EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Two improvements suggestion to ElHTTPSClient

Also by EldoS: MsgConnect
Cross-platform protocol-independent communication framework for building peer-to-peer and client-server applications and middleware components.
#4240
Posted: 11/07/2007 01:32:23
by Stephane Grobety (Priority Standard support level)
Joined: 04/18/2006
Posts: 170

Hello,

I'm currently is a very, very frustrating situation: I wrote an HTTPS upload system for a customer using TElHTTPSClient. The application was working great in test and worked great in production for 5 month.

Yesterday, it stopped working: the connection would hang in the first "GET" request. I've spend hours trying to find out what's happening and, currently, I'm stuck with this:

- I can't debug the end user application. The connection to the test system works fine where I stand but the production system (to which I have no connection from a development machine) doesn't work.
- I can't sniff the network because the connection is encrypted.
- The ElHTTP component has no way to dump the decrypted data buffer (either way) at the moment. It also overrides the SSL ancestor components OnReceive event and doesn't pass that to the control application either.
- The symptom is that the thread that makes the GET call hangs. Since that connetion uese a client X509 certificate and a username/password, testing with telnet or even a simple TLS client doesn't yield any good results.
- The component has no way to abort or set a timeout on the connection. It can sit there for hours.


I'm really stuck now: I don't know if the problem is with the server who is not sending anything back or if it's with the client that cannot interpret the result as being the end of the connection. I suspect the issue is with the client cert or the username and password but I cannot prove that.

The problem is too urgent for me to wait for a change in the SB code so I'll have to hack my way through it to add enough debug to get the data flux back. It's really hard since the responding server is on the other end of the planet and in no particular hurry to answer any queries. However, I think it would really be good to implement the two fllowing functionalities in the HTTP client:

- Have a timeout controlling how long it will block waiting for a request to complete. I cannot set an external timer because I have no place to check wether the delay is due to a "hung" connection or if it just needs more time to send data back and forth.
- Implement a way for the controlling application to get the content of the cleartext buffer as it passes through, not after the whole transaction is finished.

Thank you
#4243
Posted: 11/07/2007 03:22:49
by Ken Ivanov (EldoS Corp.)

Thank you for contacting us.

Answering your questions first:

Quote
- Have a timeout controlling how long it will block waiting for a request to complete. I cannot set an external timer because I have no place to check wether the delay is due to a "hung" connection or if it just needs more time to send data back and forth.

Such functionality does already exist -- please consider using SocketTimeout property.

Quote
- Implement a way for the controlling application to get the content of the cleartext buffer as it passes through, not after the whole transaction is finished.

TElHTTPSClient publishes the OnData event -- please use it to get the data as it is received. You can also use OnProgress event to track the progress of the operation.

Second, let's try to localize the problem you are encountering. First of all, it is necessary to find out the exact layer (SSL or HTTP) which produces the hangup. I can suggest the following steps to try:
1. Please check if OnError event is fired to detect if some SSL error occurs during session,
2. TElHTTPSClient class contains an Open() method (inherited from TElCustomSimpleSSLClient class) which opens SSL session. You can try to call it (instead of calling Get()) to check if it also hangs. If it doesn't, then the hangup is likely to occur on HTTP layer.

Depending on the result of the above steps we will be able to go further in solving the issue.

Reply

Statistics

Topic viewed 1584 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!