tothpaul / delphi Goto Github PK

function SSLAvailable: Boolean; is not thread safe, because Initialized is set early and when second thread check SSLAvailable too quick, SSPI is not set, but Initialized is set.

So second thread crash with AV on SSPI.something ( in my case in SSPI.AcquireCredentialsHandle).

Maybe can be solve dirty with
function SSLAvailable: Boolean; var init: function: PSecurityFunctionTable; stdcall; begin Result := Initialized; SSPError := 0; if not Initialized or (SSPI = nil) then {SSPI = nil can be when SSL is inicializing in threads and SSPI is not assigned yet} begin {$IFDEF LOG}WriteLn('SSLAvailable');{$ENDIF} Initialized := True;

This project does not seem to specify a license. Effectively that means it's completely restricted under copyright. If that's not intended, please specify one.

Hello, this code is a client websocket or a server?
Thanks

In Execute.SChannel.pas you have several functions like SSLRead that take an SSL parameter that is declared as Integer and then typecasted to a pointer type PSSLInfo. In Execute.IdSSLSChannel.pas you are passing a variable declared as THandle as this parameter. This looks incorrect to me. On 64-bit Windows, THandle and Pointer are 64-bit, but Integer is 32-bit. I'd expect the pointer to be passed incorrectly when the application uses more than 4 GB of RAM or when MEM_TOP_DOWN is enabled. If the SSL parameter is really a pointer, why not just use the Pointer type?

I'm trying to use your schannel implementation with Indy, it works great, until I assign TIdSocksInfo to TIdSSLIOHandlerSocketSChannel.TransparentProxy, in this case I get an exception -> access violation at 0xXXX: read of address 0xXXX.

I little debugged what is happening and the problem occurs at TIdSSLIOHandlerSocketBase.WriteDataToTarget because PassThrough is False, when I execute the same example with TIdSSLIOHandlerSocketOpenSSL, so PassThrough is True.

So somewhere before PassThrough is not initialized correctly.

Example code is simple:

  LMem := TStringStream.Create;

  LSchannel := TIdSSLIOHandlerSocketSChannel.Create;
  LSchannel.TransparentProxy := IdSocksInfo1;
  IdHTTP1.IOHandler := LSchannel;

// for openssl
//  LOpenSsl := TIdSSLIOHandlerSocketOpenSSL.Create;
//  LOpenSsl.TransparentProxy := IdSocksInfo1;
//  IdHTTP1.IOHandler := LOpenSsl;

  IdHTTP1.Get(
    'https://check.torproject.org/api/ip',
    LMem
  );

  LMem.Free;
  FreeAndNil(LOSssl);
  FreeAndNil(LSchannel);

Hi

I have come across and issue when using your Indy SChannel component with the Indy IdFTP component and the following properties are set

UseTLS := utUseRequireTLS
DataPortProtection := ftpdpsPrivate;

Whilst the initial logon passes certificate validation when issuing a List or Get command it then fails with

SChannel initialization fails CertVerifyCertificateChainPolicy.Status = 800B010F

The call stack is as follows

Execute.IdSSLSChannel.TIdSSLIOHandlerSocketSChannel.Clone
IdFTP.TIdFTP.InitDataChannel
IdFTP.TIdFTP.InternalGet('NLST .',$31BB180,False)
IdFTP.TIdFTP.List($31FC8E0,'.',False)

followed by

Execute.IdSSLSChannel.TIdSSLIOHandlerSocketSChannel.GetTargetHost
Execute.IdSSLSChannel.TIdSSLIOHandlerSocketSChannel.ConnectSSL
Execute.IdSSLSChannel.TIdSSLIOHandlerSocketSChannel.SetPassThrough(False)

In GetTargetHost, the Host property is now an ip address, not the original host name and therefore a CERT_E_CN_NO_MATCH error occurs when it revalidates the certificate.

When DataPortProtection is ftpdpsClear it works ok.

Stephen

Using OpenSSL , my program works to connect to a FTP server running TLS 1.2.

Snippet of code from a stand alone example...

Gets A "session reuse required" error.

If i switch to the openSSL IOHandler, it all works.

` IdFTP1 := tidftp.Create(nil);
ssl := TIdSSLIOHandlerSocketSChannel.Create(nil);

IdFTP1.OnStatus := FTPStatus;
IdFTP1.OnTLSNotAvailable := TLSNotAvailable;
IdFTP1.OnTLSHandShakeFailed := TLSHandShakeFailed;
IdFTP1.OnTLSNegCmdFailed := TLSNegCmdFailed;

IdFTP1.IOHandler := ssl;
IdFTP1.UseTLS := utUseExplicitTLS;
IdFTP1.Passive := True;

IdFTP1.Host := 'some-sever.com';
IdFTP1.Username := 'user';
IdFTP1.Password := 'pass';

IdFTP1.Connect;

IdFTP1.DataPortProtection := ftpdpsPrivate;

Memo1.lines.add('');
if IdFTP1.SupportsTLS then
Memo1.lines.add('TLS IS SUPPORTED')
else
Memo1.lines.add('TLS IS NOT SUPPORTED');
Memo1.lines.add('');

IdFTP1.list; /// < ---- FAILS RIGHT HERE. session reuse required

for i := 0 to IdFTP1.DirectoryListing.Count - 1 do
begin
Memo1.lines.add(IdFTP1.DirectoryListing.Items[i].FileName);
end;
IdFTP1.TransferType := ftBinary;

if fileexists('test.txt') then
IdFTP1.Put('test.txt');

IdFTP1.Disconnect;
IdFTP1.Free;
ssl.Free;
`

Is there A chance a server IOHandler for SChannel to become available?

I have HTTP servers and Delphi REST severs which use Indy.

And I need to get rid of OpenSSL ( long story )

Below is report from the VirusTotal, added all virus scanners detected something fishy (Or think so)

Is distributing the Binary necessary at the Repository it self. Maybe separate download would be better in anyways.

Ad-Aware Trojan.GenericKD.4921127
AhnLab-V3 Trojan/Win32.Scar.C1594560
ALYac Trojan.GenericKD.4921127
Arcabit Trojan.Generic.D4B1727
Avira ADWARE/Agent.btuqu
AVware Trojan.Win32.Generic!BT
BitDefender Trojan.GenericKD.4921127
CAT-QuickHeal Heur.Adware
Emsisoft Trojan.GenericKD.4921127 (B)
Endgame malicious (high confidence)
eScan Trojan.GenericKD.4921127
F-Secure Trojan.GenericKD.4921127
Fortinet Adware/Generic
GData Trojan.GenericKD.4921127
Kaspersky not-a-virus:HEUR:AdWare.Win32.Generic
Panda Trj/GdSda.A
Qihoo-360 Win32/Virus.Adware.b51
Rising Malware.Undefined!8.C (cloud:Vqnlvfk2J5S)
Symantec Trojan.Gen
TrendMicro TROJ_GEN.R0ADC0VDS17
TrendMicro-HouseCall TROJ_GEN.R0ADC0VDS17
VIPRE Trojan.Win32.Generic!BT
ZoneAlarm not-a-virus:HEUR:AdWare.Win32.Generic