I'm currently trying to implement a soap client under Windows in C++. Due to some technical requirements, the http and communication layer have been implemented using the Winhttp API. Everything seems to work ok but, as soon as TLS 1.1 or 1.2 are enabled the software is unable to perform the SSL handshake. It just keeps sending TCP connection packets to the server.
I made several tests in order to find out what's happening and, so far, this is what I already know:
The software works as expected in Windows 10 Pro (no matter which TLS version is selected). That can't be said when the software is deployed in a Windows 10 ltsb 2016 (1607).
Enabling TLS support as suggested here does not work.
The winhttp code can be found here. I only added this modification at lines 351-352:
DWORD dwOpt = WINHTTP_FLAG_SECURE_PROTOCOL_ALL | WINHTTP_FLAG_SECURE_PROTOCOL_TLS1_1 |WINHTTP_FLAG_SECURE_PROTOCOL_TLS1_2;
int res = WinHttpSetOption(pData->hInternet, WINHTTP_OPTION_SECURE_PROTOCOLS, &dwOpt, sizeof(dwOpt));
Thanks
I already found what was going on there. It turns out that the secure protocol flags does not behave the same way in Windows 10 Pro and Windows 10 2016 ltsb.
The code snippet included in the questions works as expected under Windows 10 Pro but, in Windows 10 2016 ltsb it must be:
DWORD dwOpt = WINHTTP_FLAG_SECURE_PROTOCOL_TLS1_1 |WINHTTP_FLAG_SECURE_PROTOCOL_TLS1_2;
int res = WinHttpSetOption(pData->hInternet, WINHTTP_OPTION_SECURE_PROTOCOLS, &dwOpt, sizeof(dwOpt));
I hope this helps anyone who is struggling with similar issues.
Related
I'm trying to get the DJI OSDK up and running from windows environment, but am hitting a few road blocks along the way. Know the SDK has been published for Windows 10, but not yet including the .Net API for M200 / 600 (what I'm trying to interface).
So I first figured my best chance for getting it running on Windows is by trying to run a linux sample application from windows (via Visual studio 2017). Struggled with linux dependencies in the beginning but eventually figured it out by writing a Windows Serial conn class and including pthread.dll for windows (with some minor additional alterations and included #if _WIN32 etc...)
After quite a bit of coding and debugging (also tried Qt sample app via VS tools - whole can of worms on it's own), I'm still struggling with my "Hello world" application from the drone / RPA. (Even the rest works where I export it to a DLL and implement in c# environment, but besides the point).
After connecting to the platform (basically initialization and serial port opening) the Activate function sends your app ID + key to the RPA and receives an acknowledgement: This being my code:
bool threadSupport = true; //disable first so that able to debug
vehicle = new Vehicle(Port, baud, threadSupport, AdvancedSensing);
//test if connection works fine
if (!vehicle->protocolLayer->getDriver()->getDeviceStatus())
{
//not working, delete current instances
delete (vehicle);
vehicle = nullptr; //set back to null pointer
}
DJI::OSDK::Vehicle::ActivateData actData;
actData.ID = appID;
actData.encKey = new char[65];
strcpy(actData.encKey, key);
actData.version = getFWVersion();
ACK::ErrorCode ack = vehicle->activate(&actData, 1);
The activation function returns 'invalid feedback':
STATUS/1 # DJI::OSDK::Win_serial_device::init, L47: Attempting to open device COM21 with baudrate 230400...
STATUS/1 # DJI::OSDK::Win_serial_device::init, L75: ...Serial started successfully.
ERRORLOG/1 # getDroneVersion, L1378: Drone version not obtained! Please do not proceed. Possible reasons:
Serial port connection:
SDK is not enabled, please check DJI Assistant2 SDK -> [v] Enable API Control.
Baudrate is not correct, please double-check from DJI Assistant2 -> SDK -> baudrate.
TX and RX pins are inverted.
Serial port is occupied by another program. * Permission required. Please do 'sudo usermod -a -G dialout $USER' (you do not need to replace $USER with your username). Then logout and login again
ERRORLOG/1 # activate, L1267: Unable to initialize some vehicle components! STATUS/1 # getErrorCodeMessage, L656: Activate STATUS/1 # getCommonErrorCodeMessage, L722: ACK_NO_RESPONSE_ERROR
...Already checked the suggested issues, but can't pick up anything apparent. At this point not knowing if the problem is hardware-, software (with altered code and threading). If anyone with DJI platforms (M-range), or on the DJI dev. team can please assist? I'm desperate to get this working! :(
I've also shared the code solution on Github DJI OSDK Win Console
Hi Im shenghai and I have been running DJI hardware for non-GPS/LIDAR/Vision based autonomous research for 3 years.
It is a typical problem which DJI wont tell you the full list. Here is a checklist that I come up with
(1) Connect API cable first. Then Run OSDK. then connect simulator cable then run DJI assistant. There is proper sequence shit which DJI don't feel obliged to share.
(2) Ensure your cable is 3.3, not 5
(3) Tx Rx swap. Common problem. Can check by realterm
(4) Ensure your DJI go app is running and the controller is powered on b4
start serial connection
(5) Ensure app id and enc key is correct. And the account this id and key are associated is also running in ur tablet. We encounter this issue for some special compassless firmware, if you have close relationships with DJI they will provide u with lots of shit to test.
(6) Ensure your Serial have authority. In ubuntu is sudo chmod a+rw /dev/serial/by-id/usb-XXmanufactoridXX-port0. Windows forgot. haven`t use it for years
(7) Ensure your API is enabled in DJI assistant. Also for a quick check, disconnect and connect to the assistant, ensure API is still checked. We have a bad experience with it. No matter how many time i check, it went uncheck. Took us a while to find the bug
(8) Ensure you are running current Assistant 2. For matrix should be DJI assistant for Matrix. For a different drone, there is a different version. I know its complex. no idea why they do so.
(9) Ensure you OSDK build is complete and functional. No missing dependency or funny errors. It happens a lot with new 3.7 and 3.8 stereo vision system
That's pretty much all I can think so far.
We are currently consuming a soap based webservice in an delphi application running on an XP (yes still running XP) and porting to a windows 8.1 OS. Our current implementation also uses CAPICOM for certificate management which is now also desupported.
We are planning on upgrading from wininet to winhttp (being faster) remaining with the current version of Delphi 2010. Components I have found are: SynCrtSock , ICS and Indy. From my review, these either use wininet or dont support soap?
Any information on components and examples with the minimum of: soap support, winhttp and certificate management would be greatly appreciated.
Thanks in advance.
I now have resolved the key point of my issue in the certificate management and thought I would post my solution.
The certificate management requirements were limited to only attaching to the SOAP message, I was able to achieve the solution by using the wcrypt2 library. My original code using CAPICOM (with the help of many internet searches) was
Certificate1.Load(CertFile, certpword, CAPICOM_KEY_STORAGE_DEFAULT,
CAPICOM_CURRENT_USER_KEY);
Cert2 := Certificate1.DefaultInterface;
CertContext := Cert2 as ICertContext;
CertContext.Get_CertContext(Integer(PCertContext));
if internetsetOption(Data, INTERNET_OPTION_CLIENT_CERT_CONTEXT,
PCertContext, SizeOf(CERT_CONTEXT)) = False then
begin
'Error Handling'
end;
By using wcrypt2 I was able to read from the certificate store and attach to the soap message by a simple change to my BeforePost function with
hMyStore:=CertOpenSystemStore(0,'MY');
pCertContext:=CertFindCertificateInStore(
hMyStore,
X509_ASN_ENCODING,
0,
CERT_FIND_SUBJECT_STR,
PCHAR('KeyName'),Nil
);
if internetsetOption(Data, INTERNET_OPTION_CLIENT_CERT_CONTEXT,
PCertContext, SizeOf(CERT_CONTEXT)) = False then
begin
'error handling'
end;
And now I am compatible with Windows 8.1, as wininet is still compatible with 8.1 this is not on my critical path and have further time to deploy a solution.
Any further advice on my solution would be greatly appreciated.
I have to implement in C/C++ a software for FTP upload in Windows XP and Windows 7 with TCP window scaling disabled.
I know that in Windows 7 is possible to disable it globally with the command
'netsh interface tcp set global autotuning=disabled'
or in XP with the "Tcp1323Opts" registry parameter.
But these solutions works globally, and I need to change the behaviour only of my program.
I know that it's possible to do it because our customer has shown a program that executes the FTP upload disabling the TCP windows scaling (verified with wireshark), but I don't have the source code of that program.
Please anyone could help me?
Thanks
See WSAIoctl with SIO_SET_COMPATIBILITY_MODE in MSDN; link here: http://msdn.microsoft.com/en-us/library/windows/desktop/cc136103(v=vs.85).aspx
This lets you set the WsaBehaviorAutoTuning value which can be used to turn off auto tuning on the socket in question.
I've written an Windows Server which uses the WMI feature of Windows to monitor system health. For that purpose, a WMI connection is opened, queried and closed every thirty seconds. That works quite well on Windows Server 2008 (R2).
On the other side, I have a couple of Servers running Windows Server 2003 x64, which run constantly into BSODs when using my Service (and only when using my Service). The Error code is commonly 0x9c, sometimes 0x19. Others told me that system memory may be corrupted, but it's very unlikely since all 2003-x64-based servers are experiencing that problems.
The Windows error log lists three error messages of type "WDMxWMI", without any further details, before the system reboots because of an bluescreen.
I don't know why this happens, and I neither know if, or how my program could be the reason for that, since I'm using the WMI exacly like the MSDN examples told me. Last but not least, it works absolutely fine on 2008-based servers.
I'll be thankful for any advice.
A bugcheck of this nature seems to indicate a serious hardware problem.
http://support.microsoft.com/?kbid=329284
https://serverfault.com/questions/7060/troubleshooting-the-dreaded-0x9c-bsod
I have emailed Entrek and they seem to be asleep.
Does anyone else here use Entrek CodeSnitch? If so, have you found a way to use it with Windows Mobile 5, 6, or 6.1 ?
I really need to verify my application doesn't have any memory leaks, etc. And CodeSnitch does a great job of it. But only with Windows Mobile 2003. :/
Thanks.
What's not working? Is it a client connectivity issue?
The older version used PlatMan for a communications layer, which is problematic from a Visual Studio standpoint (which ships with CoreCon), but if you have any tool installed that has Platman (eVC, Platform Builder) then that should still work fine since WinMo 5.x and 6.x are still based on CE 5.0.
I do know that Entrek has a newer version in beta (I have it) so you might try pinging them again. They tend to be pretty busy, but I've always gotten responses (though I know them well and personally, so that might not be any indicator for you).
I also see that they have their phone number posted on their web page. I'd give them a call. I do recall them saying the new version is supposed to address WinMo issues (I rarely use WinMo proper) so it's definitely worth a try.
I've not used CodeSnitch. But I have had success using the Application Verifier Tool to identify my leaks in WM5 and 6.
Getting it up and running can be a bit of a pain. But I find it to be a good tool and the price is right.
Here's a tutorial to get you started.
I've used CodeSnitch on windows mobile 5, 6 and 6.1 devices with no problems.
Make sure you have the v1.4 installed and applied the v1.4 patch which is referenced here.
Like ctackle says, you need an older communications layer called CoreCon. I've also found CETK has CoreCon in it as well and it's not as big as eVC or Platform builder.
You need to setup the device connection settings to use ActiveSync (both transport and startup server), it does not seem to matter what the connection is called so something like Pocket PC will work fine.
The other gotcha I found is that you need to edit the codesnitch and procman shortcuts and add "/targetcpu:armv4i" to the command line arguments for them to work on WM devices.
I have also found them recently to be non-responsive to support emails as well :(