Author Topic: HFS including SSl tools  (Read 99360 times)

0 Members and 1 Guest are viewing this topic.

Offline SilentPliz

  • Operator
  • Tireless poster
  • *****
  • Posts: 1234
  • ....... chut ! shh!
    • View Profile
Re: For testing purpose (HFS beta including SSl tools)
« Reply #105 on: November 25, 2013, 10:12:05 AM »
November 25 2013


hfs 286a SSL FR is online.

Update from previous releases or use the links below:

http://silentpliz.perso.sfr.fr/hfs/HFS_286a_SSL_FR.exe


sources:

http://silentpliz.perso.sfr.fr/hfs/Sources_hfs/Sources_hfs_286a_FR_SSL.zip


Offline SilentPliz

  • Operator
  • Tireless poster
  • *****
  • Posts: 1234
  • ....... chut ! shh!
    • View Profile
Re: For testing purpose (HFS beta including SSl tools)
« Reply #106 on: November 29, 2013, 01:46:43 PM »
November 29 2013


hfs 286b SSL FR is online.

Update from previous releases or use the links below:

http://silentpliz.perso.sfr.fr/hfs/HFS_286b_SSL_FR.exe


sources:

http://silentpliz.perso.sfr.fr/hfs/Sources_hfs/Sources_hfs_286b_FR_SSL.zip

Follow members gave a thank to your post:


Offline tailsheep

  • Occasional poster
  • *
  • Posts: 5
    • View Profile
Re: For testing purpose (HFS beta including SSl tools)
« Reply #107 on: January 08, 2014, 04:37:20 PM »
Excellent! Looks like a terrific project!!
Also thanks to rejetto!!

Offline SilentPliz

  • Operator
  • Tireless poster
  • *****
  • Posts: 1234
  • ....... chut ! shh!
    • View Profile
Re: For testing purpose (HFS beta including SSl tools)
« Reply #108 on: April 28, 2014, 02:13:29 PM »
Solved


IMPORTANT   There is a security flaw with
Openssl 1.0.1 a to f.

Do not use SSL with releases posted here until removal of this message.

I leave it for info the following message, posted on another thread, this is an explanation and a possible workaround.

Sorry for the inconvenience.


Savez-vous si "HFS 2.3 bêta 286b SSL FR" est affecté par "OpenSSL TLS Heartbleed bug"?. ???

(Plus d'infos, ici et ici)

Quote from: SilentPliz
Hélas oui! Le problème provient de Stunnel qui est compilé avec une version de OpenSSL qui "contient" la faille de sécurité.

Pour ce qui concerne HFS 2.3 bêta 286b SSL FR, la version de stunnel incluse est;

stunnel 4.56 on x86-pc-msvc-1500 platform
Compiled/running with OpenSSL 1.0.1e-fips 11 Feb 2013

Le problème est qu’actuellement je ne peut pas compiler une nouvelle "release" de HFS incluant la version 5 de Stunnel qui elle est exempte de ce bug. (j'ai mon PC et delphi à réinstaller).

Pour patienter, et si SSL vous est absolument nécessaire, vous pouvez utiliser la version 5 de stunnel.

-  Vous gardez votre fichier de configuration stunnel.conf et vous remplacez les anciens fichiers par les nouveaux.

-  Vous générez manuellement un nouveau certificat. N'utiliser pas les options (boutons) de création incluses dans HFS FR... elles ne feraient qu'extraire de l’exécutable l'ancienne version buggée de Stunnel.

Désolé du dérangement.  :-\

HFS SSL FR ne posant pas de problème en fonctionnement NON SSL... je laisse les versions en ligne, et affiche un avertissement sur le forum concernant ce bug.
« Last Edit: May 21, 2014, 10:07:22 AM by SilentPliz »

Offline bmartino1

  • Tireless poster
  • ****
  • Posts: 864
  • I'm only trying to help i mean no offense.
    • View Profile
    • My HFS Google Drive Shared Link
Re: For testing purpose (HFS beta including SSl tools)
« Reply #109 on: May 01, 2014, 03:33:14 AM »
instead of fixing the link, if you chose to do so, go here to download the patched version:
http://opendec.wordpress.com/tag/openssl/
downlaod: http://indy.fulgan.com/SSL/openssl-1.0.1g-i386-win32.zip

copy the 2 dll files and the openssl.exe file to the place where openssl is located and tada, you are no longer vulnerable...

silentplz this version of openssl doe not include fips mode thoses using fips mode with hfs will have to recreate you ssl certificates with the fips check box unchecked!

Running this version and fixed with the download link above!
I'm only trying to help i mean no offense.
thank you for your time and patience,
Bmartino1

Follow members gave a thank to your post:


Offline i5c0r3

  • Occasional poster
  • *
  • Posts: 9
    • View Profile
Re: For testing purpose (HFS beta including SSl tools)
« Reply #110 on: May 15, 2014, 11:37:55 AM »
instead of fixing the link, if you chose to do so, go here to download the patched version:
http://opendec.wordpress.com/tag/openssl/
downlaod: http://indy.fulgan.com/SSL/openssl-1.0.1g-i386-win32.zip

copy the 2 dll files and the openssl.exe file to the place where openssl is located and tada, you are no longer vulnerable...

silentplz this version of openssl doe not include fips mode thoses using fips mode with hfs will have to recreate you ssl certificates with the fips check box unchecked!

Running this version and fixed with the download link above!

This doesn't work. Those files get overwritten every time you run hfs. And making them read-only crashes stunnel. We'll just have to wait until SilentPliz releases a patched version.
Test your SSL Server @
https://sslcheck.globalsign.com

Follow members gave a thank to your post:


Offline bmartino1

  • Tireless poster
  • ****
  • Posts: 864
  • I'm only trying to help i mean no offense.
    • View Profile
    • My HFS Google Drive Shared Link
Re: For testing purpose (HFS beta including SSl tools)
« Reply #111 on: May 17, 2014, 09:22:00 PM »
This doesn't work. Those files get overwritten every time you run hfs. And making them read-only crashes stunnel. We'll just have to wait until SilentPliz releases a patched version.

(thank yluf or bring this to my attention...

Silent plz, after runing some new test with donwlaoding the "pathced" version, I have found that you progrmar defaults to using openssl-fips 1.0.1e(everytime you execute "hfs_ssl_etc...." please rebuild the source with the corrected version...

I will attept a fix when possible (via downlaoding the source hard to recompile on my end...), other wise see (which is fixed and working!):
http://www.rejetto.com/forum/hfs-~-http-file-server/stunnel-and-hfs-(securing-your-hfs)/

« Last Edit: May 17, 2014, 09:41:20 PM by bmartino1 »
I'm only trying to help i mean no offense.
thank you for your time and patience,
Bmartino1

Offline bmartino1

  • Tireless poster
  • ****
  • Posts: 864
  • I'm only trying to help i mean no offense.
    • View Profile
    • My HFS Google Drive Shared Link
Re: For testing purpose (HFS beta including SSl tools)
« Reply #112 on: May 17, 2014, 11:20:46 PM »
As i have said before, i have issues compiling hfs source code, see picture (alli  did was add/replace the openssl files int he resource folde (which is what the program ios diggin from to get the files...) "I have not touched his code!, but i have erros compiling hfs.dpr as found via his comand to compile it to hfs.exe ....


(would like to be able to comile it to use this source to add feature i want ie add mysql and php capabilities...)
I'm only trying to help i mean no offense.
thank you for your time and patience,
Bmartino1

Offline bmartino1

  • Tireless poster
  • ****
  • Posts: 864
  • I'm only trying to help i mean no offense.
    • View Profile
    • My HFS Google Drive Shared Link
Re: For testing purpose (HFS beta including SSl tools)
« Reply #113 on: May 18, 2014, 01:03:55 AM »
well, i got tired of trying to compile it, so i went the other direction... lolz

here is a link of a new downlaod, as brought on tformt he ida so the progam deosnt overwirte, these files need to be "read only:
>stunnel:
openssl.exe
libeasy32
ssleay32.dll
stunnel.exe
stunel.cfg (after you have a fixed working version!)- this one works...

http://oreilly.com/openbook/samba/book/figs/sam.0506.gif

http://oreilly.com/openbook/samba/book/ch05_03.html
http://en.wikipedia.org/wiki/File_attribute

-----
Downlaod link of a sucessfulky pathed working version, thanks agin for bring this to my attention i5c0r3
*by the way, stune crashes due to the compression of zlib aswell (which is why i think you had issues), so uses using the beta and needing the pathed, please compile your keys before downlaoding to copy them to the corect place... as fips and any form of compresion needs to be uncheced....
----

https://drive.google.com/file/d/0B9u5dgydfOEudkI1dkRpeWVzU0E/edit?usp=sharing
I'm only trying to help i mean no offense.
thank you for your time and patience,
Bmartino1

Offline bmartino1

  • Tireless poster
  • ****
  • Posts: 864
  • I'm only trying to help i mean no offense.
    • View Profile
    • My HFS Google Drive Shared Link
Re: For testing purpose (HFS beta including SSl tools)
« Reply #114 on: May 20, 2014, 06:44:07 PM »
As i have said before, i have issues compiling hfs source code, see picture (alli  did was add/replace the openssl files int he resource folde (which is what the program ios diggin from to get the files...) "I have not touched his code!, but i have erros compiling hfs.dpr as found via his comand to compile it to hfs.exe ....


(would like to be able to comile it to use this source to add feature i want ie add mysql and php capabilities...)

after adding/chaning the needed files to add open ssl 1.0.1g (doens't suport fips nor zlib compression!)
went to compile it and recieved this error:
*see picture
I'm only trying to help i mean no offense.
thank you for your time and patience,
Bmartino1

Offline SilentPliz

  • Operator
  • Tireless poster
  • *****
  • Posts: 1234
  • ....... chut ! shh!
    • View Profile
Re: For testing purpose (HFS beta including SSl tools)
« Reply #115 on: May 21, 2014, 09:57:12 AM »
May 21 2014

hfs 286c SSL FR is online.

New:

Stunnel 5.00b1 
.
For users of a previous BUILD, update Stunnel with the "S" button

hfs 286c SSL FR is online.

Update from previous releases or use the links below:

http://silentpliz.perso.sfr.fr/hfs/HFS_286c_SSL_FR.exe


sources:

http://silentpliz.perso.sfr.fr/hfs/Sources_hfs/Sources_hfs_286c_FR_SSL.zip



Replies to messages and other builds soon.

« Last Edit: May 21, 2014, 10:18:25 AM by SilentPliz »

Follow members gave a thank to your post:


Offline LeoNeeson

  • Tireless poster
  • ****
  • Posts: 579
  • Solitario...
    • View Profile
    • twitter.com/LeoNeeson
Re: For testing purpose (HFS beta including SSl tools)
« Reply #116 on: May 22, 2014, 05:15:05 AM »
SilentPliz: Just a dumb question: this version (hfs 286c SSL FR - May 21 2014), is based on Rejetto's HFS v2.3 Build #286 or his latest stable v2.3a Build #289?
Thanks for the update... :)
« Last Edit: May 22, 2014, 05:28:14 AM by LeoNeeson »
HFS in Spanish (HFS en Español) / How to compile HFS (Tutorial)
• I'm open to help and share any file you may need (just ask me) ;)

Offline bmartino1

  • Tireless poster
  • ****
  • Posts: 864
  • I'm only trying to help i mean no offense.
    • View Profile
    • My HFS Google Drive Shared Link
Re: For testing purpose (HFS beta including SSl tools)
« Reply #117 on: May 22, 2014, 05:25:27 PM »
May 21 2014

hfs 286c SSL FR is online.

New:

Stunnel 5.00b1 
.
For users of a previous BUILD, update Stunnel with the "S" button

hfs 286c SSL FR is online.

Update from previous releases or use the links below:

http://silentpliz.perso.sfr.fr/hfs/HFS_286c_SSL_FR.exe


sources:

http://silentpliz.perso.sfr.fr/hfs/Sources_hfs/Sources_hfs_286c_FR_SSL.zip



Replies to messages and other builds soon.


I believe it is attended, for your code base to do that but this beta version is using openssl 1.0.1e-fips just thought i post this to let usres know...
(This is fine as stunnel 5 has updated there program to fix openssl issue!)

Thank you again for programing this!
« Last Edit: May 22, 2014, 05:31:05 PM by bmartino1 »
I'm only trying to help i mean no offense.
thank you for your time and patience,
Bmartino1

Offline bmartino1

  • Tireless poster
  • ****
  • Posts: 864
  • I'm only trying to help i mean no offense.
    • View Profile
    • My HFS Google Drive Shared Link
Re: For testing purpose (HFS beta including SSl tools)
« Reply #118 on: May 22, 2014, 07:27:33 PM »
Silentplz, if it is not too much toruble can i get some of the pascal files form you as shown in your soucre code

-------------line 52 main.pas----
// SilentPliz & 3rd part libs.
  JvComponentBase, JvBitBtn, JvExButtons, JvAppAnimatedIcon, JvDesktopAlert, JvBaseDlg, JvGIF,
  JvHint, StdActns, ActnList, XPStyleActnCtrls, ActnMan, InputQueryFrm_F, gnugettext;
------------------

As when i go to compile i'm stoped at "JvBitBtn" and i'm unable to find a downlaod for it nor its actual use in the code.

thank you

« Last Edit: May 22, 2014, 07:33:21 PM by bmartino1 »
I'm only trying to help i mean no offense.
thank you for your time and patience,
Bmartino1

Offline SilentPliz

  • Operator
  • Tireless poster
  • *****
  • Posts: 1234
  • ....... chut ! shh!
    • View Profile
Re: For testing purpose (HFS beta including SSl tools)
« Reply #119 on: May 26, 2014, 12:29:26 PM »
SilentPliz: Just a dumb question: this version (hfs 286c SSL FR - May 21 2014), is based on Rejetto's HFS v2.3 Build #286 or his latest stable v2.3a Build #289?
Thanks for the update... :)

Salut!

Oui, cette version est basée sur HFS v2.3 Build #286.
Je n'ai pas encore eu le temps de mettre en ligne les autres "releases".

Mais, les différences entre cette version et la "289" sont assez mineures et concernent surtout des fonctions très spécialisées (scripts) destinées à peu d'utilisateurs.

Au niveau de la stabilité, tu peux considérer cette bêta (286) comme stable.

Follow members gave a thank to your post: