Angus Robertson

AnswerBodyTB is now in SVN and overnight zip updated. Angus

That was fixed in V9.1, or at least there are now settings that allow the HTTP clients to be used without SSL being available, for http:// only. I go to extreme lengths to keep ICS backward compatible, I know how horrible it is updating to new compilers and components when you get blizzards or IDE error messages on opening old projects, it's why some of my projects are still Delphi 2007. Rarely backward compatible is not possible, but I did spend a week or two writing documentation and updating samples explaining how to update to V9.1. Angus

The default defines are designed so that users get new applications working easily and safely, without them failing immediately because the OpenSSL DLLs can not be found. Or needing to copy those DLLs into every single different directory to which modern versions of Delphi build by default. Angus

If you undefine {$DEFINE OpenSSL_Resource_Files}, ICS will look in the ICS-OpenSSL directory for the DLLs, so how does make you in control? If you want to load the DLLs from your own specified location, like the application directory, you need to add extra code, as has always been the case with ICS, but you'll need to change other defines as well since OpenSSL is now loaded by default before any code is run. This is explained in depth in readme9, and other places. Angus

No, ICS will never contain an openssl-x64.exe file, since ICS does not use openssl.exe. Our OpenSSL zip distributions are separate for Win32 and Win64, so it is up to end users to do something if they want to combine them. SVN and the overnight zip do now correctly have the Win32 version of openssl.exe, the Win64 version was an error. Angus

Thanks, I'll install them in D12. Happy to update to the latest version, but some advice for existing would be appreciated, other than all the component names have 6 on the end. Or is it simply a case of going through the DFM and PAS files with a text editor and adding that 6 to the types. Angus

ICS house style, per your original request example. Angus

Thanks, I added AnswerBodyTB which creates a TBytesStream, not tested yet since the samples don't send small streams. Angus

Do you expect AnswerBytes to be an alternate to AnswerStream, AnswerString or AnswerPage? Angus

Setting up MTS/ATS for Windows is not trivial, Azure command line interface, new signing tool, Azure signing DLL, .net8 runtime, environmental variables, Azure commands, etc. Not helped by the Microsoft web site code and Json examples all using non-breaking spaces (xA0) which have to be replaced by real spaces to do anything useful. Once installed, it attempts to sign my program, but fails with OAuth2 login using a browser, and with incorrect secrets, so many to choose from in Azure. So the documentation needs much clearer information of how Azure authentication should be set up for Windows apps. Angus

In the progress of getting this working, setting anything up in Azure is horrible, I've got OAuth2 stuff, now waiting for company identity validation. I've had MSDN and partner accounts for 30 years, used to get a box of CDs each quarter before the internet. Worth mentioning that if you have a partner MAPS account and pay annually (UK £350) to get all the MS OS and apps, you get $100 of Azure credit each month, which I assume can be used for code signing. Two minutes later, validation pass. Angus

I'm slowly adding TBytes versions of binary methods and properties as I update components, should be added in the next week or so. Angus

Probably handled manually in USA business hours until full launch. Angus

I'll be happy not needing to deal with Digicert, Sectigo and co, particularly with their massive price increases in recent years. Let's Encrypt stopped most of their web certificate business. Microsoft does have a history of looking after developers, for many years there was a web page that allowed buying heavily discounted certificates from the major vendors at the time, it disappeared a few years ago. Angus

Thanks for all the useful comments, I'll try it myself when I have time later in the week. Got another eight months left before my code signing certificate expires, but looks like I can avoid dongle hell. I've had an Azure account for years, although perhaps not the correct type of account. Angus

Generally, in the progress event, you check the LogLevel so that LoglevelProg is displayed, not logged every two seconds during the download, as you did in your example above, although does not really matter for small files. The component reports the HTTP reported size at the end and does not check the actual file, the snippet sample checks the real size after download. Angus

I just tested the 'HTTP Rest Download' function in the snippets sample, that downloads a 300M file from my server, same code as yours, I get a 300M file. How are you reporting the size downloaded? Beware the V9.1 snippets sample won't download from my server any longer, I added server authentication to test something else, and you'll need a new snippets from SVN or the overnight zip that adds authentication as well. Angus

Beware TWinCertificate is only declared in Delphi 12, perhaps ImageHlp as well. But I'll look at those functions to allow verifying the signing chain using OpenSSL instead of the slow capicom.dll COM object used by my component at the moment, but not looked at the component for several years. Angus

This Win64 exception was due to using Free on a stream that was already closed, instead of NilAndFree which checks first, and is used elsewhere in the same function. Not sure why Win32 hides the bug, but Win64 does not, this was within finally/end. Not in SVN yet, and the V9.1 HTTP snippet is now broken because last week I added authentication to the web server directory it uses to test something else, and forget snippets uses that directory. Angus

The sample OverbyteIcsIpStmLogTst is the proper test bed for the TIcsIpStrmLog component. For a successful remote connection, the events triggered are: 11:55:09 C[0] State: Starting 11:55:09 C[0] TCP/Client Opening Connection to [2a00:1940:0:c::128]:80 11:55:09 C[0] TCP/Client Connected OK 11:55:09 C[0] State: OK (manually stopped) 11:55:24 C[0] State: Stopping 11:55:24 C[0] TCP/Client Disconnected 11:55:24 C[0] State: None But for an unsuccessful connection it normally keeps trying to reconnect to the remote IP, so there is no immediate state change: 11:50:56 C[0] State: Starting 11:50:56 C[0] TCP/Client Opening Connection to [2a00:1940:0:c::128]:5000 11:51:17 C[0] TCP/Client Failed Connection - Connection timed out (#10060) - Retrying in 10 secs 11:51:27 C[0] TCP/Client Opening Connection to [2a00:1940:0:c::128]:5000 This is one of the 'features' of the component, if the client connection fails or drops it keeps trying to restore the connection, although that is exactly what you don't want! With RetryAttempts set to -1, the events called are: 12:06:45 C[0] State: Starting 12:06:45 C[0] TCP/Client Opening Connection to [2a00:1940:0:c::128]:6666 12:07:06 C[0] State: Stopping 12:07:06 C[0] State: None 12:07:06 C[0] TCP/Client Failed Connection - Connection timed out (#10060) 12:07:06 C[0] TCP/Client Disconnected So you need to check Stopping and/or None for failure, there is no specific State: Failed event, unless you watch the literals for timeout out. Angus

Most ICS functions are async, not blocking, you missed IpLogClient.onLogProgEvent := onCliLogProgEvent; from snippets, and in the event you check IpLogClient.States[0] for logstateOK or something else if failed. As is often discussed here, it is rarely necessary or useful to use ICS components in a thread, but if so you can not use application.processmessages since that is the main thread, you have to create the component within the thread Execute method, set the MultiThreaded property to true, and call the component ProcessMessages method instead. Angus

The magic word was simplest, less code, fewer errors. Windows supports none blocking DNS lookups and sockets by using a thread, what is the API to stop those threads early? Angus

The simplest way is with the TIcsIpStrmLog component, look at the doSocketRemoteClick procedure in the OverbyteIcsSnippets sample, although you can ignore SSL. Failing to open a normal TCP connection will timeout after about 30 to 40 seconds, you can not easily make this any shorter, and you can not re-use the socket until the connection attempt fails, even if you abort it earlier. If you need to check a lot of ports, either use multiple components running in parallel (no threads needed for hundreds) or use the ping feature of TIcsIpStrmLog to see if at least the IP address exists before checking the port. Angus

ICS V9.2 has started the beta process, and can be downloaded from https://svn.overbyte.be/svn/icsv9/ or the overnight zip from https://wiki.overbyte.eu/wiki/index.php/ICS_Download or https://www.magsys.co.uk/delphi/magics.asp This beta version of V9.2 adds a new feature release of OpenSSL 3.3.0 and fixes a number of bugs mostly introduced in V9.1, but also two long term HTTP URL in the client and server software where missing / delimiters could cause problems, and fixing server authentication issues with POST requests. Several others issues discussed on Delphi-Praxis are also fixed, but not all, yet. This beta also includes a new 'ICS Intermediate Short' SSL certificate to replace the one in V9.0 that has just expired, it is used by ICS to generate temporary server certificates to allow SSL servers to run until a Let's Encrypt or commercial certificate is installed. The OverbyteIcsSslMultiWebServ sample has various improvements to test authentication more thoroughly (the DDService version is not done yet). Only Delphi 10.41 and 10.42 (10.4 with updates 1 or 2) will install correctly with the new install packages, the original RTM version does not support the package LIB suffix: $(Auto) so you must change it manually for each package to 21.0. OpenSSL 3.3.0 is now the default in the OverbyteIcsDefs.inc file and the ICS-OpenSSL path, ICS does not use any of the new features (nor those in 3.1 or 3.2). Now that OpenSSL is more closely integrated with ICS, updating for security fixes will become more complicated, needing files in two or more directories to be updated. When OpenSSL does the next batch of security fix versions (scheduled quarterly), I'll generate a zip with all the new files and directories that can be extracted over an existing ICS installation with all the new files. Angus

{.$DEFINE OpenSSL_Resource_Files} will stop OpenSSL being linked, {$DEFINE] OpenSSL_ProgramData} then helps determine where the DLLs are located. readme9.txt now has a lengthy section describing all the defines. Angus