Angus Robertson

Thanks, will be fixed in SVN later today. Don't fire up Delphi 7 very often. Angus

Historically I prefer major non-Microsoft applications at root level, easier to find. no access restrictions is a bonus. I also installed all Delphi samples and common files in the same directory, and third part libraries, to keep versions from different releases separate. And I do that in VMs with multiple copies. I also prefer my own directory naming convention of real names rather than RAD studio version numbers which almost no-one uses. Angus

I keep the last two versions on my main development PC, plus D2007, so uninstalled 10.2 before installing 10.4, and 10.3 is still fine. I have VMs with all the old versions. For the past 20 years, I've installed Delphi in my own named root directories, never program files, but just realised that I was never offered a choice of install directories while installing 10.4 from the ISO, or if I was, missed it on some cluttered screen. So it now seems to be buried in program files... Angus

Depends what you think SFTP means, there is no standardised protocol with that name. If you mean FTP over SSH with a private key, ICS does not support that. If you mean FTP using SSL/TLS, then ICS does support it, But the source code is not as simple as you think, clients don't need a private key or SSL certificate, only servers, unless you are trying to implement client certificates which is very rare. ICS also does not recognise files with extension PPK, nor whatever content you have in it which is what the OpenSSL error effectively says. But you don't need it. There are several ICS FTP example applications, I suggest you build Samples\delphi\sslinternet\OverbyteIcsXferTst.dpr first. Angus

The ICS V8.64 distribution includes packages and project groups to install on Delphi and C++ 10.4 Sydney. and is available via GetIt for 10.3 and 10.4, Angus

ICS V8.64 has been released at: http://wiki.overbyte.eu/wiki/index.php/ICS_Download ICS is a free internet component library for Delphi 7, 2006 to 2010, XE to XE8, 10 Seattle, 10.1 Berlin, 10.2 Tokyo and 10.3 Rio, and C++ Builder 2006 to XE3, 10.2 Tokyo and 10.3 Rio. ICS supports VCL and FMX, Win32, Win64 and MacOS targets. The distribution zip includes the latest OpenSSL 1.1.1g win32, with other versions of OpenSSL being available from the download page. Major Changes in ICS V8.64 include: 1 - ICS now supports International Domain Names for Applications (IDNA), i.e. using accents and Unicode characters in domain names. Domain names can only contain lowercase ASCII letters and numbers and a couple of symbols, so Unicode U-Labels (nodes in a domain) must be converted to A-Labels (Punycode ASCII) with an ACE (ASCII Compatible Encoding) prefix. So www.mâgsÿstést.eu becomes www.xn--mgsstst-pwa1e4l.eu and мособлеирц.рф becomes xn--90aijkdmaud0d.xn--p1ai. 2 - Added a new WMI component based on the Magenta Systems WMI and SMART Component which allows listing all WMI classes, adding and updating network adaptor IP addresses, and adding and updating records in Windows DNS Server (2012 and later). 3 - For SSL/TLS servers, the initial client hello sent before protocol and cipher negotiation starts is now available in the onSslServerName event, when it is easier to select the SslContext to be used on shared servers supporting lots of hosts. 4 - There are various improvement for SSL/TLS servers using IcsHosts. NonSSlPort may be zero for to allocate a random port (not for SSL), the new BindPort and BindSrvPort properties show the real port while listening, reported by ListenStates. If SslCert can not be found the server will create a self signed SSL certificate with all the HostNames so the server can start. 5 - There are many X509 SSL certificate ordering improvements from Let's Encrypt using ACME. All the ACME challenges are now supported. tls-alpn-01 which works on SSL port 443 using a special self signed certificate thus avoiding a server running on port 80 as well. dns-01 which updates Domain Name Server TXT records to avoid using any servers, allowing wild card orders, currently Windows DNS Server on the same server, but Cloudfare is planned. Note the OverbyteIcsX509CertsTst sample running on a Windows DNS Server is able to order a certificate with multiple wildcard and normal domain names automatically in a few seconds, where a similar commercial certificate would cost at least $100 per wildcard. 6 - TRestParams used with the TSslHttpRest component, has more parameter content types: PContXML, PContBodyUrlEn, PContBodyJson and PContBodyXML. The existing PContUrlEn and PContJson now specify REST params are sent as URL ? arguments, while the PContBodyxx version send params as content body. XLM parsing into an ISuperObject has been added so SOAP and XML REST responses can be processed similarly to Json responses. 7 - The TFtpServer component has a new TFtpOptions ftpsAuthForceSsl which requires SSL/TLS before allowing the LOGIN to be processed so that clear text credentials can not be sent. May also be set using IcsHosts with AuthForceSsl=True for specific Hosts only. Failure gives '533 USER requires a secure connection'. 8 - Added a Websocket server implementation (HIXIE and HYBIE protocols) ported from phpws project, written by Stan Korotky <stasson@orc.ru>. There is no a specific component for websockets, they are handled internally from a custom TWebSockSrvClient. 9 - Did a refresh of the three SSL/TLS trusted root certificate bundles included with ICS, to add new roots and remove untrusted certificates. 10 - Added CreateSelfSignCertEx to OverbyteIcsSslX509Utils to create self signed certificates with subject alternate names and specific key types. More detailed release notes are at: http://wiki.overbyte.eu/wiki/index.php/ICS_V8.64

Power broadcasts give warnings when the system is about to close down, while designed for battery powered kit, they do work on desktops, my PCs have USB connection to the APC UPS so can close down early. Can not say specifically under what circumstances these messages appear, but belt and braces when saving data... PBT_APMBATTERYLOW: mess := 'Battery power is low' ; PBT_APMQUERYSUSPEND: mess := 'Request for permission to suspend' ; PBT_APMSUSPEND: mess := 'System is suspending operation' ; Angus

You should also listen for WM_POWERBROADCAST, but this has to be set-up to work, WM_ENDSESSION and WM_QUIT, lots of ways of closing down. Angus

Thanks, will be fixed today. Angus

You should be repeating RestRequest and not using DoRequestAsync so the request is properly initialised, missed that, other problems may occur attempting to make this a class. Angus

Many thanks, also fixed EVP_DigestVarifyInit. That may get be closer to finding an ECDSA signing bug I've been looking for on and off for a couple of years, its shown up another error in code that was bypassed previously. Are you using the signing functions and finding problems, is that why you are finding all my API conversion errors? Angus

You should be using the onHttpRestProg event with DebugLeve=DebugBody so you can actually see any error messages and what is really happening. But please don't post long logs here, no more than a few pertinent lines. Angus

As I said, you are recursively starting a new HTTP request from the within an event called by that request, you need to start the next request outside the event, either from a timer as I suggested, or by sending a message to a function that starts the next request. Sleep stops messages being processed so defeats the concept of event driven programming, it should only generally only be used in threads that don't do anything else. Angus

Not looked closely at your code, only got as far as sleep in an event handler which is very bad design. You are also recursively starting a new request from the event, which calls the event again... To use async functionality properly, you should use a timer and triggers. ICS provides such functions in OverbyteIcsUtils, ie IcsGetTrgSecs, IcsGetTrgMins, IcsTestTrgTick which are used in OverbyteIcsSslMultiWebServ1.pas as an example. You set a trigger in the event to how every many seconds you want to wait, then test it in a timer triggering once a second or slower, then start the next request. Angus

Also use TSslHttpRest instead of TSslHttpCli since this avoids you needing to use an SslContext in your application, look at the OverbyteIcsHttpRest sample. Angus