Angus Robertson

The most affordable disk image solution is the one that comes with Windows 10/11, 'Backup and Restore (Windows 7)' which does full images every night here. Angus

Thanks again for the C++ changes, they are all now done and in SVN and the overnight zip, so ICS should install correctly on C++ Builder for 10.4 and 11.0. Angus

GetIt is also dead in Delphi 11.0, but was working last week, so probably just a temporary thing. Angus

Thanks for all the fixes, will do them tomorrow. Angus

When I run a server application under the Delphi 2007 debugger on Windows 11, I'm seeing a lot of these lines in the debug window, although the server is behaving as expected with no new errors. Debug Output: onecore\net\netprofiles\service\src\nsp\dll\namespaceserviceprovider.cpp(550)\nlansp_c.dll!6A1C85D4: (caller: 7523CD00) LogHr(16) tid(4c44) 8007277C No such service is known. The service cannot be found in the specified name space. Process webapp_telecom.exe (12000) No idea why onecore or net is being used, this is a Win32 application. I've had a DNS problem on the PC since I upgrade to W11 last week, lookups are sluggish as If it's trying the wrong server first, but nothing in the event logs. Angus

The purpose of #pragma is a mystery to me lacking any C++ knowledge, but I'll fix it! Should be in SVN in a couple of days, thanks again. I don't get any errors building Delphi Win64 samples, I specifically created a lot of Win64 projects to allow more testing, but less sure about the Delphi 11.0 64-bit debugger, the IDE locked up on me. Angus

Thanks, Compiler15 would be Delphi XE, so still an early unicode version, will change it. Angus

WriteBOM is a TStringList method, I guess it was introduced some time after Delphi 2010, will have to investigate when. Angus

Thanks, OverbyteIcsSslThrdLock has gone, I'll fix the package problems, I can not build them so rely on others to test them. No idea how the C++ obj files are created, guess it needs to be rebuilt somehow. Angus

ICS V8.67 is now available from GetIt for RAD Studio 10.4 and 11.0. Angus

ICS is not supported on Linux, yet. The FAQ at the top of this thread shows how to do it on Windows, there is a sample application with source code. Angus

This is all down how you install new certificates into the Windows Store, which has always been a black art. You can double click on a PFX/P12 file, or do it from IIS Server Certificates which is better. Both should install intermediates into the correct store, but may not, and won't remove old intermediates with the same name, that may still be sent with requests. Which is one reason why ICS now has a new TMsCertTools class that allow installation of certificates to the Windows store. Angus

Let's Encrypt started using R3 intermediates last December, there were three different versions since then, two signed by the expired root, which Windows IIS was still sending out, one expired this week but IIS still used it. Angus

After investigation, the main issue today was with the Windows IIS web server using Let;'s Encrypt certificates. The Windows Intermediate Certificate Authorities store had old certificates that it was still sending out with each request, according to the excellent SSL Labs test site. Essentially, you only install new certificates in the store and old ones remain until removed manually using Admin Tools, Manage Computer Certificates, or the latest version of the ICS PemTools sampl;e which also allows deletion of certificates, which can now be done from applications as well. IIS then sends any intermediates it finds matching for the server certificate. Browsers seem cleverer than OpenSSL in ignoring unwanted certificates, so the problem may not be that visible. My IIS server has IPv4 and IPv6 binding on several IP addresses, and the issue did not appear on all bindings, possibly due to caching. I had to reboot the server after deleting the unwanted certificates to stop IIS sending them, even after restarting IIS itself. So if you have installed Let;'s Encrypt certificates into the Windows store, I'd recommend you deleted these old intermediates: Issued to CN: R3, (O): Let's Encrypt Issuer (CN): DST Root CA X3, (O): Digital Signature Trust Co. Expires: 29/09/20213 Issued to (CN): Let's Encrypt Authority X3, (O): Let's Encrypt Issued by (CN): DST Root CA X3, (O): Digital Signature Trust Co. Expires: 17/03/2021 16:40:46, Issued to (CN): ISRG Root X1, (O): Internet Security Research Group Issuer (CN): DST Root CA X3, (O): Digital Signature Trust Co. Expires: 2024-09-30T18:14:03, The last one is still being distributed by Let's Encrypt with new orders, and needs a change to ICS to remove it, but does not seem to give an error with OpenSSL. Angus

The patch will not be used, there are no benefits or bug fixes, it's purely cosmetic with severe implementation issues. Angus