Jump to content

Angus Robertson

Members
  • Content Count

    2064
  • Joined

  • Last visited

  • Days Won

    38

Posts posted by Angus Robertson


  1. As well as protecting the files from Google, it is good to see who is interested in my various components, mostly old since many are now incorporated into ICS.

     

    Always nice for open source authors to know people are interested in our components, usually people only email when something does not work, far fewer thank us for our work. 

     

    People say Delphi is dying, but the number of people looking for (free) components suggests otherwise. 

     

    Angus

     

    • Like 2

  2. 18 months ago Google decided a zip on my web site contained a nasty and placed the page on it's blacklist used by other browsers as well to stop the page being displayed, not quite the same blocking as you, but probably the same false detection.  That page had about 30 zips, OpenSSL binaries, lots of Delphi source and a couple of EXE samples, Google never told me which file. 

     

    The answer is to stop Google scanning your files so they can not find false nasties.  robots.txt might work, but they can ignore that, my solution was to move all the files onto a password protected web page that Google can not access, and that has worked.  It's a pain for users to request the password, but over 1,000 Delphi developers have done so already, hopefully not including anyone from Google. 

     

    Angus

     

    • Like 1

  3. Your would simply add an extra line and condition in InitializeCtx after Meth := f_TLS_method; with Meth := f_DTLS_method; and set the versions later where TLS versions are set.  But there are probably other changes needed, our code was never tested with DTLS, it is also asyc (no blocking) in operation whereas most other SSL implementations are blocking. 

     

    Angus

     


  4. I integrated SuperObject into the ICS library two years ago since we support D7 to 10.3 with mostly the same code, I used v1.2 from https://github.com/hgourvest/superobject

     which is not the latest, later versions added time zone stuff which made it harder to stabilise and duplicated stuff we had already.  With a few tweaks and new compiler version checks, it works fine on all those versions of Delphi.  https://svn.overbyte.be/svn/ics/trunk/Source/OverbyteIcsSuperObject.pas

     

    Angus


  5. The point I was making is ICS already has functions to correctly initialise an SSL context which work, but you chose to do it yourself probably based on old OpenSSL code and not reflecting changes made in recent years.  When OpenSSL functions fail, there is excellent error tracing available, which might help you narrow down what is failing.  I would not worry about ciphers or callbacks until the basics of your application are working, you'll get OpenSSL errors telling you what is wrong.

     

    Angus


  6. libeay32.dll and ssleay.dll were used by obsolete versions of OpenSSL, support ceased for those versions at the end of last year, so they have been removed from the ICS distribution.  But we;'ll leave support for the old version in ICS itself for nine more months, until OpenSSL 3.0 is released and supported by ICS, which will be libss1-3_0.dll, etc.

     

    None of this relates to the PORT problem you reported.

     

    Angus

     


  7. Beware when updating OverbyteIcsSSLEAY.pas and OverbyteIcsLIBEAY.pas they change when I'm adding new features to ICS, make sure you use the latest from SVN last week, there are minor changes not in SVN yet. 

     

    We replicates macros as functions in OverbyteIcsLIBEAY which is where you should add any more you need, look at function f_BIO_get_ssl which calls f_BIO_ctrl, you need to add f_BIO_set_conn_hostname similarly, etc.,

     

    Use of macros is horrible for those of us not using C++, even Google has turned them all into APIs in BoringSSL.  The main problem is when OpenSSL convert macros back into APIs, this is never documented clearly so we keep using our macro function which then usually fails. 

     

    Angus

     


  8. ICS FTP server and client support extra commands based on MLSD: XDMSLD takes an argument -subdirs for recursive directories, while XCMSLD is similar but returns directory listings on the control channel to avoid opening a data connection to download what is often only a few lines of directory listings.  These commands make synchronising local and remote directory structures very efficient, which is what the ICS TIcsFtpMulti component does. 

     

    I did think about writing an RFC back in 2008, but did not really expect any other FTP servers to implement the commands, even then FTP was going out of fashion.

     

    Angus

     

×