Angus Robertson

Has anyone tried this service for signing applications, free until June 2024, then $9.99: https://techcommunity.microsoft.com/t5/security-compliance-and-identity/trusted-signing-is-in-public-preview/ba-p/4103457 Angus

I'm attempting to build ICS for Linux, to help with the MacOS support. I used Hyper-V Quick Create to create an Ubuntu 18 VM, took about 10 minutes and a few key clicks, except xRDP no longer works on that build and without it you can not connect to install the fixed packages. Started again with Ubuntu 20 which works fine and displays a Gnome desktop with full connectivity. Installed PAServer and running it in a terminal window, expected port and IP address. But when I create a profile in 10.4 with those details, just get connection failed. There is no Windows firewall, maybe Ubuntu 20 has one? Or am I missing something obvious? Thought I'd try and setup Apache web server, but can not find it. Angus

You are not using the modern REST component TSslHttpRest, but the older harder to use component TSslHttpCli, your choice, but you have to live with more complex code. The point here is that you are responsible for determining whether you successfully connected to the HTTP server, and cleanly close everything if not, and try again. ICS is event driven, it does not wait x seconds and then decide to clean everything up for you, not even the sync modes. There will be no breaking changes to the way the HTTP client handles errors, without weeks of discussion. You need to handle this yourself. Angus

This was fixed for V9.2, in SVN and the overnight zip. Are you using one of those? Angus

If your error handling code does not correctly clean up after errors, you can check , Before starting a new request, you can check State <> wsClosed before starting a request and close it. Beware, Close may not be instant, if Windows is still attempting to connect. Angus

X509_get_X509_PUBKEY was added to OverbyteIcsLIBEAY;.pas for V9.1, so you probably have mixed versions, with old and new units. Angus

To my eye, the two procedures seem to be identical, so I can only assume the different result is due to different parameters to the two procedures. BTW, since you are using the RawParams option in RestRequest, RestParams are ignored. Angus

Authentication should now be fixed in SVN and the overnight zip. Angus

AnswerBodyTB is now in SVN and overnight zip updated. Angus

That was fixed in V9.1, or at least there are now settings that allow the HTTP clients to be used without SSL being available, for http:// only. I go to extreme lengths to keep ICS backward compatible, I know how horrible it is updating to new compilers and components when you get blizzards or IDE error messages on opening old projects, it's why some of my projects are still Delphi 2007. Rarely backward compatible is not possible, but I did spend a week or two writing documentation and updating samples explaining how to update to V9.1. Angus

ICS V9.1 has been released at: https://wiki.overbyte.eu/wiki/index.php/ICS_Download ICS is a free internet component library for Delphi 7, 2006 to 2010, XE to XE8, 10, 10.1, 10.2, 10.3, 10.4, 11 and 12 and C++ Builder 10.4, 11 and 12. ICS supports VCL and FMX, Win32, Win64 and MacOS 32-bit targets. Beware Mac OS-X and C++ have not been tested recently due to lack of support from such users. The distribution zip includes the latest OpenSSL 3.0.13. 3.1.5 and 3.2.1, for Win32 and Win64. The highlights of V9.1 were posted in this topic two weeks ago, and are included in the download page. The full release notes for V9.1 are at https://wiki.overbyte.eu/wiki/index.php/ICS_V9.1 There is also a new page https://wiki.overbyte.eu/wiki/index.php/Updating_projects_to_V9.1 to help with migrating existing projects. The main ICS readme9.txt has the installation section rewritten to explain the new common groups and packages used for Delphi 10.4 and later, so you won't find any dedicated ICS packages for Delphi 11 or 12. The readme now also explains all defines in the .\Source\Include\OverbyteIcsDefs.inc file that control how OpenSSL is loaded. All ICS active samples are available as prebuilt executables, to allow ease of testing without needing to install ICS and build them all. There are four separate zip files split into clients, servers, tools and miscellaneous samples which can be downloaded from https://wiki.overbyte.eu/wiki/index.php/ICS_Samples Angus

The default defines are designed so that users get new applications working easily and safely, without them failing immediately because the OpenSSL DLLs can not be found. Or needing to copy those DLLs into every single different directory to which modern versions of Delphi build by default. Angus

If you undefine {$DEFINE OpenSSL_Resource_Files}, ICS will look in the ICS-OpenSSL directory for the DLLs, so how does make you in control? If you want to load the DLLs from your own specified location, like the application directory, you need to add extra code, as has always been the case with ICS, but you'll need to change other defines as well since OpenSSL is now loaded by default before any code is run. This is explained in depth in readme9, and other places. Angus

No, ICS will never contain an openssl-x64.exe file, since ICS does not use openssl.exe. Our OpenSSL zip distributions are separate for Win32 and Win64, so it is up to end users to do something if they want to combine them. SVN and the overnight zip do now correctly have the Win32 version of openssl.exe, the Win64 version was an error. Angus

Thanks, I'll install them in D12. Happy to update to the latest version, but some advice for existing would be appreciated, other than all the component names have 6 on the end. Or is it simply a case of going through the DFM and PAS files with a text editor and adding that 6 to the types. Angus

ICS house style, per your original request example. Angus

Thanks, I added AnswerBodyTB which creates a TBytesStream, not tested yet since the samples don't send small streams. Angus

Do you expect AnswerBytes to be an alternate to AnswerStream, AnswerString or AnswerPage? Angus

Setting up MTS/ATS for Windows is not trivial, Azure command line interface, new signing tool, Azure signing DLL, .net8 runtime, environmental variables, Azure commands, etc. Not helped by the Microsoft web site code and Json examples all using non-breaking spaces (xA0) which have to be replaced by real spaces to do anything useful. Once installed, it attempts to sign my program, but fails with OAuth2 login using a browser, and with incorrect secrets, so many to choose from in Azure. So the documentation needs much clearer information of how Azure authentication should be set up for Windows apps. Angus

In the progress of getting this working, setting anything up in Azure is horrible, I've got OAuth2 stuff, now waiting for company identity validation. I've had MSDN and partner accounts for 30 years, used to get a box of CDs each quarter before the internet. Worth mentioning that if you have a partner MAPS account and pay annually (UK £350) to get all the MS OS and apps, you get $100 of Azure credit each month, which I assume can be used for code signing. Two minutes later, validation pass. Angus

I'm slowly adding TBytes versions of binary methods and properties as I update components, should be added in the next week or so. Angus

Probably handled manually in USA business hours until full launch. Angus

I'll be happy not needing to deal with Digicert, Sectigo and co, particularly with their massive price increases in recent years. Let's Encrypt stopped most of their web certificate business. Microsoft does have a history of looking after developers, for many years there was a web page that allowed buying heavily discounted certificates from the major vendors at the time, it disappeared a few years ago. Angus

Thanks for all the useful comments, I'll try it myself when I have time later in the week. Got another eight months left before my code signing certificate expires, but looks like I can avoid dongle hell. I've had an Azure account for years, although perhaps not the correct type of account. Angus

Generally, in the progress event, you check the LogLevel so that LoglevelProg is displayed, not logged every two seconds during the download, as you did in your example above, although does not really matter for small files. The component reports the HTTP reported size at the end and does not check the actual file, the snippet sample checks the real size after download. Angus