mORMot Open Source

In TAcmeLetsEncrypt checkCertificates procedure(line 1110), check the expiration date of error code:
  cc. GetNotAfter < expired
should be:
cc.getNotAfter-fRenewBeforeEndDays < NowUtc

Several global variables are defined in the mormot.rest.core unit：AuthAdminDefaultPassword，AuthSupervisorDefaultPassword，AuthUserDefaultPassword。You can set the initial password, and then change the password through the server code

By customizing the Routing class, I changed the format of the returned data to meet my requirements in the web client, but if the same interface needs to work in the pascal client, it should not be recognized correctly. Should there also be a corresponding method in the TRestClientRouting's inheritance class that can customize the data returned by parsing?

Sorry, my mistake, my json file format is corrupted.

不行，我看了返回值的16进制数字，原始字符串：out测试，  返回的16进制表示：6F7574 C3A6C2B5C28B C3A8C2AFC295，正确的UTF8编码：6F7574 E6B58B E8AF95

After many attempts, the ssl_password_file parameter does the job, but strangely, the file name specified after this parameter must be in the standard windows path, and the certificate file specified path must replace the '\' in the path with '//'.

After the test, you cannot set the password when applying for a certificate. After the password is set, the https service cannot run. After removing the password and re-applying for a certificate, it can run normally

I use nginx, the Settings are as follows, but https is not accessible,, I don't know what the problem is

server {
        listen       443 ssl;
        server_name  xxx.xx.com;
        ssl_certificate      d://sslkeystore//xxx.xx.com.crt.pem;
        ssl_certificate_key  d://sslkeystore//xxx.xx.com.key.pem;

        ssl_session_cache    shared:SSL:1m;
        ssl_session_timeout  5m;

        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;
        ssl_ciphers EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH;
       

        location / {
            proxy_pass   http://127.0.0.1:81;
            proxy_redirect     default;
            proxy_set_header   Host             $host;
            proxy_set_header   X-Real-IP        $remote_addr;
            proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
            proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
            proxy_max_temp_file_size 0;
            proxy_connect_timeout      180;
            proxy_send_timeout         180;
            proxy_read_timeout         180;
            proxy_buffer_size          4k;
            proxy_buffers              4 32k;
            proxy_busy_buffers_size    64k;
            proxy_temp_file_write_size 64k;
        }
    }

Thanks
this issue has been solved,
but this mormot.net.acme has found a new issue here, I have submitted a new topic

I trace that in asm code, the comparison of the first 4 bytes is already inconsistent

this is my code：
  registerOpenSsl;
  gAcmeLetsEncryptServer:=TAcmeLetsEncryptServer.create(TsynLog, TacmeDaemonSettings(settings).keyStoreFolder,
      ACME_LETSENCRYPT_URL,'','abcdefg',-1,'8084');
  gAcmeLetsEncryptServer.LoadFromKeyStoreFolder;
  gAcmeLetsEncryptServer.Redirect('xxxx.com','https://www.xxxx.com');
  gAcmeLetsEncryptServer.Redirect('www.xxxx.com','https://www.xxxx.com');   

the “AcmeLetsEncryptServer.Redirect ” has an error at runtime：
  Project acmeDaemon raised exception class 'External:ACCESS VIOLATION' with message:Access violation reading from address $7331322D.
  in file 'mormot.core.base.pas' at line 4819:if PStrLen(p1-_STRLEN)^=len then

This error is in the execution TAcmeLetsEncrypt. GetClient statements,

After introducing the mormot.crypt.openssl unit and calling registerOpenSsl, the issue of x509-es256 not being supported was resolved. But a memory conflict occurred again. When I traced the call to the getClient part of the getClientLocked method in mormot.net.acme, the value of the servername parameter passed changed to an invalid string, causing an error when the FindPropName method was called.

Is my problem, add compile parameter -dUSE_OPENSSL; FORCE_OPENSSL, needs to be recompiled, I am running directly.

Thank you. Yes, you're right. It's up and running.

I want to sort the elements of IKeyValue by Key, and I don't know any good way to do that.

Thank you. I'll test it later

api calls from ali,tencent, or other services will sign the encoded url. If the encoding results are inconsistent, the signature verification will fail

RFC3986 rules will not encode ~, PHP rawUrlEncode from version 5.3 support RFC3986, the previous version will encode ~, Ali, Tencent api coding is to follow this rule.

Thanks for your quick response, but shouldn't the space2plus argument for calling _UrlEncode_ComputeLen in urlencodeName be 48('0')? Should it be 43('+').

My English is poor, most of these contents are written with the help of translation software, some descriptions may not be accurate, which will cause trouble to you.

Thank you for your reply.
This is done using method-based services, which do not take advantage of the convenience of interface-based services. Or, in an interface-based service, how do you get the output parameters to be written in such a format?