Articles delegate-en/4060-4130 of [1-5169] on the server localhost:119
  upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
range 4060 - 4130   digest:
How to verify a server's certificate?
  08/11-11:45 . 4060 (Yutaka Sato) [40]
___ Hi Monika, I implemented sslway.c of DeleGate to be compatible with the behavior of "apps/s_client.c" of OpenSSL. So if you test it with "openssl s_client" rather than "openssl verify", you will see
  08/11-15:58 . 4061 (Yutaka Sato) [31]
___ Hallo, I searched documents about "SSL_CTX_set_default_verify_paths()" but it seems not so well documented. The function seems to use two environment variables (defined in OpenSSL/crypto/cryptlib.h
  08/11-18:17 . 4062  Monika Schilling <> [25]
___ Hi Yutaka, Yes, this works! So I have an immediate solution. What do you think about a new DeleGate option which allows to switch off this implicit action. This avoids the scattered configuration (D
  08/11-18:36 . 4063 (Yutaka Sato) [37]
___ Hi, I did it tentatively for the testing :) But note that the SSL (TLS) configuration of DeleGate is moving from sslway options like -CApath to files under the CERTDIR (like ca-sv.pem) after DeleGat
  08/12-04:38 . 4064  Monika Schilling <> [23]
___ Hi Yutaka, Thank you for the pointer. I checked DeleGate 9.8.3 with the new way of configuration via files under CERTDIR. Everything works as expected. There is no need for using the trick with the
  08/12-15:08 . 4065 (Yutaka Sato) [125]
___ Hi, Is it true? I can't understand it because the simple code of sslway.c does load the default certificates anyway if the loading of given certificate is succeeded, regardless whether or not it is
  08/14-04:06 . 4066  Inside User <> [30]
___ DeleGate sounds like the only opensource project that stands a chance of providing similar features regarding MITM proxying of HTTPS, similar to that available in commercial products such as BlueCoa
How to verify a server's certificate?
  08/14-19:04 . 4067  Monika Schilling <> [131]
___ Yutaka, Yes! I just now checked it again. Calling DeleGate DGROOT=/home/ms/.DeleGate/9.8.3/ DGCONF=/home/ms/bin/ /usr/local/bin/delegated-9.8.3 DGROOT=$DGROOT
  08/16-22:48 . 4068 (Yutaka Sato) [257]
___ Monika, Your log does not include the status of "/etc/ssl/certs" so I can't confirm it. For example, the failure could occur if /etc/ssl/certs is empty, or thawteCp.pem is lacking, or the default ce
  08/17-02:29 . 4069  Monika Schilling <> [25]
___ Yakuta, I take this serious. So I entered turn 3 and unified the batch files of my test cases. Nothing (DGROOT, version of DG, ...) is hard coded anymore. These variables are now taken from a single
SSL Buffer_Underflow
  08/19-01:01 . 4070  =?ISO-8859-1?Q?Andr=E9_Egners?= <> [8]
___ Hello. I get a BUFFER_UNDERFLOW as a SSLEngineResult while calling unwrap. This happens every time the connection is closed. I'm using Delegate as a HTTPS Proxy with STLS=-fcl. The BUFFER_UNDERFLOW
  08/19-01:27 . 4071 (Yutaka Sato) [19]
___ Hi, Could you show me a little more about your usage and environment? How can I reproduce it? Cheers, Yutaka 9 9 Yutaka Sato <> ( ~ ) National Institut
  08/19-01:45 . 4072  =?ISO-8859-1?Q?Andr=E9_Egners?= <> [16]
___ Hi. In our research group we are working on anonymity network and use an onion routing scheme which could be compared to TOR, therefore we chain SSL proxies. The error occurs while doing throughput
  08/19-02:52 . 4073 (Yutaka Sato) [102]
___ Hi, I have no experience with Java but I saw the document saying: <URL:> It could be the result of s
  08/19-03:11 . 4074 (Yutaka Sato) [24]
___ Andre, This document also says: It might be inappropriate but very usual and reasonable implementation (for faster and lighter shutdown of connection in a heavy loaded network). And what is clearly
  08/19-03:47 . 4075  =?ISO-8859-1?Q?Andr=E9_Egners?= <> [6]
___ Hi Yutaka. Thanks for the informative input, it is much appreciated. Best regards, Andre
  08/19-03:53 . 4076 (Yutaka Sato) [29]
___ Andre, Maybe the enclosed patch is the simplest modification to let DeleGate do the shutdown SSL in the appropriate way :) Cheers, Yutaka 9 9 Yutaka Sato <>
FileZilla TLS security patch does not work with FTPS and Delegate
  08/19-16:37 . 4077 [1025]
___ Hello, We are using DeleGate as a ftp to ftps proxy. The setting used to work *very well* (and therefore a big thank you for the author of DeleGate). The problem is with Explicit and Implicit SSL/TL
  08/19-17:34 . 4078 (Yutaka Sato) [59]
___ Hi, This seems the same problem I heard last night... If so, you might be able to solve it with the patch I postedn in: <URL:> And more detailed lo
Antwort: Re: [DeleGate-En] FileZilla TLS security patch does not work with F TPS and Delegate
  08/19-19:37 . 4079 [195]
___ Hi Yutaka, The patch you provided in fact solves the problem. It works fine again. Thank you very much. Cheers, Markus (Yutaka Sato) wrote on 19.08.2008 10:34:37: an FileZilla
nntp proxy as non root
  08/19-22:27 . 4080  Andreas Moroder <> [46]
___ Hello, I would like to start delegate as nntp proxy as nobody. I followed the instructions on but maybe I made something wrong in /usr/local i hav
  08/20-13:48 . 4081 (Yutaka Sato) [68]
___ First of all, you need nothing to do for it because it is the default behaviour of DeleGate when it is invoked by the root user. For example, you can test it as this: # delegated -P119 SERVER=nntp D
nntp an virus filtering or attachment blocking
  08/20-20:05 . 4082  Andreas Moroder <> [10]
___ Hello, we have delegaterunning as nntp proxy. Is it possible to pass scan the nntp traffic that passes delegate with a virus scanner ? If not, is it possible to configure delegate the way that attac
  08/21-19:43 . 4083 (Yutaka Sato) [30]
___ Hi, You can use the FTOCL parameter to filter each article by your own filter program. For example, you can erase any part exept text/plain in a multipart message using DeleGate as a MIME filtering
VStr overflow in Xstrcpy and TIME_WAIT state
  08/22-05:25 . 4084  "Jean Aumont" <> [309]
___ Hi Yutaka Sato, First, thanks a lot for developping this proxy. It is great. I have 2 questions regarding the "Delegated" proxy: Question 1: Is this normal to see "VStr overflow in Xstrcpy" in the E
  08/22-06:35 . 4085 (Yutaka Sato) [40]
___ Hi, The name is "DeleGate" :) No, it's abnormal. It might be the result of a long string (longer than 256bytes) in your configuration parameters like CMAP, AUTHORIZER, or so which could not be copie
  08/22-06:57 . 4086  "Jean Aumont" <> [88]
___ Hi, Thanks for replying so fast. Regarding the Question 1: Is this normal to see "VStr overflow in Xstrcpy" in the ERRORLOG file ? In my configuration file there is nothing longer than about 100 cha
  08/22-13:38 . 4087 (Yutaka Sato) [66]
___ Hi, Even if your input parameter is short, it might be expanded internally by DeleGate, and the result is reported in the LOGFILE. For example, a password string for -list{user:pass} in AUTHORIZER i
  08/22-22:08 . 4088  "Jean Aumont" <> [93]
___ Hi Yutaka, Thanks a lot for the info. I will try the patch. Jean Aumont ---Original Message--- From: Yutaka Sato [] Sent: Friday, August 22, 2008 12:38 AM To: feedback@de
tls ciphers
  08/23-05:53 . 4089 (Yutaka Sato) [31]
___ Hi, You need to include the keyword in the Subject or the body of your message to be forwarded to the list. The keyword is the name of the software, "DeleGate" :) Also messages with too many exclama
SSL Buffer_Underflow
  08/23-14:15 . 4090 (Yutaka Sato) [22]
___ I found this message rejected because of too short body. Cheers, Yutaka 9 9 Yutaka Sato <> ( ~ ) National Institute of Advanced Industrial Science and
SSL no shared cipher
  08/24-23:46 . 4091  Andre <> [41]
___ Hi. While trying to influence the chosen cipher used for SSL connections, it was pointed out to me to use "STLS="fcl, sslway -cipher <list as in I tried a couple of options with the openssl s_server
FileZilla TLS security patch does not work with FTPS and Delegate
  08/25-03:11 . 4092 (Yutaka Sato) [29]
___ Hi, I read the discussion in the FileZilla forum including standpoints like mine :) <URL:> I'm suspicious if the way of shutdown handl
SSL no shared cipher
  08/25-03:17 . 4093  Andre <> [18]
___ Hi again. I tested this with some other ciphers, also deliberately forcing a specific cipher. When testing with the openssl s_server command, Diffie-Hellman parameters are generated. According to [1
  08/25-14:36 . 4094 (Yutaka Sato) [78]
___ Hi, I noticed that I have not implemented Diffie-Hellman handling :-O The enclosed patch does it by loading DH parameters from a file "dhparam.pem" under the default certificate store of DeleGate (C
  08/25-18:51 . 4095  Andre <> [88]
___ Hi. Thanks again for the quick response. The supplied patch works like a charm. Best regards, Andre Yutaka Sato schrieb:
Delegate-CLOSE_WAIT problem
  08/29-00:20 . 4096  "Jean Aumont" <> [277]
___ Hi Yukata, I have a serious problem using the delegate HTTP proxy. After using it for a while, its stops accepting connections. To temporaly fix the problem, I added MAXIMA=listen:500 to my config.
  09/01-18:50 . 4097 (Yutaka Sato) [44]
___ Hi, If this happens on usual situation, caused by DeleGate, it must have been fixed. So I think there are something unusual in your case, but I don't know anything about it. Informations as follows
FW: [DeleGate-En] Windows Integrated Authentication
  09/02-21:15 . 4098  "Nagel, Willy" <> [602]
___ Hi Yutaka, This doesn't seem to resolve the issue. Maybe you have another clue? Here's what appears in the logfile (beneath this logfile are results when not using the HTTPCONF add-rhead value): 06/
  09/03-03:17 . 4099 (Yutaka Sato) [23]
___ Hi, It seems that I implemented "NTLM over HTTP" in DeleGate/9.8.2 as CHANGES file records: Thus recent DeleGate should work with it with "-Enh" option. Cheers, Yutaka 9 9 Yutaka Sato <y.sato@delega
SSL no shared cipher
  09/04-08:19 . 4100  =?ISO-8859-15?Q?Andr=E9_Egners?= <> [17]
___ Hi. I tested the new Diffie-Hellman functionality a little more thoroughly and it turns out that there is a problem. If I start up the server as a https proxy with the necessary dhparam in place (th
  09/04-15:27 . 4101 (Yutaka Sato) [30]
___ Andre, I don't know how to reproduce it but it might be solved by disabling the SSL context/session cache of DeleGate as follows: TLSCONF=cache:no Cheers, Yutaka 9 9 Yutaka Sato <
  09/04-17:13 . 4102  =?ISO-8859-1?Q?Andr=E9_Egners?= <> [38]
___ Thanks, this actually solved the problem. Regards, Andre Yutaka Sato schrieb:
FW: [DeleGate-En] Windows Integrated Authentication
  09/04-19:12 . 4103  "Nagel, Willy" <> [120]
___ Hi Yutaka, Thanks for your reply. I now have the following configuration: -Pip-to-listen-on:443 ADMIN=admin@oce.. DGROOT="/DeleGate/" DELAY=reject:0,unknown:0 SERVER=https AUTHORIZER=-ntht HTTPCONF=
  09/05-11:12 . 4104 (Yutaka Sato) [71]
___ Hi Willy, First of all, it seems that I disabled the ability to relay NTLM authentication with AUTHORIZER=-ntht or -Enh. It should be fixed as the enclosed patch. I uploaded the modified version as
  09/05-13:12 . 4105  arvin degamo <> [30]
___ Hi, Our company decided to install a delegate proxy server. Can i ask some tips and procedures on how i can install it? Can you give me some tips because my boss wants a presentation before we insta
FW: [DeleGate-En] Windows Integrated Authentication
  09/05-16:09 . 4106  "Nagel, Willy" <> [620]
___ Hi Yutaka, Thanks for your reply. I've been testing using the same config file, with 9.8.5-pre1, but I'm still unsuccessfull. No traffic appears to be going to the destination server (when looking i
  09/05-16:57 . 4107 (Yutaka Sato) [23]
___ Hi Willy, Something seem bad with SSL, and/or with running as a background service. I'll test it by myself but you are recommended to test it without SSL and/or running your DeleGate in foregroud (w
  09/05-18:33 . 4108 (Yutaka Sato) [684]
___ Hi Willy, I tested it with the folloing configuration: -P9443 DGROOT=/DeleGate SERVER=https AUTHORIZER=-ntht STLS=fcl MOUNT="/* http://localhost:9080/*" where http://localhost:9080 is IIS with NTLM
  09/05-18:34 . 4109  "Nagel, Willy" <> [219]
___ Hi Yutaka, I already tested using http in stead of https. In a setup when proxying for IIS without Integrated Windows Authentication, all works fine with the certificates. I now used the following c
  09/05-18:51 . 4110 (Yutaka Sato) [27]
___ Hi Willy, With which browser and what URL are you accessing the DeleGate? If you are accessing the DeleGate with "non-local hostname" with MSIE, NTLM is not enabled by default. <URL:http://support.m
  09/05-19:10 . 4111  "Nagel, Willy" <> [87]
___ Hi Yutaka, I'm using MSIE7. Normally, when connecting to an NTLM enabled site from a non-domain computer / non-local hostname, you get a popup in which you'll have to enter your credentials. I have
  09/05-19:21 . 4112 (Yutaka Sato) [36]
___ Hi Willy, I'm reminded that this is the reason why I did not document well about NTHT. NTHT is only available with MSIE with a URL of restricted form of host-name or with a special configuration of
Socks bind timeout
  09/07-22:55 . 4113  "Andre E." <> [57]
___ Hi. While trying out the BIND capability of the SOCKS server I came across the following behavior. There seems to be timeout which closes the socket opened with the BIND command. I also tested this
DeleGate/9.8.4 (BETA) -- fixes & ext. for WindowsCE, HTTP, SSL, authentication
  09/08-15:59 . 4114 (Yutaka Sato) [44]
___ Dear DeleGate users, I inform you of the new release of DeleGate available as follows: DeleGate/9.8.4 (BETA) -- fixes & ext. for WindowsCE, HTTP, SSL, authentication This release includes fixes and
FW: [DeleGate-En] Windows Integrated Authentication
  09/08-16:20 . 4115  "Nagel, Willy" <> [115]
___ Hi Yutaka, Thanks for your help, but I'm still unsuccessfull. I now user the following config: -Plisten_ip:80 AUTHORIZER=-login ADMIN=admin@test.. DGROOT=/DeleGate SERVER=http HTTPCONF=bugs:do-authc
DeleGate as FTP Authentication Proxy
  09/09-02:55 . 4116  "Gusti Benawi" <> [16]
___ Hello, when using DeleGate as an FTP-Reverse Proxy, ist it possible to tell DeleGate to do the authentication with the client before connecting to the FTP server in the local network? delegated -v -
  09/09-04:00 . 4117  "Gusti Benawi" <> [25]
___ I just found out that sending %U:%P to MYAUTH will do the job delegated -v -P2121 SERVER=ftp AUTHORIZER=-pam MOUNT="/* ftp://server:port/*" MYAUTH="%U:%P" Best regards, G. Benawi Ist Ihr Browser Vis
performance measurements and socks question
  09/10-20:20 . 4118  Andre <> [974]
___ Hi Yutaka. We did some performance measurements with Delegated and Squid in our research group. Our setup builds a chain of 3 SSL proxies using the CONNECT command of HTTP. We would like to share ou
FW: [DeleGate-En] Windows Integrated Authentication
  09/11-09:37 . 4119 (Yutaka Sato) [24]
___ Hi Willy, I found that I coded it by LogonUser() with fixed domain "." thus you can only use the account which is local to the host machine of DeleGate (without domain). I'll try to extend it see do
Socks bind timeout
  09/11-10:51 . 4120 (Yutaka Sato) [28]
___ Hi, You can change the timeout of accept on a socket with a parameter as TIMEOUT=acc:180 of which default is TIMEOUT=acc:10. Cheers, Yutaka 9 9 Yutaka Sato <>
performance measurements and socks question
  09/11-11:51 . 4121 (Yutaka Sato) [48]
___ Hi, Note that disabling the SSL cache with "TLSCONF=cache:no" will reduce the performance, possibly significantly. Also conditional SSL with "STLS=-fcl" (not with "STLS=fcl") might reduce the perfor
  09/11-12:06 . 4122 (Yutaka Sato) [20]
___ Hi, Also the default behavior of DeleGate for on-demand dynamic process generation will reduce the performance due to the cost for fork/spawn processes. It could be faster with a fixed number of pro
  09/11-13:06 . 4123 (Yutaka Sato) [30]
___ Hi, If your intension is just to use a persistent port (as 80/HTTP) to accept client's connection via the SOCKS server, (not to repeat ACCEPT on the same SOCKS connection), you can use SRCIF with PO
  09/11-20:16 . 4124  Andre <> [61]
___ Hi. The functionality you implemented in the VSAP protocol is actually not possible with other SOCKS implementations and I also suspected this to be an extension of the socks protocol. But the possi
  09/11-21:10 . 4125  Andre <> [32]
___ Yutaka Sato schrieb: This is my intention, but I would like to be able to do this at runtime, so that I send a command to the server server that there is a service X which wants to accept connection
DeleGate as FTP Authentication Proxy
  09/11-22:55 . 4126  "Gusti Benawi" <> [51]
___ Hello, I am trying to use TLS connection with the client and TCP with the server in connection with AUTHORIZER. Using following configuration: delegated -v -P2121 SERVER=ftp AUTHORIZER=serverhost MO
  09/11-23:34 . 4127 (Yutaka Sato) [47]
___ Hi, You are right. It'll be fixed as the enclosed patch in the next release. Thank you. Cheers, Yutaka 9 9 Yutaka Sato <> ( ~ ) National Institute of A
performance measurements and socks question
  09/11-23:46 . 4128 (Yutaka Sato) [52]
___ Sorry, it is not "PORTS" but "PORT" as the reference manual says :p I don't see the insufficiency by PORT and SRCIF for your requirement. If necessary, you can select a port to be bound dynamically
VSAP and HTTP/ACCEPT (Re: performance measurements and socks question)
  09/12-00:23 . 4129 (Yutaka Sato) [69]
___ Hi, The only documentation of VSAP is in its source file "src/vsap.c" VSAP was designed to replace the SOCKS protocol (but not :p) It is totally different from SOCKS protocol (but can wrap it if nec
Allowing tcprelay during a time window
  09/12-02:28 . 4130  Sunil S <> [28]
___ Hi, Yutaka, I tried to use : delegated -v -f -P$ListenPort ADMIN=nobody@nowhere.. MAXIMA=conpch:1 RELIABLE=$ReliableIP PERMIT=*:-T.$StartTime-$EndTime:* RES_WAIT=0 TIMEOUT=silence:5m SERVER=tcprelay
  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
Generated:07/22 19:25:29 (3 sec) Expires:07/23 01:25:26 @_@V