DelphiUdIT

11 hours ago, David Heffernan said:

Wrong. Setting a dynamic array to nil is identical to setting length to 0 and identical to passing it to Finalize. 

Thanks, I really didn't know this.

May be March 13th  we will know 😉

The record generally doesn't need to be freed.

The array should not to be freed setting a nil, you must use:   

EDIT1: MY FAULT, like @David Heffernan  said in the next post setting a nil is right.

EDIT: Of course only with dynamic arrays !!!

SetLength(records, 0);

Every single elements of the array must be released if necessary.
In you case you must release ALL arrays inside the record structure:

EDIT2: I FORGOT ALWAYS, AND ALSO THAT IS NOT NECESSARY LIKE @Remy Lebeau  later explained.

for var i :=  Low(records) to High(records) do
  begin
 	SetLength(records[i].names, 0);
 	SetLength(records[i].age, 0);
  end;

Integral type and string doesn't need to be released in Delphi, this include all numerical type and string. All others types should be released before resizing the array.

//Example
var A: array of integer;
	B: array of string;
	C: array of TComponent;

SetLength(A, 9);
A[0] := 1;
A[1] := 2;
..... // Do something with A[]
SetLenght(A, 0); //OK, right

SetLength(B, 9);
B[0] := 'Ola';
B[1] := 'Bye';
..... // Do something with B[]
SetLength(B, 0); //OK, right

SetLength(C, 9);
C[0] := TEdit.Create(self);
C[1] := TLabel.Create(self);
..... // Do something with C[]
SetLength(C, 0); // NOOOOO, wrong


SetLength(C, 9);
C[0] := TEdit.Create(self);
C[1] := TLabel.Create(self);
//release every single element
for var compo in C do
  begin
    if Assigned(compo) then
      FreeAndNil(compo);
  end;
SetLength(C, 0); // OK, right

8 minutes ago, Lajos Juhász said:

Indy is a 3rd party free library. It is not owned or sponsored by Embarcadero. Embarcadero used it in the past, in recent versions it is replaced by Embarcadero implementation in the IDE and RTL. 

Some parts of RadStudio still depends from Indy (and if you replaced the original version you lost them), like the others released in the past.

And may be not sponsored, but Indy is referenced in the Embarcadero Wiki, and is released in full with the IDE.

8 minutes ago, Rollo62 said:

Why why why is installation and using SSL and TLS still such a big mess in D12?

I have never understood why this important field of development looks so deserted, with only a view of a wide-open junkyard of the many newly invented wheels.

I thought Embarcadero was working on a better integration of OpenSSL/TLS in D12? 

 

I agree with you.
But there are others product like Esegece or ICS for example that do that without Indy.
 

Indy are a "historical value" and it is really simple to create whatever you want for communication over IP (IPv4 or IPv6). And it works in all the platforms.

I don't think that Embarcadero will do something about that (I don't remember anything about TLS/SSL on the ROADMAP), but it is may thought.

1 hour ago, FaFaFooey said:

A software developer that sells websocket components for Delphi has a modified Indy library with TLS 1.3 support for download: https://www.esegece.com/products/sgcindy

 

When you install it, it backs up the current Indy library and then replaces it with the modified Indy library. It has TLS 1.3 support at design time but no source is included if you need that. 

Their sources are available too (you must pay of course).
I don't know the product, but I don't think they replace the Indy library (I'm almost sure, 'cause if was like you said some functions of IDE should be lost).

I think they use the source of Indy to construct their components, so they can insert what they needs, maintain the near compatibility with Indy ...for example they can modified the name of the units leaving the name of classes the same of Indy (I would do it like this).

Update on the use of the TLS1_3 protocol in Indy (NOT OFFICIAL FROM Indy Team).

This is an indication coming from the undersigned, who has carried out exactly what is described and verified that there are no problems either with the IDE or with the existing projects by recompiling and executing them.

Conditions:

- Rad Studio Athens 12.0 patch 1 (or Delphi);
- Dowloaded Last GitHub repository Indy source: https://github.com/IndySockets/Indy/archive/refs/tags/Indy-10.6.3.zip
- Donwloaded PR299 (aka NewOpenSSL_PR x OpenSSL 1.1.1): https://github.com/mezen/Indy/archive/refs/heads/NewOpenSSL_PR.zip

Now you need to uninstall Indy from Rad Studio IDE, components and binaries included. YOU DO NOT NEED TO DELETE THE ORIGINAL INDY SOURCES.

This is the official link explaining how update Indy:  https://github.com/IndySockets/Indy/wiki/Updating-Indy

ATTENTION:

Do not use THE AUTOMATIC PROCEDURE in the instructions indicated in the previous link. It deletes files that do not belong to the Indy environment.
You have to do what is indicated by hand, but when you get to the REMOVE THE FILES procedure, stop!!!!

Instead, perform these steps:

1) Using Windows Explorer, go to the RAD STUDIO installation BIN directory (normally "C:\Program Files (x86)\Embarcadero\Studio\23.0\bin") and delete the following files:

Then go to the BIN64 directory and delete the following files:

Now you need to go to the LIB directory and list all the ID* files of the subdirectories (use the pane at the top right of the explorer to search). I recommend listing the files by NAME.
The list includes a series of files (more than 10000) that will need to be deleted, BUT FROM THIS LIST YOU MUST UNSELECT (i.e. THE FILES SHOULD NOT BE DELETED) the following files:

- all files starting with "FMX", should be 16;
- all files starting with "Vcl", should be 8;
- all files starting with "play", should be 4;
- the "idoc.dcu" files should be 4;
- the "idispids.dcu" files should be 4;

The procedure indicated in the link (Update Indy) would have deleted these last 8 files.

Now that you have deleted the files you will need to open the IDE.

Errors will be generated:

- package "dclemsedge290.bpl" could not be loaded, ignore and select not to reload again.

- the "livepreview290.bpl" package, ignore and select not to reload again.

Other packages may give errors, this depends on the fact that you have components registered in the IDE and that use Indy. You can ignore them and allow them to be reloaded the next time you restart the IDE.

If you want to do a clean job, you should go to TOOL/OPTIONS/LANGUAGE/DELPHI/LIBRARY and from the "Browsing Path" item you will have to eliminate the Indy references (Core, System and Protocol) IN ALL PRESENT PLATFORMS.

Now Indy is no longer present in Delphi.

If you followed my initial instructions you should have downloaded the two zip files indicated.

Unzip the first one (Indy-10.6.3.zip) into a directory. This directory will be the one containing Indy and will be used for all your applications.

Now from the second ZIP file (NewOpenSSL_PR.zip) EXTRACT ONLY the OPENSSL directory found in "Indy/Lib/Protocols" and add it to the directory you created in the previous step, always under Lib/Protocols (so at the end there will be a directory plus, Lib/Protocols/OpenSSL).

You will now have Indy with TLS1_3 enabled and with usable OpenSSL 1.1.1 (and also partially OpenSSL 3.1.x).

Continue with the "Build and Install" paragraph of the link indicated initially.

After finishing, you need to add two paths to Delphi's LIBRARY PATH to follow the ones you entered as in the instructions:

"Lib\Protocols\OpenSSL"
"Lib\Protocols\OpenSSL\Dynamic"

You will now need to recompile (and reinstall) all of your IDE components that use Indy and your projects.

For now the TLS1_3 can only be configured in code (therefore in RUNTIME), not in DesignTime as the IDE components have not been updated.

All your projects however will remain perfectly functional and will use the old TLS1_2 standard and the old OPENSSL 1.0.2 DLLs until you modify the source to include the new standard.

It's late and I'm going to eat now...

UPDATE

A note for those who use Indy to develop 64 bit or mixed 32 bit and 64 bit (even if you already know this):

• after having compiled and installed the Indy components (therefore 32 bit), delete the dcu files from the directories (where you unzipped Indy). You can safely delete ALL *.dcu files.

If you leave them, when you go to compile your 64 bit project it will give you an error because the "dcu" are 32 bit.
By deleting the dcu, you will force the recompilation (in your project) of the Indy libraries.

Also remember that in the options of your project a valid path is indicated in the "Unit output directory", this will allow the compiler to generate all the dcu of the project within that directory.

nothing ... already answered ...

2 hours ago, shineworld said:

I am using Python + VTK + QT.

LOL, I miss we are in a P4D section, sorry. I cannot help you , I never used Python4Delphi.

I don't know VTK, but I don't think that is a revolutionary approach to "surface" drawing. In the web nothing about Pascal, Delphi or FPC related is available.

Surely it's needed a handle to a graphic window. And should be a function that assign this.

Start from here. If there is something about "C" or "MFC" sample, will be available usefull info.

1 hour ago, Uwe Raabe said:

What makes you think so?

Apart from the fact that we are in the section:

nothing else.

But he's asking about C++, doesn't he ?

1 hour ago, Angus Robertson said:

He is not using 0.9.8 but 1.0.2zg, although is not a version we ever supported (it's a privately supported version).

The last public release was 1.0.2u.  All versions of 1.0.2 support TLS/1,2 and modern ciphers so should work with all servers today. 

Angus

I'm sorry, I miss SSL version ... But on 2008 (the packet that he indicate) OpenSSL in use was 0.98 ... only two years later OpenSSL 1.0.0 was published. And ICS surely (or not ???) didn't had TLS "implemented" with OpenSSL 0.98.
 

So, may be that is working with old ICS and new OpenSSL but with SSLv3 protocol.
But that is my thinking, for sure he should upgrade his environment.

4 minutes ago, Jeff Steinkamp said:

Where is it??  I do not find any component called Fast Reports and based on the vidoes, I do not find any actual program on my computer called FastReports. 

If you have the community edition, FastReport component is not available. Six years ago (2018) there was an edition of FastReport for CE, but now you must buy it.

I never used PowerPdf.

@Graphic Equaliser

You are using a too old SSL library. May be you are using 0.9.8 OpenSSL and those are the ciphers used:  only the SSL_v3  is supported.
You will not be able to connect to any site, 'cause your software should use TLS protocols (TLS1.3 or TLS1.2 should be the best).

You must upgrade to a new ICS package. Try to use the Community Edition of C++ or the free command line compiler : https://www.embarcadero.com/free-tools/ccompiler
 

Quote

openssl-0.9.8>openssl ciphers -v
DHE-RSA-AES256-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(256)  Mac=SHA1
DHE-DSS-AES256-SHA      SSLv3 Kx=DH       Au=DSS  Enc=AES(256)  Mac=SHA1
AES256-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(256)  Mac=SHA1
EDH-RSA-DES-CBC3-SHA    SSLv3 Kx=DH       Au=RSA  Enc=3DES(168) Mac=SHA1
EDH-DSS-DES-CBC3-SHA    SSLv3 Kx=DH       Au=DSS  Enc=3DES(168) Mac=SHA1
DES-CBC3-SHA            SSLv3 Kx=RSA      Au=RSA  Enc=3DES(168) Mac=SHA1
DES-CBC3-MD5            SSLv2 Kx=RSA      Au=RSA  Enc=3DES(168) Mac=MD5
DHE-RSA-AES128-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(128)  Mac=SHA1
DHE-DSS-AES128-SHA      SSLv3 Kx=DH       Au=DSS  Enc=AES(128)  Mac=SHA1
AES128-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(128)  Mac=SHA1
IDEA-CBC-SHA            SSLv3 Kx=RSA      Au=RSA  Enc=IDEA(128) Mac=SHA1
IDEA-CBC-MD5            SSLv2 Kx=RSA      Au=RSA  Enc=IDEA(128) Mac=MD5
RC2-CBC-MD5             SSLv2 Kx=RSA      Au=RSA  Enc=RC2(128)  Mac=MD5
RC4-SHA                 SSLv3 Kx=RSA      Au=RSA  Enc=RC4(128)  Mac=SHA1
RC4-MD5                 SSLv3 Kx=RSA      Au=RSA  Enc=RC4(128)  Mac=MD5
RC4-MD5                 SSLv2 Kx=RSA      Au=RSA  Enc=RC4(128)  Mac=MD5
EDH-RSA-DES-CBC-SHA     SSLv3 Kx=DH       Au=RSA  Enc=DES(56)   Mac=SHA1
EDH-DSS-DES-CBC-SHA     SSLv3 Kx=DH       Au=DSS  Enc=DES(56)   Mac=SHA1
DES-CBC-SHA             SSLv3 Kx=RSA      Au=RSA  Enc=DES(56)   Mac=SHA1
DES-CBC-MD5             SSLv2 Kx=RSA      Au=RSA  Enc=DES(56)   Mac=MD5
EXP-EDH-RSA-DES-CBC-SHA SSLv3 Kx=DH(512)  Au=RSA  Enc=DES(40)   Mac=SHA1 export
EXP-EDH-DSS-DES-CBC-SHA SSLv3 Kx=DH(512)  Au=DSS  Enc=DES(40)   Mac=SHA1 export
EXP-DES-CBC-SHA         SSLv3 Kx=RSA(512) Au=RSA  Enc=DES(40)   Mac=SHA1 export
EXP-RC2-CBC-MD5         SSLv3 Kx=RSA(512) Au=RSA  Enc=RC2(40)   Mac=MD5  export
EXP-RC2-CBC-MD5         SSLv2 Kx=RSA(512) Au=RSA  Enc=RC2(40)   Mac=MD5  export
EXP-RC4-MD5             SSLv3 Kx=RSA(512) Au=RSA  Enc=RC4(40)   Mac=MD5  export
EXP-RC4-MD5             SSLv2 Kx=RSA(512) Au=RSA  Enc=RC4(40)   Mac=MD5  export

2 minutes ago, Angus Robertson said:

OpenSSL "1.0.2zi" is not a free public release, it is only available to organisations that pay OpenSSL for premium level support, which costs $50,000 per year. 

 

I'd guess there is a support contract involved that prevents such software being distributed outside those organisations. So it should not be published.  

 

Angus

 

Thanks very much. I knew that the source is not public available, but I was hoping the DLLs could be distributed.

This is in Italian, you must go in "Settings/Networks an Internet", there is a "casual hardware address" setting ... if it is set I think that for every connection Windows generate a new MAC ...

I (can) have the OpenSSL binary for Windows 64 bit and Linux 64 bit, version "1.0.2zi" of 20/09/2023.

Only two CVE is missing ad this time ( CVE-2024-0727 and CVE-2023-6237 refer to: https://www.openssl.org/news/vulnerabilities.html ) and they are classified low severity.

With this release everyone use Indy are updated with security, waiting for the Indy 11.

OpenSSL 1.0.2zi remediates the following CVE's:

CVE-2023-3817
CVE-2023-3446
CVE-2023-0465
CVE-2023-0466
CVE-2023-0464
CVE-2023-0286
CVE-2023-0215
CVE-2022-4304
CVE-2022-2068
CVE-2022-1292
CVE-2022-0778
CVE-2021-4160
CVE-2021-3712
CVE-2021-23841
CVE-2021-23840
CVE-2021-23839
CVE-2020-1971
CVE-2020-1968
CVE-2019-1551
CVE-2019-1563
CVE-2019-1547
CVE-2019-1552
CVE-2019-1559

I don't know if I can share those library, since OpenSSL nothing say about binary license ... may be @Remy Lebeau  can suggest if i can post them here. Remy can post also the libraries in the Indy official repo.

In one of the document they say:

Quote

......... Javascript, Rust, Python, Java, Ruby, and Swift are all examples of memory safe languages .......

Really ? JS is a memory safe languages ? Who exposed this ...

You can use a variable before declared ("hoisting") ... this is safe memory language ?

26 minutes ago, Kas Ob. said:

She, and i am sorry missed that, but HKLM does exist for all users, only if they have access to it, here form my registry 

Everyone can read form the root of HKLM, other users registry are in HK_USERS and the needed registry is there in one of them, the only problem is : unless the user for IIS is listed in one of the allowed groups, no ISAPI can read these users.

Also a fun fact : HKEY_CURRENT_USER is just a virtual copy (shadow) for one (and one only) of these listed in HKEY_USERS.

 

1 hour ago, DelphiUdIT said:

P.S.: another solution is that you give full access right to the registry key that is interested to your read, use "regedit" for this and with right mouse click on the key choose "Autorizzazioni" (I think you are Italian ).

Like I told in prev. post ("Autorizzazioni" is like "Permissions" in Italian). But HKLM is accessible (the OPEN in READ mode seem to be OK from her), for this she must see the ERROR code in the query function  ... is about "key not found" ? or "access right" ? or ????
 

This is sure a new security counter measure from new Windows Server (or in the IIS) and should be interesting to know how the rights are on site.

3 minutes ago, Kas Ob. said:

He can and that is the problem, he can and there is a result but it is for different user as IIS (the host of the ISAPI) run in its own user, so most likely the error is the path doesn't exist or something.

She is try to reading the HKLM, this key is always present and is the same for all process (of course not in a virtual machine).

23 minutes ago, Sebastiana said:

this call is not successful, only the first one works, this : RegOpenKeyEx(HKEY_LOCAL_MACHINE, PChar(strSubKey),0,KEY_READ,Key) = ERROR_SUCCESS

Value := RegQueryValueEx(Key,PChar(strValueName),nil,nil, @Buffer,@Size);

This function return a value. Log this value, that can show you what is the EXACTLY the problem.

From line 11867 in WinApi.Windows.pas (Delphi Athens 12 patch 1) you'll find what's means that code.

Probably is like @Kas Ob. say, you cannot read HKLM registry from ISAPI.

If that is the problem, you must transfer all the key you need from HKLM to HKCU (or the right root key).

P.S.: another solution is that you give full access right to the registry key that is interested to your read, use "regedit" for this and with right mouse click on the key choose "Autorizzazioni" (I think you are Italian 😉).

4 minutes ago, Sebastiana said:

RegOpenKeyEx(HKEY_LOCAL_MACHINE, PChar(strSubKey),0,KEY_READ,Key) = ERROR_SUCCESS

RegQueryValueEx(Key,PChar(strValueName),nil,nil, @Buffer,@Size) = ERROR_SUCCESS

What kind of ERROR report these function ? May be that information can help you.

4 hours ago, Robert Gilland said:

I cannot understate the necessity to handle TLS1.3!

It is not strictly related to the use of TLS 1.3 but rather to the use of the new SSLs (we are now at 3.x), given that the old ones (which Indy still uses) have been deprecated and therefore could represent a security risk.

It must be said that with the PR version of the Indy repository which supports OpenSSL 1.1.1, you can also use OpenSSL 3.1.x not for all the functions but for a good part (which is the one that interests the SSL functionality of a WEB server for example).

Actually I have a WEB server with Indy and SSL 3.1.4 on Windows.

21 minutes ago, dummzeuch said:

There is a package installed in the IDE called "Embarcadero Sample Debugger Visualizers" (package name is: samplevisualizers). Given it's called a sample, I would have expected that the source code is also available, but I can't find it, neither in my Delphi installation(s) nor on Embarcadero's Gitub Sample repository. Any hints?

May be is related to this https://docwiki.embarcadero.com/RADStudio/Sydney/en/Visualizers but I don't think that there are the source code available.

There is a ToolsApi about that: https://docwiki.embarcadero.com/RADStudio/Athens/en/Debugger_Visualizers