Angus Robertson

ICS V8.62 is now installable from GetIt on recent versions of Delphi. Angus

Having put this off for several years, I'm now attempting to build UltraExplorer 2.5, don't know if the source ever actually built, no exectutable in SVN. Think I've installed all the necessary visual components (not all are listed in About), not necessarily the same versions MustangPeak used for Delphi 7, and I'm using Delphi 2007. The main form loads OK, but I can not find ClipboardProc.pas except on a Chinese site that appears to be dead, anyone got it? Still correcting errors and mismatches between components and forms, not sure the TNT defines are set everywhere. But getting close to building it. Angus

Remy, I can probably help whoever does the Indy upgrade to OpenSSL 1.1.1, I kept good notes of the changes required, functions changed, etc. Angus

Sorry, had a busy summer, will do it in the next few days. Angus

A message here on 12th August explained enough. To record the HTTP protocol, you add logging to component events, onCommand and onHeaderData in particular. But the better way is to change TSslHttpCli to TSslHttpRest which is effectively a higher level version that handles lots of stuff you have to plug into the former manually, like cookies, compression, SSL context, and logging. Look at http://wiki.overbyte.eu/wiki/index.php/FAQ_Using_TSslHttpRest Angus

I know HTTP proxy support works in V8.62, since I improved it a few months ago and use it regularly myself, to the ICS proxy server. I simplified the way it is configured so you can use a single URL rather than four separate fields, per the release notes I published here recently. So what proxy protocol are you using? Is this HTTP or HTTPS? Is there any redirection involved? Where are the protocol logs? Angus

The short term solution is to use OpenSSL 1.1.0 which should still work on Windows XP. We still provide new binaries for 1.1.0, but support ceases in a few months, so after that there are no more security fixes. At some point, ICS may stop supporting 1.0.2 and 1.1.0 to remove some conditional code, so you may need to then keep an old version of some ICS units as well, but probably not for at least another year. Indy users will also be hit by support for 1.0.2 being stopped, since I don't believe it yet supports 1.1.0 or 1.1.1. Angus

There are several different proxy options in different components. Angus

The OverbyteIcsHttpRestTst.dproj sample has a grid titled REST Parameters where you enter multiple Names and Values, select REST Content as Json, request type POST and enter your URL. If a Json response is returned, it is also displayed as a grid. The OverbyteIcsSslHttpRest.pas unit itself has several examples of setting RestParams using code, for making OAuth requests, DNS over HTTPS and SMS. and OverbyteIcsSslX509Certs.pas has numerous examples ordering SSL certificates. Beware the RestParams properties don't easily handle arrays, sometimes it's easier to build the parameters using a Jspn library, ICS includes SuperObject which works with all versions of Delphi, since Json was only added to the Delphi language in more recent versions. Angus

Thanks, your changes are in SVN. Angus

Your patch should be against the latest SVN version 1435, not a three month old version. Some of your changes in OverbyteIcsCB2009Run.cbproj have already been done. Angus

ICS V8.62 has been released at: http://wiki.overbyte.eu/wiki/index.php/ICS_Download ICS is a free internet component library for Delphi 7, 2006 to 2010, XE to XE8, 10 Seattle, 10.1 Berlin, 10.2 Tokyo and 10.3 Rio, and C++Builder 2006 to XE3, 10.2 Tokyo and 10.3 Rio. ICS supports VCL and FMX, Win32, Win64 and MacOS targets. The distribution zip includes the latest OpenSSL 1.1.1c win32, with other versions of OpenSSL being available from the download page. Major Changes in ICS V8.62 include: 1 - The HTTP client has new properties. There is a new THttpAuthType of httpAuthJWT which uses the AuthBearerToken property for Json Web Token authentication. A new ProxyURL property combines four proxy properties as a URL for simplicity, ie http://[user[:password]@]host:port. The new AlpnProtocols property is a request list sent when an SSL connection starts, once connected GetAlpnProtocol returns which protocol the server wants to uses. 2 - Various improvements for automatic X509 SSL certificate ordering to support final ACME RFC8555. AcmeV2 now supports POST-as-GET, GET alone being removed later in 2019. Added Proxy URL support, might be needed for servers behind NAT firewalls for public access. Added support tls-alpn-01 challenge for local web server on 443, but not working yet. 3 - SocketServer now uses a separate local web server for servers not using ports 80 or 443 such as FTP, SMTP, proxies, etc, When ordering X509 SSL certificate using ChallFileSrv challenge. 4 - TWsocket now raises a background exception for user exceptions in the OnDataAvailable event rather than silently ignoring them. If IcsLogger is being used, HandleBackGroundException now logs exceptions and their source to make them easier to find. 5 - In the TSslHttpRest component, TRestParams can add Json parameters as PContJson which means arrays and nested Json can be added. Added a new SslAllowSelfSign property to connect OK to sites with self signed SSL certificates which would normally fail validation. 6 - TSimpleWebSrv now supports SSL, with certificate bundle and host name, and supports the SSL ALPN extension for automatic X509 SSL certificate ordering. 7 - The new TIcsSms component adds support for SMS Works bureau at https://thesmsworks.co.uk/ to send SMS messages, cheaper than Kapow, and allows sender ID to be freely changed. 8 - Updated all .dproj files for all samples to add the ICS source folder to the search path of each project. 9 - Added Time Zone support for date string conversions, to UTC time with a time zone, and back to local time using a time zone, primarily for SMTP email headers which otherwise show UTC time. 10 - TIcsIpStrmLog using TCP server now uses the root bundle correctly and reports the certificate chain and bindings. Ensure all listeners started for TCP Server, if more than one.

As I told you back in March, use the OverbyteIcsHttpRestTst.dproj sample which allows you to specify the Json parameters for your POST request. Angus

Probably not, since you asked the component to send from the end of the stream, not the beginning. you need Stream.Seek(0, soFromBeginning). If you are using TSslHttpRest most of thar code is not necessary since it builds Json for you. Angus

There is an example in the same unit, IcsJoseGetSig. There is also a sample project OverbyteIcsJoseTst.dpr that is used to test the various Jose functions, including hex, base64 and base64url encoding and decoding. But this unit needs the OpenSSL DLLs to be distributed with your application, as does any use of SSL or encryption in ICS. And you need to initialise OpenSSL before calling those functions, see the sample application. As others mentioned, there are Delphi only implementations of SHA256, but IcsHMACDigest more modern digests as well. and most REST applications need HTTPS.