Open
Conversation
Added new OpenSSL 1.1.1 header translation Added new OpenSSL IO Handler Fixed memory corruption If GetPAnsiChar own created UTF8String will be freed when the method will be leaved. In that case the string is no longer accessable for OpenSSL. No clue what to do with the USE_MARSHALLED_PTRS part, that has the same problem... Implemented more compiler macros in x509 Set default values for options Added virtual methods for context initialization for #224 Fixed small translation error Fixed small errors found with FixInsight Added missing empty implementations Added Header to source files Removed own definition of size_t and time_t Added PPIdC_INT definition to fpc Updated OpenSSL Header translation and Source Generator Fixed quirk with circular references Added IdOpenSSLConsts for better x64 support Improved xml doc Added missing include Added some pem functions for read/write Added translation for objects.h and fixed some other translations Added missing includes of IdCompilerDefines.inc Some FPC compability Added PPPByte to FPC Implemented some compiler macros in crypto Some more OpenSSL translation Moved TIdOpenSSLPersistent to own unit Added new TIdC_TM Added new x509 wrapper and callback for verification Extracted TIdOpenSSLVersion to own unit Fixed problem with explicite TLS Renamed tls version properties Implemented better way for dynamic loading Implemented usage of dynamic loading
This prevents connection stealing. See https://forum.filezilla-project.org/viewtopic.php?p=137191#p137191 for more details
* replaced usage of reserved words, for example &in -> in_ * removed regions * replaced accidentally added dotted unit name in crypto Thanks to @JedrzejczykRobert
* removed nested consts * replaced some not existing functions * removed regions * replaced $Raise with Raise_ Thanks to @JedrzejczykRobert
Automated by ProjectMagican :)
%LINE% is a string, but we need an integer Thanks to @grahamegrieve
Obviously... Thanks to @grahamegrieve
rsa_st & dsa_st & dh_st & ec_key_st are already in IdOpenSSLHeaders_ossl_typ Thanks to @grahamegrieve
* Missing cdecl * Using PIdAnsiChar instead of PAnsiChar
With new_session_cb we tell OpenSSL that we are holding a reference to the session. We must then also release this reference. But since we get more than one session object we need to keep a list of them. And when cloning an IO Handler, the session reference must be increased. Thanks to @ralfjunker
The ssl object should be destroyed before its ssl context object. While destroying ssl context, OpenSSL calls remove_session_cb, but our FSessionList is already freed Thanks to @ralfjunker
…longer You need to set PassThrough to False Thanks to @rlebeau
Trusted certs are a special OpenSSL format
Used BIO_METHOD (wrong) instead of PBIO_METHOD (correct)
Owner
|
Could you please rebase your changes and add a proper description what you changed? |
function GetClientSocket: TIdOpenSSLSocketClient; // {$IFDEF USE_INLINE}inline;{$ENDIF} // inline leads to a signature change between debug/release
This will lead to an F2051 on complex nested package structures containing runtime and design packages....
For now, I removed {$IFDEF USE_INLINE}inline;{$ENDIF} and everething is working, but there should be an better solution.
Needed for calling SSL_get_*() functions like SSL_get_version() example: SSL_get_version(TIdOpenSSLIOHandlerClient(IdHTTP1.IOHandler).SSLSocked.SSL Another solution would make TIdOpenSSLContextClient.create() -> TIdOpenSSLSocket.Create() for flexible and give an possibility to introduce own OpenSSLSocked....
added missing type defs for STACK, STACK_OF_GENERAL_NAME, GENERAL_NAME_union_
using example: iterate subject alt names
cert := SSL_get_peer_certificate(TIdOpenSSLIOHandlerClient(IdHTTP1.IOHandler).SSLSocked.SSL);
subj_name := X509_get_ext_d2i(cert, NID_subject_alt_name, nil, nil);
for i := 0 to openssl_sk_num(PSTACK(subj_name)) - 1 do
begin
curname := PGENERAL_NAME(openssl_sk_value(PSTACK(subj_name), i));
if curname.type_ = GEN_DNS then
begin
// if ASN1_STRING_length(PASN1_STRING(curname.d.DnsName)) = length(dns_name)
dns_name := PAnsiChar(ASN1_STRING_get0_data(PASN1_STRING(curname.d.DnsName)));
Memo1.Lines.Add(string(dns_name)); // Debug
end;
end;
- added to IntermediateCode, run generator for static and dynamic. test ok
Author
|
rebase done, no conflicts any more. added description summary and detail for every change |
Owner
|
d4f2d40 changes something out of the scope of my PR. Could you please make a PR directly to Indy for that change? |
Author
|
yea, d4f2d40 just fixes an ugly warning |
Added changed SSL_get_peer_certificate()
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Changes: (see checkin comments for details)