EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Problem with Indy sample program

Also by EldoS: Callback File System
Create virtual file systems and disks, expose and manage remote data as if they were files on the local disk.
#21039
Posted: 08/15/2012 18:33:00
by Ciaran Costelloe (Standard support level)
Joined: 07/10/2009
Posts: 26

Hi again.

With your help, having got the SB Indy SSL handlers compiling, I moved on to getting the sample programs in Indy10Chat running. However, when the client connects to the server, the client establishes the SSL connection but during the application-level handshaking (i.e. while sending the username) the client unexpectedly disconnects from the server.

This initially did not bother me a whole lot, since I only want to use the handler in a client command/response application (i.e. without the server sending an unsolicited command to the client, as in a chat-type application). I added debugging code, disabled the timer, and did a bit of restructuring to support command/response (i.e. when the client sends a command, it immediately reads the response from the server). However, I still ended up with the same issue (unexpected client-initiated disconnection).

Further experimentation now shows me that if I remove the SB SSL Handlers (eg for the client, clear the handler from the IdTCPClient1.IOHandler property) so that the default Indy IOHandlers are used, the programs communicate fine. To me, it looks like there is spurious data (maybe linefeeds or something) being transmitted or the handler is not not parsing the transmission correctly? I can email you my projects, but your sample projects show the same issue.

I don't know if the problem is just because of a simple property being wrong in a handler, or whether it is a bug?

Ciaran
#21040
Posted: 08/15/2012 23:59:59
by Eugene Mayevski (EldoS Corp.)

What exactly sample projects are you referring to?
Also, do you use all default settings (eg. in regards to cipher suites etc) or you changed something?


Sincerely yours
Eugene Mayevski
#21042
Posted: 08/16/2012 04:09:23
by Ciaran Costelloe (Standard support level)
Joined: 07/10/2009
Posts: 26

Hi Eugene.

The samples re in \Samples\Delphi\SSLBlackbox\Indy10Chat\Server\Source\CBServ.dpr and \Samples\Delphi\SSLBlackbox\Indy10Chat\Client\CBClient.dpr

I did not have to change anything.

It is difficult for me to see what is going on because of the encryption, but the SSL handshaking seems to complete fine - the problem seems to be with the subsequent transmission of encrypted text (maybe extra linefeeds).

Ciaran
#21048
Posted: 08/16/2012 15:50:33
by Eugene Mayevski (EldoS Corp.)

Damned indy with its overcomplicated design sometimes outsmarts itself. The problem is with SSL alerts and particular usage scenario - the application polls for data, and if *at this moment* *only an SSL alert* is present in the spool buffer, the alert is consumed by the IOHandler itself, and Indy thinks that if it received 0 bytes, then it should close connection.

We have to add a workaround for this particular case. Hope to give you something on monday (maybe we manage to fix it even tomorrow).


Sincerely yours
Eugene Mayevski
#21052
Posted: 08/17/2012 08:39:50
by Ciaran Costelloe (Standard support level)
Joined: 07/10/2009
Posts: 26

Hi Eugene.

That is great. There is no rush from my point of view, it is just one part of a larger project, which won't get held up because of it.

Well spotted!

Ciaran
#21057
Posted: 08/19/2012 08:03:16
by Ken Ivanov (EldoS Corp.)

Ciaran,

We are happy to let you know that we have fixed the code. Now the issue shouldn't expose itself any more. We will send you the fix via the Helpdesk ticket we've created for you.

Thank you for reporting the issue.
#21058
Posted: 08/20/2012 03:14:18
by Ciaran Costelloe (Standard support level)
Joined: 07/10/2009
Posts: 26

Hi Innokentiy,

Thank you very much, I will install it tonight.

Ciaran
#21146
Posted: 08/22/2012 17:51:21
by Ciaran Costelloe (Standard support level)
Joined: 07/10/2009
Posts: 26

The patch worked fine, thanks. It also worked fine with my sample request/response (as against chat-type) sample project using Indy's TCP client & server components.

It also worked perfectly with Indy's TIdIMAP4 client - I tried it against a Communigate IMAP server, doing implicit SSL on port 993. The SSL handshaking worked fine, including verifying the server's certificate. The username/password login completed successfully, and the initial capability exchange seemed fine, all now encrypted. To make sure I was doing it correctly, I confirmed all the SSL seemed fine using WireShark.

Well done!

Ciaran
#21189
Posted: 08/26/2012 19:36:13
by Ciaran Costelloe (Standard support level)
Joined: 07/10/2009
Posts: 26

Minor issue (though it causes an error): SSLBBoxCliIndy10D11.dpk and SSLBBoxSrvIndy10D11.dpk reference IndyCore100 instead of IndyCode110, same for IndySystem100 and IndyProtocols100.

Ciaran
#21190
Posted: 08/27/2012 00:53:00
by Eugene Mayevski (EldoS Corp.)

Thank you for pointing at the problem, I've updated packages.


Sincerely yours
Eugene Mayevski
Also by EldoS: BizCrypto
Components for BizTalk® and SQL Server® Integration Services that let you securely store and transfer information in your business automation solutions.

Reply

Statistics

Topic viewed 3155 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!