Kyle_Katarn

OK

3 hours ago, Bruno13 said:

Hi Angus,

 

I use ICS v853, so I just download OpenSSL-1.1.0k-win32.

 

Question 1: If I just take libcrypto-1_1.dll and libssl-1_1.dll will it be enough ?

Question 2: Must I delete libeay32.dll from my program directory ?

 

Thanks for your help,

I'd say Yes and Yes 🙂

5 minutes ago, Angus Robertson said:

Sorry, not interested how ICS V6 behaved, it has changed a little since then.

 

Angus

OK.

I've sent to my users 2 test apps :

- One with 8.59 and Command/Headers logging. Will allow to see if it behaves differently than 8.62

- One with 8.62 forcing httpAuthBasic instead of httpAuthNone

I'll share the results here.

{ V8.62 if proxy URL is passed, parse it as proxy properties }
    { http://[user[:password]@]host:port }
    if (Length(FProxyURL) > 6) and (Pos (':', Copy(FProxyURL, 6, 9999)) > 5) then begin
        ParseURL(FProxyURL, Proto, User, Pass, Host, Port, Path);
        { pending, check https for SSL prpoxy, maybe socks for socks proxy }
        if Proto = 'http' then begin
            FProxy := Host;
            FProxyPort := Port;
            FProxyUsername := User;
            FProxyPassword := Pass;
            if (FProxyUsername <> '') and (FProxyPassword <> '') then
                FProxyAuth := httpAuthBasic;
        end;
    end;

Wouldn't it be wiser to do FProxyAuth := httpAuthBasic; only if FProxyAuth = httpAuthNone ?

Otherwise, if user has selected httpAuthNtlm (or other) then settings is lost and non-overridable

Likely minor issue (and this may help me to solve my other issue by forcing basicAuth)

1 hour ago, Angus Robertson said:

I'm not really sure how authentication works with proxies, there are separate authentication properties for server and proxy, both default to off.  Not sure which causes Authorization: NTLMto be added or if it;'s different for a proxy.  You must set ProxyAuth to httpAuthBasic, to use Basic and supply a proxy login.

 

Angus

OK, thanks, i'll test.

Meanwhile, isn't my issue close to this "old" discussion ? https://www.mail-archive.com/search?l=twsocket@elists.org&q=subject:"Re%3A+[twsocket]+THttpCli+NTLM+OverbyteIcsBcb100Package"&o=newest&f=1

See message from 2011

It works fine for No Basic Authentication but when I configure for NTLM one of my clients is reporting a failure i.e. cannot download You should realy move to v7, v6 is obsolete and not maintained for years now. Some bugs have been fixed in the NTLM code since then, as I already wrote in a previous PM.

Meanwhile, i'll try to get same logs with 8.59

Is NTLM something I can change on my side (client) or does this comes from server configuration ? I kept TSSLHttpsli default settings unchanged (eg : no specific code to "force" NTLM afaik)

I'm back with some logs !

Some context :

- works correctly when built with 8.59 from all machines from the network

- works correctly when built with 8.62 from some machine on the network but not all (but all using the same proxy and proxy settings). When fail, it faiuls systematically with the headers below.

COMMANDS :

Verbose    [19-08-27 09:38:04]    Authorization: NTLM TlRMTVNTUAADAAAAGAAYAEgAAAAYABgAYAAAAAAAAABAAAAAAAAAAEAAAAAIAAgAQAAAAAAAAAB4AAAABoIAADI3NTYxMVBDQdj/HtneDSpgYGj/Okmg/wONjK3AAZefwUBBHqQfc9vYh+Xzfyhfblng/l0ZcX9z
Verbose    [19-08-27 09:38:04]    Host: www.kc-softwares.com
Verbose    [19-08-27 09:38:04]    User-Agent: Mozilla/5.0
Verbose    [19-08-27 09:38:04]    Accept-Language: fr,fr-fr;q=0.8,en-us;q=0.5,en;q=0.3
Verbose    [19-08-27 09:38:04]    Connection: Keep-alive
Verbose    [19-08-27 09:38:04]    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Verbose    [19-08-27 09:38:04]    GET http://www.kc-softwares.com/sumo/check.php HTTP/1.0

Received Headers :

Verbose    [19-08-27 09:38:03]    Content-Length: 921
Verbose    [19-08-27 09:38:03]    Connection: close
Verbose    [19-08-27 09:38:03]    Proxy-Connection: close
Verbose    [19-08-27 09:38:03]    Content-Type: text/html; charset=utf-8
Verbose    [19-08-27 09:38:03]    Pragma: no-cache
Verbose    [19-08-27 09:38:03]    Cache-Control: no-cache
Verbose    [19-08-27 09:38:03]    Proxy-Authenticate: BASIC realm="Realm_IWA_BRKRZLCL"
Verbose    [19-08-27 09:38:03]    Proxy-Authenticate: NTLM
Verbose    [19-08-27 09:38:03]    Proxy-Authenticate: NEGOTIATE
Verbose    [19-08-27 09:38:03]    HTTP/1.1 407 Proxy Authentication Required

Is it possible not to use BCryptGenRandom by a selection made at run time ? Does this mean that we'll loose XP compatibility with ICS & OpenSSL 1.1.1 and onward ? May I distribute bcrypt.dll ? (which licence ?)

Hello,

After upgrading to 8.59 + OpenSSL 1.1.1b, my users under Windows XP (and only XP) are now getting a message at startup "missing bcrypt.dll".

This was not  the case with earlier versions (of ICS and OpenSSL)

Is this intentionnal ?