTPWebBrokerBridge: Require TLS

    In my case it's configurable what the port should be and if SSL/TLS is active for that port. Because of that I want to redirect incoming non-TLS requests to the TLS variant or at least send an error message that TLS is required. I'll take a look at the post later and come back if I have additional questions. Thank you!
  7. baka0815

    TIdHTTPWebBrokerBridge: Require TLS

    Thank you both for the latest information, that looks promising! However I'm not using different ports, but maybe I will still figure something out.
  8. baka0815

    TIdHTTPWebBrokerBridge: Require TLS

    That's exactly what I'm doing with the implementation of OnQuerySSLPort(). if AContext.Connection.IOHandler is TIdSSLIOHandlerSocketBase then begin TIdSSLIOHandlerSocketBase(AContext.Connection.IOHandler).PassThrough := not DoQuerySSLPort(AContext.Connection.Socket.Binding.Port); end; inherited DoConnect(AContext); This is the code where DoQuerySSLPort calls the event and sets it's Result to True, therefor setting PassThrough. When I then try to connect via http://... (as said earlier https:// works flawlessly!) the exception raised is error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number The log from Postman is just Error: socket hang up The reply from curl is * Trying [fe80::64b3:3bf5:dfb6:3b7c]:8080... * Connected to server (fe80::64b3:3bf5:dfb6:3b7c) port 8080 > GET / HTTP/1.1 > Host: server:8080 > User-Agent: curl/8.4.0 > Accept: */* > * Empty reply from server * Closing connection curl: (52) Empty reply from server But what I would like to get is either a redirect to https or at least deliver some error message to the client to know what's wrong.
  9. baka0815

    TIdHTTPWebBrokerBridge: Require TLS

    At first: I searched the forum but couldn't find a topic matching my case, however my search-fu might be lacking, so please send me to the right place, if this was asked before. Thanks! I'm using a TIdHTTPWebBrokerBridge to serve incoming connections and that works flawlessly, with and without TLS (<= 1.2). However, if TLS is activated, I want to force the usage of TLS. What I'm currently doing is to implement OnQuerySSLPort(APort: TIdPort; var VUseSSL: Boolean) ans set VUseSLL to True, so SSL/TLS is forced and connections without TLS are not possible. But when I try to connect to the server without TLS (http://localhost:8080) I'm getting (via Bruno) Error invoking remote method 'send-http-request': TypeError: Cannot read properties of undefined (reading 'data') or "connection reset" via Firefox. When debugging I see that an exception is raised in procedure TIdSSLSocket.Accept(const pHandle: TIdStackSocketHandle); EIdOSSLAcceptError.RaiseException(fSSL, error, RSSSLAcceptError); How am I supposed to implement a redirect to the correct HTTPS-URL (or raise an error that TLS is required or something along those lines=?
  10. baka0815

    TLS v1.3

    Wouldn't that be something that could be automated in the CI of the Indy project (the creation of the cmd, without the txt file I mean)?
  11. baka0815

    Problem indent with inline var inside try/finally

    Does this also apply to inline variables inside begin/end blocks or only to try..except/finally blocks?
  12. baka0815

    Testers needed for GExperts Instant Grep expert

    So, something like this? Filename.pas | if (True) then Line 1234 | DoSomething() | else -------------+--------------------------- Filename.pas | // Comment Line 4567 | DoSomething(); |
  13. baka0815

    GExperts Favorites as WP-Plugin

    Sorry, no rush. Enjoy your vacation! It's not time-critical 😉
  14. baka0815

    GExperts Favorites as WP-Plugin

    @dummzeuchI would like to have your input on the patch to move the "Root" folder variable from the global space as a private field to the form (as it's only used there), to continue working on this.
  15. baka0815

    GExperts Favorites as WP-Plugin

    Thanks for the clarification, I'll check that! I opened a new ticket on sourceforge (wasn't sure if bug or feature, so I went for feature) to remove the global "Root: TGXFolder" variable: https://sourceforge.net/p/gexperts/feature-requests/170/ That's the reason for the access violation in my previous tests as the tree of the first created menu (the main menu "configure" form) still holds references to now freed objects (thanks to the new created form for the plugin). And as you mentioned, there are 2 more places creating the form, which would also recreate the root-tree and therefore clearing previous references.
×