I need to link my app against the cURL API on Windows 10 with MSVC. Recently, Microsoft has included cURL, and it can be run from the command line. Does Microsoft provide a static LIB file or dynamic DLL of their cURL to link against? I can't find it anywhere.
I know that I can compile my own cURL LIB/DLL for Windows, but would like to use a pre-built binary to guarantee security. I can get a binary here https://curl.se/download.html but I am not sure those binaries have built in the SSL, (given they want to be SSL agnostic). Even if they did select a SSL in their binary, which one? Only certain SSL implementations will work for me. See section "Availability" in this link: https://curl.se/libcurl/c/CURLOPT_CAINFO_BLOB.html
Thank you for reading!
Related
I succesfully used libsoup to request an API using https in C used from C++. However when I build in release mode my request would get rejected with status 6: unacceptable TLS certificate.
I tried to get more information and found out the "tls-database" property of my SoupSession was NULL in release mode and was a valid pointer in Debug mode.
I tried to dig into the glib sources to find possible informations on how GTlsDatabase was built but was unable to find the specific Windows implementations to understand the issue...
I use the glib/libsoup included in GStreamer 1.12.4 installer for Windows (10) which is libsoup 2.56.0.
Is there a way to specifically load the certificate (found nothing on that too) or is there a specific env var that would be available in debug mode only? Is there a bug I didn't find in the bugs reported?
I'm having a difficult time getting the Oracle 12.2.0.1.0-2 ODBC drivers and Instant Client (Basic Lite version) working with homebrew-installed unixODBC 2.3.5 under MacOS 10.12.6 (Sierra).
Extracting both of the Oracle ZIP files to /opt/ora12/instantclient_12_2, creating symlinks for libclntsh.dylib and libclntsh.dylib.12.1, then pointing odcb to the /opt/ora/12/instantclient_12_2/libsqora.lib gives a file not found error. While the path definitely exists and has good permissions, inspecting the dylib with otool -L shows that the #rpath directories are not finding the supporting libraries.
If I pull down the 12.2 sqlplus client, extract it to the same instantclient tree and run the binary, the CLI works fine. This seems to be some sort of dylib loading issue with odbc, but I'm not sure how to fix it. I've tried setting DYLIB_LIBRARY_PATH, copying all the libraries straight into /usr/local/lib, all to no effect.
I've not yet tried to pull out install_name_tool and hard coding search paths (getting further in the weeds than I've done before on MacOS) and I'm hoping something so drastic and non-portable isn't required. Is there a step to the install process I'm missing to get this working?
Thanks in advance!
After significant back and forth on the Oracle Community forums, the condensed solution is documented at this blog post: https://blogs.oracle.com/opal/installing-the-oracle-odbc-driver-on-macos?dd
In brief, the Oracle ODBC supplied odbc_update_ini.sh needs to be ran after first patching to change the reference from libsqora.so.12.1 to libsqora.dylib.12.1. Two libraries (libclntsh.dylib.12.1 and libclntshcore.dylib.12.1) then need to be symlinked into a library location on your PATH (I used /usr/local/lib).
With the above config (using the Basic client instead of Basic Lite, though Basic Lite should work) and the necessary tnsnames.ora black magic (TNS connection strings are covered in many other SO questions), I was able to connect both with command line isql and with my true goal, R's odbc and DBI using unixODBC.
In previous posts, I mentioned that I split my Access database project (Access 2016) in a front-end (Access) and back-end (MS-SQL). It was recommended that I save my front-end as an executable file, which I did. However, since it has macros and vba code, I always get a security warning.
I need a digital trust certificate, right? The problem is that, since I have Windows 10, I can't use the Office 2010/2013 tutorials about making a self-certificate for VBA. Can I buy one? I am confused, and would like to resolve this quickly because I intend to install the front-end exe file onto several computers at work.
Thank you very much for your time and help!
Here is my dilemma, I am trying to perform Application Whitelisting based off of publisher which in turn is based on whether or not the application has been signed. The issue is, unsigned software does not have a publisher listed. My idea was to then vet unsigned software and if approved for use we could sign it with our internal code signing certificate. I tested this process out using Microsoft`s signtool and it seemed to work but here is the issue. When I tested it out I did it on an installer.exe, after that I installed the application in which it then created a file in Program files with the other installed .exes that came with it. When I check on the signature of the .exes that were installed in the Program Files it says that they are unsigned! I know i could go and run the same command on those to sign them but that is not feasible if we were to deploy this to numerous end systems. My question is: Is there a way to sign the installer to which when installing it, the .exes that are installed will also be signed by our internal certificate? Or is there a way to install the application and sign the necessary files and then repackage it for deployment? Sorry for the long question but I cant think of a way to get this done and I figure since Application Whitelisting is hot right now someone must have had a similar issue. Also, I know that we can use Path or Hash but that is not what I am trying to do here.
Thanks
First of all, I don't recommend signing vendor code with your corporate signature. I'm not sure if you are doing that or not but if you are, I'd suggest being careful. Unless you know exactly what's in the code, signing someone else's code is just not a good idea.
You are correct that the exes from the installer are unsigned; that's how the process works. When you sign an executable, you are only signing that exe and not the content of the cab file it extracts and lays down.
I use McAfee Application Control with signed installers, and that works out well. I trust my company's signature as an updater (allows it to change files), and it installs the software as desired without signing each executable.
So, let's go through the questions (sorry if this is long).
Is there a way to sign the installer and sign its subordinate exes? Not that I know of. Files are signed individually. You could probably automate that somehow; that's for a different thread. I'm no expert on signatures but in my experience when I've signed an installer that hasn't recursed into the installed content.
is there a way to install the application and sign the necessary files and then repackage it for deployment? Technically possible. Keep in mind that if you repackage a vendor install, you lose support on the install. There are several snapshotting tools out there that would do a delta on what was installed and would let you gather that info and then sign the files. That's an application packaging question on how to create the install from a snapshot.
I need to determine type of the file that I upload on Express.js server. There are ways by checking extension, or even checking something like this:
if(req.files.file.type !== "application/pdf") {
res.set('Content-Type', 'text/html');
return res.send({errormessage: "Only PDF accepted."});
}
Problem here is that changing file extension on client side, will easily fool this check. I think that only check is to download the file on Express filesystem on do some kind of a check on it.
I have tried mime library for node.js, but it also depends on content-type, and thus is easily fooled as well. I have seen another library:
https://github.com/mscdex/mmmagic
But it seems it is non Windows one. My server is Windows 2012 machine.
Any help is appreciated.
mmmagic should work on all platforms that node supports. If you are on Windows, you have to have the proper build environment though:
Python 2.7.x
Visual Studio/C++ 2010+ (If you use the Express edition, you will need to install the Windows SDK if you are compiling for 64-bit). If you use VS 2012+, make sure you download the "for Windows Desktop" version.