BW> choose to disable the anti-spoofing (IP) check? E.g. for the scenario
BW> when a user uses fTelnet (an fTelnet proxy somewhere in the world) and then
BW> wants to download the file via his/her web browser (another IP)?
fTelnet should be responding to a SENDLOC request which allows Mystic to get the
non-proxied IP address of the user. This is either not working or Mystic is
accidentally not using that IP for web downloads which is highly possible.
If we can't get that working then I think the trusted proxy IP option is
probably the way to go. I'll try to take a look at that tonight.
BW> A configuration option for the download URL (e.g. if you have a web
BW> server in front of MIS for HTTPS support with a "real" SSL certificate)
BW> would also be a great addition. :)
The web server does support HTTPS but there was a delay when negotiating
connections with CryptLib. I couldn't figure out why at the time so if memory
serves me, I disabled SSL and never came back to it.
It is technically possible to import a CA signed cert for the BBS but Cryptlib
doesn't have tools to import standard certificate formats (from what I remember)
into their proprietary keystore.
I would like to switch to OpenSSL instead because CryptLib has been annoying to
work with for me, and that could simplify much of this stuff. The problem is
that I don't believe OpenSSL supports a SSH server which would be something we
need to figure out first.
... User Error: Replace user and hit any key to continue...
--- Mystic BBS v1.12 A48 (Windows/64)
* Origin: Sector 7 * Mystic WHQ (1:129/215)
|
