baka0815

What's not working is if the enum has gaps: type TMyEnum = ( meVal1 = 1 , meVal2 = 2 , meVal5 = 5 ); 3 and 4 are both "in range", but invalid.

How about creating a "release" Script? That would compile the files and write the build-version to an include file. Then it would bundle that include file with the source and the pre-built bpl file as a release file?

No, that is way to over-simplified. If there is something that the build-script generate every time you run a build (pre- and post-build scripts) then the intermediate files should *not* be part of the version control, because they get regenerated each and every time you start a new build. However it should build using the scripts.

Well, we need to trust the exe (and @dummzeuch) as it is currently and that doesn't change in the future. So @dummzeuchcould just create a new self-signed certificate and use that to sign the executable. Sure, Windows will complain at first, because the certificate is not trusted, but adding that certificate to the local store shouldn't be a problem and from that point onward it would work.

Well regarding social engineering attacks like in the case of the XZ backdoor, a signed executable would hardly deliver additional protection. @dummzeuchwouldn't it be possible to get a certificate from let's encrypt (https://letsencrypt.org/de/)? Otherwise a self-created certificate should be enough. One would only need to install this into the machines certificate store to the list of trusted certs.

I'm using a TIdHTTPWebBrokerBridge and therefore assigning OnCommandGet (via TIdHTTPWebBrokerBridgeAccess) or OnCommandOther didn't do anything, those events never happen. What works for me is assigning OnConnect as in the link posted and to check if it's a TLS handshake and therefore setting PassThrough. In the OnAction-event of the WebModule-Actions I then check if I wanted to have a TLS connection and return a 400 statuscode with a message that encryption is required. Is that a feasible way or am I holding it the wrong way up?

In my case it's configurable what the port should be and if SSL/TLS is active for that port. Because of that I want to redirect incoming non-TLS requests to the TLS variant or at least send an error message that TLS is required. I'll take a look at the post later and come back if I have additional questions. Thank you!

Thank you both for the latest information, that looks promising! However I'm not using different ports, but maybe I will still figure something out.

That's exactly what I'm doing with the implementation of OnQuerySSLPort(). if AContext.Connection.IOHandler is TIdSSLIOHandlerSocketBase then begin TIdSSLIOHandlerSocketBase(AContext.Connection.IOHandler).PassThrough := not DoQuerySSLPort(AContext.Connection.Socket.Binding.Port); end; inherited DoConnect(AContext); This is the code where DoQuerySSLPort calls the event and sets it's Result to True, therefor setting PassThrough. When I then try to connect via http://... (as said earlier https:// works flawlessly!) the exception raised is error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number The log from Postman is just Error: socket hang up The reply from curl is * Trying [fe80::64b3:3bf5:dfb6:3b7c]:8080... * Connected to server (fe80::64b3:3bf5:dfb6:3b7c) port 8080 > GET / HTTP/1.1 > Host: server:8080 > User-Agent: curl/8.4.0 > Accept: */* > * Empty reply from server * Closing connection curl: (52) Empty reply from server But what I would like to get is either a redirect to https or at least deliver some error message to the client to know what's wrong.

At first: I searched the forum but couldn't find a topic matching my case, however my search-fu might be lacking, so please send me to the right place, if this was asked before. Thanks! I'm using a TIdHTTPWebBrokerBridge to serve incoming connections and that works flawlessly, with and without TLS (<= 1.2). However, if TLS is activated, I want to force the usage of TLS. What I'm currently doing is to implement OnQuerySSLPort(APort: TIdPort; var VUseSSL: Boolean) ans set VUseSLL to True, so SSL/TLS is forced and connections without TLS are not possible. But when I try to connect to the server without TLS (http://localhost:8080) I'm getting (via Bruno) Error invoking remote method 'send-http-request': TypeError: Cannot read properties of undefined (reading 'data') or "connection reset" via Firefox. When debugging I see that an exception is raised in procedure TIdSSLSocket.Accept(const pHandle: TIdStackSocketHandle); EIdOSSLAcceptError.RaiseException(fSSL, error, RSSSLAcceptError); How am I supposed to implement a redirect to the correct HTTPS-URL (or raise an error that TLS is required or something along those lines=?

Wouldn't that be something that could be automated in the CI of the Indy project (the creation of the cmd, without the txt file I mean)?

Does this also apply to inline variables inside begin/end blocks or only to try..except/finally blocks?

So, something like this? Filename.pas | if (True) then Line 1234 | DoSomething() | else -------------+--------------------------- Filename.pas | // Comment Line 4567 | DoSomething(); |

Sorry, no rush. Enjoy your vacation! It's not time-critical 😉

@dummzeuchI would like to have your input on the patch to move the "Root" folder variable from the global space as a private field to the form (as it's only used there), to continue working on this.