From flavio.etrusco at gmail.com  Wed Apr 10 02:34:43 2024
From: flavio.etrusco at gmail.com (=?UTF-8?Q?Fl=C3=A1vio_Etrusco?=)
Date: Tue, 9 Apr 2024 21:34:43 -0300
Subject: [fpc-pascal] client certificate mandatory and verification
In-Reply-To: <f553f067-fa93-46ee-9c92-c5946746ba4f@gmail.com>
References: <f553f067-fa93-46ee-9c92-c5946746ba4f@gmail.com>
Message-ID: <CAJvBmObA5XUsJ57a2-kWynhV5EcyAhc2MF14tvdrKitWD9ahdg@mail.gmail.com>

Hello,

This doesn't seem to have an easy solution right now. Many of the functions
needed to set up openssl for this doesn't even seem to have imports in the
FPC package.
You'd then have to import the functions and implement a custom
TSSLSocketHandler, and then hook it using either
(fphttpapp.)Application.HTTPHandler.HTTPServer.OnGetSocketHandler or
TSSLSocketHandler.SetDefaultHandlerClass();

Some pointers:
https://stackoverflow.com/questions/4261369/openssl-verify-peer-client-certificate-in-c
https://stackoverflow.com/questions/21050366/testing-ssl-tls-client-authentication-with-openssl
https://stackoverflow.com/questions/16291809/programmatically-verify-certificate-chain-using-openssl-api
https://stackoverflow.com/questions/3412032/how-do-you-verify-a-public-key-was-issued-by-your-private-ca

Best regards,
Fl?vio


Em s?b., 23 de mar. de 2024 ?s 08:47, Jos Wegman via fpc-pascal <
fpc-pascal at lists.freepascal.org> escreveu:

> Hi,
>
> Out of the info on the wiki I created a simple Webserver with a
> server-certificate.
> To get this code working you need to create the necessary certificate.
> For this I used xca from https://hohnstaedt.de but you can use OpenSSL to
> do the same.
>
>
> [code=pascal]
> program webserver;
>
> {$mode objfpc}{$H+}
>
> uses
>   {$ifdef UNIX}
>   cthreads, cmem,
>   {$endif}
>   fphttpapp,
>   httpdefs,
>   httproute,
>   opensslsockets;
>
> var
>   fUseSSL: boolean;
> const
>   fCertificatePassword: string = 'hello';
>   fCertificateHostName: string = 'localhost';
>   fCertificateFileName: string = 'Server.crt';
>   fCertificatePrivateKey: string = 'Server.key';
>
>   procedure route1(aReq: TRequest; aResp: TResponse);
>   begin
>     aResp.Content := '<html><body><h1>Route 1 The
> Default</h1></body></html>';
>   end;
>
>   procedure route2(aReq: TRequest; aResp: TResponse);
>   begin
>     aResp.Content := '<html><body><h1>Route 2</h1></body></html>';
>   end;
>
> begin
>   HTTPRouter.RegisterRoute('/', @route1);
>   HTTPRouter.RegisterRoute('/2', @route2);
>   Application.Port := 1999;
>   fUseSSL :=true;
>   Application.UseSSL := fUseSSL;
>   if fUseSSL then
>   begin
>     Application.CertificateData.KeyPassword := fCertificatePassword;
>     Application.CertificateData.HostName := fCertificateHostName;
>     Application.CertificateData.Certificate.FileName :=
> fCertificateFileName;
>     Application.CertificateData.PrivateKey.FileName :=
> fCertificatePrivateKey;
>   end;
>   Application.Threaded := True;
>   Application.Initialize;
>   Application.Run;
> end.
> [/code]
>
> My questions are:
>
> *- How can I modify this example to enforce the use of a client
> certificate? - How can I verify a client certificate in the server?*
>
> In the TLS handshake a client certificate is optional but the server can
> ensure that it is mandatory.
>
> Any help, pointers, sample code is appreciated.
>
> Sincerely,
>
> Jos
> _______________________________________________
> fpc-pascal maillist  -  fpc-pascal at lists.freepascal.org
> https://lists.freepascal.org/cgi-bin/mailman/listinfo/fpc-pascal
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freepascal.org/pipermail/fpc-pascal/attachments/20240409/a0fb335c/attachment.htm>

From tony.whyman at mccallumwhyman.com  Wed Apr 10 11:21:11 2024
From: tony.whyman at mccallumwhyman.com (Tony Whyman)
Date: Wed, 10 Apr 2024 10:21:11 +0100
Subject: [fpc-pascal] client certificate mandatory and verification
In-Reply-To: <CAJvBmObA5XUsJ57a2-kWynhV5EcyAhc2MF14tvdrKitWD9ahdg@mail.gmail.com>
References: <f553f067-fa93-46ee-9c92-c5946746ba4f@gmail.com>
 <CAJvBmObA5XUsJ57a2-kWynhV5EcyAhc2MF14tvdrKitWD9ahdg@mail.gmail.com>
Message-ID: <69a70a07-e0ff-4059-8606-ee33ba19170b@mccallumwhyman.com>

If you want to use OpenSSL then you might be interesting in trying out 
my proposed update to the Indy components. This is to support the latest 
versions of OpenSSL and can be downloaded from:

https://github.com/MWASoftware/Indy.proposedUpdate

There is a test case in Test/OpenSSL/openssl-server which is based on 
the use of the Indy http server and OpenSSL which includes a test case 
where a client certificate must be validated by the server. This appears 
to work on both Linux and Windows and hopefully other platforms.

On 10/04/2024 01:34, Fl?vio Etrusco via fpc-pascal wrote:
> Hello,
>
> This doesn't seem to have an easy solution right now. Many of the 
> functions needed to set up openssl for this doesn't even seem to have 
> imports in the FPC package.
> You'd then have to import the functions and implement a custom 
> TSSLSocketHandler, and then hook it using either
> (fphttpapp.)Application.HTTPHandler.HTTPServer.OnGetSocketHandler or 
> TSSLSocketHandler.SetDefaultHandlerClass();
>
> Some pointers:
> https://stackoverflow.com/questions/4261369/openssl-verify-peer-client-certificate-in-c
> https://stackoverflow.com/questions/21050366/testing-ssl-tls-client-authentication-with-openssl
> https://stackoverflow.com/questions/16291809/programmatically-verify-certificate-chain-using-openssl-api
> https://stackoverflow.com/questions/3412032/how-do-you-verify-a-public-key-was-issued-by-your-private-ca
>
> Best regards,
> Fl?vio
>
>
> Em s?b., 23 de mar. de 2024 ?s 08:47, Jos Wegman via fpc-pascal 
> <fpc-pascal at lists.freepascal.org> escreveu:
>
>     Hi,
>
>     Out of the info on the wiki I created a simple Webserver with a
>     server-certificate.
>     To get this code working you need to create the necessary certificate.
>     For this I used xca from https://hohnstaedt.de but you can use
>     OpenSSL to do the same.
>
>
>     [code=pascal]
>     program webserver;
>
>     {$mode objfpc}{$H+}
>
>     uses
>     ? {$ifdef UNIX}
>     ? cthreads, cmem,
>     ? {$endif}
>     ? fphttpapp,
>     ? httpdefs,
>     ? httproute,
>     ? opensslsockets;
>
>     var
>     ? fUseSSL: boolean;
>     const
>     ? fCertificatePassword: string = 'hello';
>     ? fCertificateHostName: string = 'localhost';
>     ? fCertificateFileName: string = 'Server.crt';
>     ? fCertificatePrivateKey: string = 'Server.key';
>
>     ? procedure route1(aReq: TRequest; aResp: TResponse);
>     ? begin
>     ??? aResp.Content := '<html><body><h1>Route 1 The
>     Default</h1></body></html>';
>     ? end;
>
>     ? procedure route2(aReq: TRequest; aResp: TResponse);
>     ? begin
>     ??? aResp.Content := '<html><body><h1>Route 2</h1></body></html>';
>     ? end;
>
>     begin
>     ? HTTPRouter.RegisterRoute('/', @route1);
>     ? HTTPRouter.RegisterRoute('/2', @route2);
>     ? Application.Port := 1999;
>     ? fUseSSL :=true;
>     ? Application.UseSSL := fUseSSL;
>     ? if fUseSSL then
>     ? begin
>     ??? Application.CertificateData.KeyPassword := fCertificatePassword;
>     ??? Application.CertificateData.HostName := fCertificateHostName;
>     ??? Application.CertificateData.Certificate.FileName :=
>     fCertificateFileName;
>     ??? Application.CertificateData.PrivateKey.FileName :=
>     fCertificatePrivateKey;
>     ? end;
>     ? Application.Threaded := True;
>     ? Application.Initialize;
>     ? Application.Run;
>     end.
>     [/code]
>
>     My questions are:
>     *- How can I modify this example to enforce the use of a client
>     certificate?
>     - How can I verify a client certificate in the server?*
>
>     In the TLS handshake a client certificate is optional but the
>     server can ensure that it is mandatory.
>
>     Any help, pointers, sample code is appreciated.
>
>     Sincerely,
>
>     Jos
>     _______________________________________________
>     fpc-pascal maillist? - fpc-pascal at lists.freepascal.org
>     https://lists.freepascal.org/cgi-bin/mailman/listinfo/fpc-pascal
>
>
> _______________________________________________
> fpc-pascal maillist  -fpc-pascal at lists.freepascal.org
> https://lists.freepascal.org/cgi-bin/mailman/listinfo/fpc-pascal
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freepascal.org/pipermail/fpc-pascal/attachments/20240410/c7c4b299/attachment.htm>

From overanalytcl at gmail.com  Sun Apr 14 01:19:10 2024
From: overanalytcl at gmail.com (=?UTF-8?Q?Alecu_=C8=98tefan-Iulian?=)
Date: Sun, 14 Apr 2024 02:19:10 +0300
Subject: [fpc-pascal] FPC and SIMD intrinsics
Message-ID: <242d6570-1363-4d1c-a7b9-58ecce6dcfed@gmail.com>

Hello!

I am interested in making a high-performance project which involves a
lot of math, which is why I am interested in using SIMD (AVX2) on x86_64
(and for fun as well, if I'm honest). I am coming mainly from the C and
C++ world where one has intrinsics (such as `_mm256_add_epi64`, to give
an example from the Intel? Intrinsics Guide). I am most familiar with
GCC (and to a lesser extent to Clang and ICC), where one can access
these intrinsics through headers such as <immintrin.h>. Is there a Free
Pascal equivalent for that?

I am well aware I can use asm blocks, but some intrinsics do more than
one instruction and over on C it's the compiler's responsibility to find
the best instruction for a given intrinsic.

Basically, can I directly implement `_mm256_add_epi64` so they're
equivalent to doing the same thing in C? If not, what would be the best
course of action to make wrappers for these intrinsics? I tried this:

```
program AVX2Example;

{$mode objfpc}{$H+}{$asmmode intel}

uses
   SysUtils;

type
   __m256i = packed array[0..3] of int64;

function _mm256_loadu_si256(src: __m256i): __m256i; assembler;
asm
     vmovdqu ymm0, ymmword ptr [src]
     vmovdqa [Result], ymm0
end;

function _mm256_add_epi64(a, b: __m256i): __m256i; assembler;
asm
     vmovdqa ymm0, [a]
     vmovdqa ymm1, [b]
     vpaddq ymm0, ymm0, ymm1
     vmovdqa [Result], ymm0
end;

var
   a: __m256i = (1, 2, 3, 4);
   b: __m256i = (5, 6, 7, 8);

   a1, a2: __m256i;
   res: __m256i;
   e: int64;
begin
   a1 := _mm256_loadu_si256(a);
   a2 := _mm256_loadu_si256(b);

   res := _mm256_add_epi64(a1, a2);

   for e in res do
   begin
     Write(e, ' ');
   end;
   Writeln;

end.
```

but it only works half of the time, so something is wrong.

Kind regards,
Stefan.

From zamtmn at gmail.com  Mon Apr 22 08:40:25 2024
From: zamtmn at gmail.com (Andrey Zubarev)
Date: Mon, 22 Apr 2024 11:40:25 +0500
Subject: [fpc-pascal] TDictionary.GetMutableValue
Message-ID: <CAHLYxWSSjmsB4Q+qdi4Lsuj_v8ARx0fAe0MtmXJ-jz=RoGG9gQ@mail.gmail.com>

Good afternoon!
I have already written to the forum and bugtracker, but this topic is not
interesting to anyone((
I need an answer from someone from the development team about the prospects
https://gitlab.com/freepascal.org/fpc/source/-/issues/40656 Is it possible
to approved this, or is it worth making my own bike? The essence of the
problem is that we need write access to Value, without unnecessary
intermediaries in the form of Enumerator
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freepascal.org/pipermail/fpc-pascal/attachments/20240422/1f76ac05/attachment.htm>

From adriaan at adriaan.biz  Mon Apr 22 11:51:22 2024
From: adriaan at adriaan.biz (Adriaan van Os)
Date: Mon, 22 Apr 2024 11:51:22 +0200
Subject: [fpc-pascal] FPC and SIMD intrinsics
In-Reply-To: <242d6570-1363-4d1c-a7b9-58ecce6dcfed@gmail.com>
References: <242d6570-1363-4d1c-a7b9-58ecce6dcfed@gmail.com>
Message-ID: <6626331A.1060803@adriaan.biz>

Alecu ?tefan-Iulian via fpc-pascal wrote:
> Hello!
> 
> I am interested in making a high-performance project which involves a
> lot of math, which is why I am interested in using SIMD (AVX2) on x86_64
> (and for fun as well, if I'm honest). I am coming mainly from the C and
> C++ world where one has intrinsics (such as `_mm256_add_epi64`, to give
> an example from the Intel? Intrinsics Guide). I am most familiar with
> GCC (and to a lesser extent to Clang and ICC), where one can access
> these intrinsics through headers such as <immintrin.h>. Is there a Free
> Pascal equivalent for that?

I have translated the Intel(R) Integrated Performance Primitives to FreePascal. I can send them if 
you like.

On MacOS, you can use the Accelerate libraries <https://developer.apple.com/accelerate/> which have 
headers translated to FreePascal (see the univint pacakage)

Regards,

Adriaan van Os


From nc-gaertnma at netcologne.de  Mon Apr 22 21:04:18 2024
From: nc-gaertnma at netcologne.de (Mattias Gaertner)
Date: Mon, 22 Apr 2024 21:04:18 +0200
Subject: [fpc-pascal] class constructor exception
Message-ID: <70a6a0b2-988d-4976-8386-60e5fab14350@netcologne.de>

Hi,

When an exception is raised in a class constructor the application 
aborts without any error.

How can I get an error?

Mattias

From zamtmn at gmail.com  Tue Apr 23 09:32:56 2024
From: zamtmn at gmail.com (Andrey Zubarev)
Date: Tue, 23 Apr 2024 12:32:56 +0500
Subject: [fpc-pascal] class constructor exception
In-Reply-To: <70a6a0b2-988d-4976-8386-60e5fab14350@netcologne.de>
References: <70a6a0b2-988d-4976-8386-60e5fab14350@netcologne.de>
Message-ID: <CAHLYxWSDLF50Rjx6E229zXWNZMeA5ba0xy3XRLsG9AYk0VDTBg@mail.gmail.com>

Hi,

Set ExceptProc to your handler in unit initialization section in unit
usesed before the problematic one?

On Tue, Apr 23, 2024 at 12:20?AM Mattias Gaertner via fpc-pascal <
fpc-pascal at lists.freepascal.org> wrote:

> Hi,
>
> When an exception is raised in a class constructor the application
> aborts without any error.
>
> How can I get an error?
>
> Mattias
> _______________________________________________
> fpc-pascal maillist  -  fpc-pascal at lists.freepascal.org
> https://lists.freepascal.org/cgi-bin/mailman/listinfo/fpc-pascal
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freepascal.org/pipermail/fpc-pascal/attachments/20240423/c553413d/attachment.htm>

From nc-gaertnma at netcologne.de  Tue Apr 23 10:05:18 2024
From: nc-gaertnma at netcologne.de (Mattias Gaertner)
Date: Tue, 23 Apr 2024 10:05:18 +0200
Subject: [fpc-pascal] class constructor exception
In-Reply-To: <CAHLYxWSDLF50Rjx6E229zXWNZMeA5ba0xy3XRLsG9AYk0VDTBg@mail.gmail.com>
References: <70a6a0b2-988d-4976-8386-60e5fab14350@netcologne.de>
 <CAHLYxWSDLF50Rjx6E229zXWNZMeA5ba0xy3XRLsG9AYk0VDTBg@mail.gmail.com>
Message-ID: <608bf87e-50f9-48b0-b509-542d86b79cfb@netcologne.de>



On 23.04.24 09:32, Andrey Zubarev via fpc-pascal wrote:
> Hi,
> 
> Set ExceptProc to your handler in unit initialization section in unit
> usesed before the problematic one?

It is set by lcl TApplication.

Just found out: It works with other exceptions, but not with EAbort.
And that indeed creates a silent exception.

I will talk to the lib developers...

Mattias

From nc-gaertnma at netcologne.de  Thu Apr 25 15:16:33 2024
From: nc-gaertnma at netcologne.de (Mattias Gaertner)
Date: Thu, 25 Apr 2024 15:16:33 +0200
Subject: [fpc-pascal] download site and mixed http
Message-ID: <9d80ff6a-6c2e-46e9-8f5e-9ee25dc2148e@netcologne.de>

Hi,

On
https://www.freepascal.org/down/x86_64/linux-hungary.html

are links without "https://", causing the browser to bark:

"File not downloaded: Potential security risk".

Mattias


From XHajT03 at hajny.biz  Thu Apr 25 17:09:04 2024
From: XHajT03 at hajny.biz (Tomas Hajny)
Date: Thu, 25 Apr 2024 17:09:04 +0200
Subject: [fpc-pascal] download site and mixed http
In-Reply-To: <9d80ff6a-6c2e-46e9-8f5e-9ee25dc2148e@netcologne.de>
References: <9d80ff6a-6c2e-46e9-8f5e-9ee25dc2148e@netcologne.de>
Message-ID: <e2da906a41693710ba614a60ce7a2f42@hajny.biz>

On 2024-04-25 15:16, Mattias Gaertner via fpc-pascal wrote:



Hi Matthias,

> On
> https://www.freepascal.org/down/x86_64/linux-hungary.html
> 
> are links without "https://", causing the browser to bark:
> 
> "File not downloaded: Potential security risk".

Thanks for reporting it. In addition, the Canadian mirror apparently 
isn't available any longer. Fixing both issues shouldn't be difficult, 
but I'd like to check the mirror situation first (in particular, if 
there's still some other working mirror at all).

Tomas