ssl nearer? i need help

[rejetto]

hello, this topic is for delphi programmers. (hi mars)
finally, the socket library used by HFS has released the ssl support freely. i noticed it in the last hour.
http://www.overbyte.be/frame_index.html
i'm studying it. it seems that the code to be changed in hfs is not much, but we need to understand all the rest: certificates, and the like. because i don't think we'll go far without these.
so, if anyone wants to help understand what we need to do pratically to integrate ssl into hfs, it's welcome. step-by-step
lemme know.

[Mars]

j'en reviens à un de mes posts sur le sujet : comment créer un deuxième port d'écoute pour HFS, soit donc un deuxième canal capable de supporter un deuxième type de tpl nommé par exemple HFS.SSL.TPL, afin de gérer avec différence, un canal sécurisé et non sécurisé. et pourquoi pas un protocole de communication entre deux serveurs hfs pour synchroniser des répertoires par exemple.

[FRENCH CAN CAN]

Si può rispondere in lingua Italiana in questo topic? ho visto che mars ha risposto in francese. 

[Mars]

parqué le messago s'adresso onlito to rejetto

I shall also have been able to write my message in delphi code

[rejetto]

haha

ok, i didn't study it enough to say, but i see it will probably need 2 listening sockets instead of one. But this is just guessing, let me know if you find more.

about different templates, i don't think it's worthing having a system based on the socket. I imagine one day we'll have something like an event [choose tpl] and you'll return with macros the name of the template to be used. So you'll choose based on port, or user, or time of day. Any thing.

[MarkV]

Normal HTTP listens on port 80, and HTTPS on port 443 afaik.

[FRENCH CAN CAN]

I found these links, it can be used:

http://www.disi.unige.it/person/FerranteM/delphiopenssl/index.it.html

http://www.disi.unige.it/person/FerranteM/delphiopenssl/example3.html

[r][m]

Any progress on this ? 

[Mars]

No more current event, at the moment stunnel is enough for this spot and I believe that the other priorities are in progress, but be reassured it is in the TO DO LIST of  rejetto.
It is as for a ship blocked alongside the quayby the storm, we wait for an calm for pursuit the road towards the destination SSL

[rejetto]

stunnel has the big limit of hiding IP addresses, making every IP based feature not working.

[maverick]

stunnel has the big limit of hiding IP addresses, making every IP based feature not working.

I don't understand.  Please explain.

[Mars]

When you use hfs directly in contact with the internet you can use the ban because hfs can identify the distant user by his IP, but by way of stunnel, this one passes on in hfs only the address ip 127.0.0.1, that's right which rejetto wants to say

However by using a particular option of stunnel, it is possible to define the address of the network connection of the card to mark the difference

[https]
;accept = [address:]port  of stunnel
accept  = 0.0.0.0:443
;connect = [address:]port of HFS
connect = 127.0.0.1:80       
;local =Ip of your computer on the network viewed by the hfs server
local = 192.168.1.xxx
TIMEOUTclose = 0

[maverick]

When you use hfs directly in contact with the internet you can use the ban because hfs can identify the distant user by his IP, but by way of stunnel, this one passes on in hfs only the address ip 127.0.0.1, that's right which rejetto wants to say

ok.  He's referring to the HFS gui.  Yes that's right.