Sid D
-
Content Count
14 -
Joined
-
Last visited
Posts posted by Sid D
-
-
On 8/31/2023 at 1:29 PM, VLDG said:we are also looking for this. Any news ?
No, haven't been actively looking lately. Had to create it manually.
-
Is there any tool available to create a SBOM for a Delphi Application or DLL?
Thanks
Sid
- 2
-
I just hid the name here. It is a proper name in the subject otherwise.
The Certificate is issued by GoDaddy and works fine with IIS.
Looks like something to do with TIdServerIOHandlerSSLOpenSSL component?
Thanks
-
Hi Remy,
I have one other question.
CertFile, KeyFile and RootCertFile (intermediate certificate) are assigned to the TIdServerIOHandlerSSLOpenSSL component. We are running a PCI Scan on the Server and getting the following errors :
Informative Details: depth=0 CN = *.XXXXX.com
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 CN = *.XXXXX.com
verify error:num=27:certificate not trusted
verify return:1
depth=0 CN = *.XXXXX.com
verify error:num=21:unable to verify the first certificate
verify return:1 Serial: 3189977664522596489 (0x2c4513c8df4cb089)
What could be the reason for these errors?
Thanks
Sid
-
It is resolved. It was not locating the file in the Service folder. The resolution was to get the complete folder name at run time (Service start) where this PEM file resides and assign it to the RootCert property.
Thanks
- 1
-
Hi,
I am getting the following error for TIdServerIOHandlerSSLOpenSSL when starting the Windows Service. Running the app as stand-alone server does not throw the error. The error is thrown only when starting this Windows Service.
Could not load root certificate. error:0B084002:x509 certificate routines:X509_load_cert_crl_file:system lib
The Delphi version used is Delphi 10.1 update 1 and Indy version is 10.6.2.5341. The root file is in pem format.
What can be the reason here?
Thanks
Sid
-
Hi - I am getting the following error for TIdServerIOHandlerSSLOpenSSL when starting the Windows Service. Running the app as stand-alone server does not throw the error. The error is thrown only when starting this Windows Service.
Could not load root certificate. error:0B084002:x509 certificate routines:X509_load_cert_crl_file:system lib
The Delphi version used is Delphi 10.1 update 1 and Indy version is 10.6.2.5341. The root file is in pem format.
What can be the reason here?
Thanks
Sid
-
Hi Remy - I have one other question. In the 'OnConnect' event of TIdTCPServer, is it possible to figure out from the incoming data if the handshake requested is on TLS or plain text? I was wondering if it is possible, then PassThrough = True/False can be set based on that and there will be no need to use the second port.
If possible, can you please provide an example?
Thanks!
-
1 hour ago, Remy Lebeau said:You should double-check that, since you clearly do have an SSL/TLS handshake being performed. TIdServerIOHandlerSSLOpenSSL.Accept() should be creating a new TIdSSLIOHandlerSocketOpenSSL whose PassThrough is True, so the server can then decide when it is best to set it to False (ie, when the client is connected to an implicit SSL port, or after receiving a STARTTLS-style command, etc).
Note that there was a bug where PassThrough was initialized as False in TIdSSLIOHandlerSocketBase, that was fixed a few years ago, I think that might have been after 10.6.2.5366. You might consider upgrading to the latest version from Indy's GitHub repo and see if the problem continues, just to make sure you have all of the latest fixes.
Upon further testing with the following versions:
The error is thrown in the following combination:
Delphi 10.3 Update 3 and Indy version 10.6.2.5366
It works fine with the following versions:
Delphi 10.1 Berlin Update 1 and Indy Version 10.6.2.5341
So, definitely something wrong or bug in Delphi 10.3.3 or Indy version 10.6.2.5366.
-
1 hour ago, Remy Lebeau said:That is simply not possible the way you describe. The ONLY way you can get that error is during an SSL/TLS handshake, which is NOT performed when PassThrough is set to True (ie, pass-through raw data as-is) thus disabling SSL/TLS. So, you MUST be setting PassThrough to False (ie, intercept data for SSL/TLS processing) in order to get that error.
Which version of Indy are you using? IIRC, there was a bug in old versions where a server would set PassThrough to false for all clients, causing an SSL/TLS handshake for non-SSL/TLS clients. But that was fixed a LONG time ago.
Indy version is 10.6.2.5366. I checked on the Server side, PassThrough is True by default.
-
7 hours ago, Remy Lebeau said:Yes. Define 2 separate ports in the server's Bindings collection, and then in the server's OnConnect event you can cast the AContext.Connection.IOHandler property to TIdSSLIOHandlerSocketBase and set its PassThrough property to True (SSL/TLS disabled) or False (SSL/TLS enabled) based on which port the client connected to, which you can get from the AContext.Binding.Port property.
Hi Remy,
If there is no TIdSSLIOHandlerSocketOpenSSL component assigned on the TIdTCPClient side, setting the PassThrough property to True on the Server side (per you explained above) throws the following error:
First chance exception at $76A6C3A2. Exception class EIdOSSLUnderlyingCryptoError with message
'Error accepting connection with SSL.
error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number'.What can be the reason?
Thanks!
-
Hi Remy,
If there is no TIdSSLIOHandlerSocketOpenSSL component assigned on the TIdTCPClient side, setting the PassThrough property to True on the Server side (per you explained above) throws the following error:
First chance exception at $76A6C3A2. Exception class EIdOSSLUnderlyingCryptoError with message
'Error accepting connection with SSL.
error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number'.What can be the reason?
Thanks!
-
Hi,
I’ve a question about TIdTCPServer and TIdTCPClient.
Can the same TIdTCPServer with SSL/TLS (implemented using TIdServerIOHandlerSSLOpenSSL) support both SSL and non-SSL TIdTCPClients.
By non-SSL TIdTCPClient, I mean that do not support SSL/TLS and do not use TIdSSLIOHandlerSocketOpenSSL component. This is for backwards compatibility.
I'm using Delphi 10.3 and 10.1.
Thanks!
SBOM tool for Delphi
in General Help
Posted
Couldn't find one for Delphi.