HTTPS with Synapse on Mac

[mdalacu]

I have put wireshak and i have found the problem. When using sslinux the request is made to destination server on 443 port and that is corect, if i use ssfpc the request is made on port 47873, why?!
Our proxy is configured to allow https request only on port 443.
I have attached the wireshark dump from both cases.
Our proxy has this ip address : 10.241.155.1, sort by destination and look for "CONNECT www.raiffeisenonline.ro:XXXXX"

Can you help?
Thank you very much.

[ludob]

The difference is in the implementation of function ResolvePort. ssfpc.inc calls always htons which is swapping the low and high byte on a little endian system (intel machines are little endian). The function is called from TTCPBlockSocket.HTTPTunnelDoConnect. To be honest, I can't imagine what configuration needs ResolvePort in this function to figure out the real port number to use.  So what I suggest is to comment in blcksock.pas line 3859 (your line number could be slightly different, it is the first line of TTCPBlockSocket.HTTPTunnelDoConnect):

Code: [Select]

//  Port := IntToStr(ResolvePort(Port));
I'll look further into how to fix ResolvePort but above workaround should be getting you connected.

[mdalacu]

It's working, thank you very much! Such a simple solution, i was tring to fix ResolvePort without success. 
I have tested it under Linux x86, x64 and Windows x64 and it works perfectly!
Anyway, it is something wrong in ssfpc.inc because ResolvePort function does not work, in sslinux.inc it does. I don't know if synapse is still in development, how to fix this permanently?
So, ludob you are my hero ! 

[ludob]

The difference between the 2 ResolvePort implementations is that one returns host byte order and the other network byte order. Repairing is simple once the correct order is defined. From the HTTPTunnelDoConnect perspective ssfpc is using the wrong order. Comparing to the windows implementation, ssfpc is also wrong.

I'll submit the following patch for ssfpc ResolvePort to the Synapse mailing list:

Code: [Select]

function ResolvePort(Port: string; Family, SockProtocol, SockType: integer): Word;
var
  ProtoEnt: TProtocolEntry;
  ServEnt: TServiceEntry;
begin
  Result := StrToIntDef(Port, 0);
  if Result = 0 then
  begin
    ProtoEnt.Name := '';
    if GetProtocolByNumber(SockProtocol, ProtoEnt) then
      begin
      ServEnt.port := 0;
      if GetServiceByName(Port, ProtoEnt.Name, ServEnt) then
        Result := synsock.htons(ServEnt.port);
      end;
  end;
end;


[mdalacu]

Hi, if i make this modification in ssfpc.inc and also uncomment the line in blcksock.pas then it will not work, same result as before.
Do you need some output form me?

[ludob]

Thank you for testing.

Could you put a breakpoint on the line uncommented in blcksock.pas and look at the value of port before it enters ResolvePort and after. It should be 443 before and after. You can step through the function if you want. It should do nothing more than the Result := StrToIntDef(Port, 0);

[mdalacu]

Yes they are with the function corrected,  but if the program does not work.
If i comment the line in blcksock.pas and leave the modification in ResolvePort then the program does not work.
If i comment the line in blcksock.pas and revert the changes in ResolvePort then the program does work!
My conclusion is that ResolvePort is called form something else and expect the strange output ResolvePort(8080) -> 36895 {i've put an writeln(port,result) inside original ResolvePort}. And when it get's called from blcksock.pas it must provide the normal values ResolvePort(443) -> 443.
So we need to functions or something like this. Sorry for the long delay.
What can i do?

[ludob]

ResolvePort is called from SetVarSin in ssfpc where it indeed expects the port in network order. Can you change line 742 to

Code: [Select]

  Sin.sin_port := synsock.htons(Resolveport(port, family, SockProtocol, SockType));
and use it with the patched version of ResolvePort?

[mdalacu]

Yes now it is working just fine! 
Thank you very much and please send that patch to synapse for anyone benefit! 

[ludob]

Thanks for testing. I've sent the patch to the synapse mailing list.

[mdalacu]

I see that the problem is not resolved in the latest svn snapshot (from february 2013) so i will attach the modified ssfpc.inc file for others to use.

[anna]

I had error

HTTP.Sock.LastError :10091 ; SSL/TLS support is not compiled!

I use synapse from http://sourceforge.net/p/synalist/code/HEAD/tree/trunk/
And ssfpc.zip does not help.
How to bring synapse to work?

[skalogryz]

synapse trunk just works for me (no adjustments necessary).
OSX 10.9.5
fpc 2.6.4
Are you using ssl_openssl unit in your project?

the sample is attached.

Btw, are you still interested in static linking openssl to a project?

[anna]

synapse trunk just works for me (no adjustments necessary).
OSX 10.9.5
fpc 2.6.4
Are you using ssl_openssl unit in your project?

the sample is attached.

Btw, are you still interested in static linking openssl to a project?

Sorry, I missed that thread is fom Mac. I use Windows. But Lazarus must work everywhere, must not it?

First I have error 103

When I edit code next , I get empty file:

Code: [Select]

program project1;

{$mode delphi}{$H+}

uses
  {$IFDEF UNIX}cthreads,{$ENDIF} SysUtils,
  Classes,  ssl_openssl , httpsend;

var
  st  : TStringList;
  url : string;
  res : string;
begin
  try
    if ParamCount=0 then url:='https://www.google.com' else url:=ParamStr(1);
    if ParamCount=1 then res:='' else res:=ParamStr(2);
    st:=TStringList.Create;
    try
      HttpGetText(url, st);
      {if res='' then write(st.Text)
      else st.SaveToFile(res); }
      st.SaveToFile('test.txt');
    finally
      st.Free;
    end;
  except
    on e: exception do writeln('exception: ',e.message);
  end;
end.


[anna]

httpsend.pas

Code: [Select]

function THTTPSend.InternalDoConnect(needssl: Boolean): Boolean;
begin
  Result := False;
  FSock.CloseSocket;
  FSock.Bind(FIPInterface, cAnyPort);
  if FSock.LastError <> 0 then
    Exit;
  FSock.Connect(FTargetHost, FTargetPort);
  if FSock.LastError <> 0 then
    Exit;
  if needssl then
  begin
    if (FSock.SSL.SNIHost='') then
      FSock.SSL.SNIHost:=FTargetHost;

    FSock.SSLDoConnect; // after that error 10091 appears

    FSock.SSL.SNIHost:=''; //don't need it anymore and don't wan't to reuse it in next connection
    if FSock.LastError <> 0 then
      Exit;
  end;
  FAliveHost := FTargetHost;
  FAlivePort := FTargetPort;
  Result := True;
end;