Angus Robertson

Because you no longer need to distribute the DLLs separately, the increase EXE size should mostly cancel out. Or change the defs file and leave the DLLs alone, this change was really intended for new applications. I have tried to explain all this. You also don't need to distribute a root bundle file, but many people probably ignored that. https://wiki.overbyte.eu/wiki/index.php/Updating_projects_to_V9.1 Angus .

Thanks, as the readme9 says, we no longer test Delphi 7, too old, but I'll add Types soon, all due to increasing use of TBytes that Delphi 7 does not understand. Angus

Thanks for the comments, but what I need are modified and tested package files I can release to others, no point my trying to make changes I can not test. Angus

To get started with the ICS REST component, I suggest you build and run the OverbyteIcsSnippets sample, click the 'HTTP REST Json Request' button and see what it does. You can then copy the doHttpRestReqClick function which is heavily documented for all the hard coded properties. In your code, you say you are using the TSslHttpRest component, but you are not using the RestRequest method which is how all requests are started, you've not looked at our REST samples. BTW, one of the arguments in RestRequest specifies if the component makes sync or async requests, so make a sync request and your processmessages loop is no longer required, nor the RequestDone method. Angus

Short answer, no difference as far as ICS is concerned. ICS does not use any of the new features in 3.1, 3.2 or 3.3, yet. Long answer, OpenSSL is adding new features for each release, 3,1 was minor stuff, 3.2 was QUIC for HTTP/3 clients, 3.3 has just entered alpha testing and adds QUIC for HTTP/3 servers. Not sure if ICS needs to support QUIC and HTTP/3 (or HTTP/2), the only benefit is performance primarily when displaying complex web pages with hundreds of elements, and ICS is primarily used for APIs, not creating web browsers. HTTP/2 is half way to HTTP/3 (compressed headers) and there is an Indy implementation using a DLL, but hear very little about it, not sure if Delphi users need it? I've vaguely thought about a proper Delphi HTTP/2 implementation, but it's a lot of work for no visible benefit, just small performance improvement. There is are some OpenSSL 3.2 features I may look at, but no rush. My own servers are still using 3.0. But ICS offers all the currently supported versions. 3.1 and 3.2 will disappear before 3.0, once the next long term support release comes out. Angus

I don't do C++ so it is totally untested for V9.1, I removed hundreds of old files and some of those might have been needed for C++. Once you get it working, please email any changes for the next release. We can then restore it for GetIt. Due to OpenSSL being more integrated now, there will probably be quarterly releases to match OpenSSL. Angus

Back to my reply yesterday, you are still not requesting a secure connection, just from a different demo. Beware SSL connections to IP addresses will always give certificate errors, and won't connect unless you ignore those errors, as will happen since you've left the default Verify Certificate Mode. Your server should have a domain host name, that name should be set in DNS and the IcsHosts.Hosts setting and the SSL certificate should be for that host name, and the client connects to that host name, that is what SSL/TLS is all about. ICS V9.1 will create that certificate locally if it does not exist, although for the public internet it will order a certificate from Let's Encrypt. Can not tell if the server is running correctly, the client is connecting to non-SSL port 21, you have not shown the logging for the SSL certificates chain. You get that error message because you've left the IcsHosts setting AuthForceSsl=True so it refuses to connect without SSL, FTP is very insecure without SSL sending plain text passwords. Angus

Can you please first update ICS to V9.1, all those files and jobs were obsolete years ago and have been removed from the distribution. You will find documentation for IcsHosts at https://wiki.overbyte.eu/wiki/index.php/TWSocketServer.IcsHosts Angus

You are trying to connect to port 990 which is SSL only, but your client says 'sslTypeNone'. That server sample does not create any PEM files. You would be better using the latest V9.,1 release, and the OverbyteIcsSslMultiFtpServ and OverbyteIcsXferTst samples. Angus

There is a clever improvement in the GetIt ICS installation process, thanks Embarcadero. After the packages have been built and installed, the ICS demos-delphi-vcl project group opens in the IDE, allowing all the samples to be viewed and built, recommend saving the group as a favourite so it can be easily found. The group opens with the OverbyteIcsSnippets project, that provides one button examples of HTTP and FTP multiple file downloading and uploading, HTTP REST requests, Websocket client, TCP socket traffic, and sending email using Mail Queue. Angus

ICS V9.1 is now available to install from GetIt for Delphi 11 and 12, either VCL only or VCL and FMX. Start with the samples at C:\Users\(user)\Documents\Embarcadero\Studio\23.0\CatalogRepository\ Angus

Thanks, if you retain your old Defs file, ICS should behave as before, although I changed all the samples and my own applications so not sure when I last tested that... Angus

The TIcsMailQueue component is designed for exactly your requirement, you queue an HTML identically to your existing code, call the QueueMail method, and then let the component worry about delivering the email, in the background. You can queue hundreds of emails. Before queuing anything, you setup one or more SMTP servers, the background thread will then attempt to send queued emails to each of those servers multiple times over many hours until it is sent successfully, remove it from the queue and delete or archive the email. The sample has a window you can steal that shows queued emails, when they will be next attempted, and allows them to be deleted if never going to get delivered. Angus

FileZilla Client has very poor certificate validation, it should check the certificate chain and accept it, instead it presents that horrible window. Does the same with my own FTP server. Angus

You will find the OverbyteIcsXferTst sample easier to use, I was using the TIcsFtpMulti component for my tests. There is really nothing you can do for these errors, it's down to the server, firewalls and configuration. They need to tell you why connections fail. Or does the server work with FileZilla Client, perhaps there is something clever going on. Angus

I've reproduced a 425 FTP error after updating my FileZilla server to the latest on one of my public servers, and updating the Windows Firewall rules which FileZilla ignores (I have Delphi firewall functions that my servers use). I can access FileZilla fine from the public server, but not remotely, although my error is slightly different: 425 Unable to build data connection: EINVAL - Invalid argument passed So this is all done to firewall port ranges, not sure yet if Windows Firewall or the external pfSense firewall, need to investigate. Is your FileZilla server behind a firewall. Update: FileZilla is complaining: [Error] Data peer IP [217.146.115.82] differs from control peer IP [217.146.115.84]: this shouldn't happen, aborting the data connection. I have multiple outgoing IP addresses, and it does not like this. Update 2: After adding a router rule, I've got past the IP address error and the data connection now works. You really need the FileZilla log message for the 425 error to understand it. > PASV < 227 Entering Passive Mode (217,146,102,143,82,34) ! Passive connection requested to: 217.146.102.143:21026, control channel: 217.146.102.143 > MLSD < 150 About to start data transfer. ! SSL Connected OK with TLSv1.3, cipher TLS_AES_256_GCM_SHA384, encryption AESGCM(256), message auth AEAD Connected OK Again < 226 Operation successful ! Data Session closed ! Local File Stream Closed ! 245bytes received/sent in 31 milliseconds Angus

The 425 error from the server suggests it does not like the SSL/TLS connection, and yet we think it was okay, and it accepted the AUTH connection earlier. Nothing wrong with the commands being sent. SSL/TLS can be strange like that. BTW, I updated that old compiled demo today with a new version, although unlikely to behave any differently. Angus

So now you are using a recent ICS version with OpenSSL 3, since you are connecting with TLSv1.3? But you are probably using the old TSslFtpClient low level component that requires you to send to the correct FTP command in the correct order. As the error message suggests, you have not sent the PROT command with Protlevel=P. If you use the TIcsFtpMulti high level component instead, this is all done for you, see the sample OverbyteIcsXferTst. Or if you want a simpler sample, build OverbyteIcsSnippets and click the FTP Download One File button, the code is in a single function. Angus

ICS V9.,1 does not support old versions of OpenSSL and will never attempt to open them, I assume you've modified the source code in an attempt to do so. Did you attempt to connect to our server with your original application that failed with Filezillar server? Angus

It is much easier and safer to use the TIcsMailQueue component, so email is sent even if the mail server is not immediately available. Look at the OverbyteIcsMailQuTst sample, or one of the server samples like OverbyteIcsSslMultiWebServ that also use mailqueue to call home when in trouble, Angus

Look at the OverbyteIcsJoseTst sample which has a button that decodes your JWK using the function I mentioned, and displays it raw, while the OverbyteIcsPemTools sample does certificate and key conversions. ICS V9.1 has a new TX509Base method X509PubKeyTB that returns the public key in DER that can be used to compare with another public key or converted to Base64 which is PEM. Angus

ICS has various Jose and PEM functions that will read and create Json Web Keys. IcsJoseJWKGetPKey reads the Json text and saves the key as type TX509Base. TX509Base has methods to save certificates, private and public keys in numerous formats. What do you want to do with the public key? This may be better discussed in the ICS support forum . Angus

If you are attempting to locate COM ports on Windows, I suggest you use the Magenta Serial Port Detection Component from https://www.magsys.co.uk/delphi/maghardware.asp It has an event that triggers as ports arrive and disappear. It returns an array with information about each port, and whether enabled or hidden: COM1, Enabled=Y, Communications Port (COM1), (Standard port types), Serial0, ACPI\VEN_PNP&DEV_0501, COM2, Enabled=Y, PCIe to High Speed Serial Port (COM2), ASIX Electronics Corporation, StnSerial0, MCS9950MF\STN_CASCADE_COM, COM3, Enabled=Y, PCIe to High Speed Serial Port (COM3), ASIX Electronics Corporation, StnSerial1, MCS9950MF\STN_CASCADE_COM, COM4, Enabled=Y, Prolific USB-to-Serial Comm Port (COM4), Prolific, ProlificSerial0, USB\VID_067B&PID_2303&REV_0400, Port_#0004.Hub_#0007 COM5, Enabled=Y, Prolific USB-to-Serial Comm Port (COM5), Prolific, ProlificSerial1, USB\VID_067B&PID_2303&REV_0400, Port_#0001.Hub_#0007 COM6, Enabled=Y, Conexant USB CX93010 ACF Modem, Conexant, USBSER000, USB\VID_0572&PID_1329&REV_0100, Port_#0007.Hub_#0001 COM7, Enabled=Y, USB Serial Device (COM7), Microsoft, USBSER000, USB\VID_1546&PID_01A8&REV_0201, Port_#0002.Hub_#0007 Angus

Works for me, using OpenSSL v3, also connects with TLSv1.3. Can not test with old versions of OpenSSL, ICS does not work with them any longer. 19:01:16:550 Connect/Logon to FTP Server: ns130.askia.com:5022 19:01:16:591 < 220-FileZilla Server 1.8.1 19:01:16:591 < 220 Please visit https://filezilla-project.org/ 19:01:16:591 FTP Control Session Connected OK to: 85.13.217.130:5022 19:01:16:611 > AUTH SSL 19:01:16:641 < 234 Using authentication type TLS. 19:01:16:722 ! SSL Connected OK with TLSv1.2, cipher ECDHE-RSA-AES256-GCM-SHA384, key auth RSA, key exchange ECDH, encryption AESGCM(256), message auth AEAD 19:01:16:722 Connected OK Again Try connecting to the ICS FTP server on ics.ftptest.org. It may log something useful. Angus

ICS checks the OpenSSL version on start-up and fails if it does not support the version found, so he could not use 1.0.2 if ICS did not support it. The 2008 date might be wrong since that comes from a file resource, and ICS does not set any versions or dates in file resources, or if it does I've not updated them in 15 years. Date and versions are important in our applications, but not packages. Angus