Angus Robertson

The TsslWebSocketCli is a very new component, not heard of any using it yet (I use the websocket server for dynamic web pages). What are you using it for? It will need the HTTPRest component, but that will be one of the first to be converted. Adding SSL to V10 is likely to be the hardest part due to the low level changes. Angus

ICS V9.0 will be very difficult to convert to Android, it should work on MacOS but has not been tested for a few years due to lack of hardware and volunteers. ICS V10 is currently a very small number of units that does work on Linux for simple sockets, no SSL. Over the next year or so I will be migrating the V9 code to V10, it's a massive job. I strongly recommend that initially you concentrate on adding Android support to V10 and making the two FMX samples work on Android. You will see results far faster than working with V9. Angus

I saw the auto suffix is available in a drop down list, but you have to click a button to find it, I would have designed it with a tick box, so it is obvious. Angus

OpenSSL has released new versions of the two active branches. These releases fix a medium severity bug with symmetric cipher key and initialisation vector (IV) length that can result in non-uniqueness, which could result in loss of confidentiality for some cipher modes. This does not effect SSL/TLS, only encryption using EVP_EncryptInit_ex2(). Windows binaries are available in SVN and the overnight zip file and separately from https://wiki.overbyte.eu/wiki/index.php/ICS_Download or https://www.magsys.co.uk/delphi/magics.asp Separately, YuOpenSSL has released 3.0.12 as commercial DCUs allowing applications to be used with OpenSSL without needing separate DLLs. In addition to the three DLL files, the zip includes a compiled RES resource file that contains the same DLLs, text files and version information, see the RC file. The RES file may be linked into application EXE files and code then used to extract the DLLs from the resource to a temporary directory to avoid distributing them separately. ICS V9.1 and later optionally support loading the resource file, currently in SVN and the overnight zip. The OpenSSL extract directory is shell path CSIDL_COMMON_APPDATA which in recent Windows versions is "C:\Users\All Users\" aliased as "C:\ProgramData\", in sub-directory "ICS-OpenSSl" with a sub-directory for each different OpenSSL major/minor version, ie "3012" for 3.0.12, ie "C:\ProgramData\ICS-OpenSSl\3012\libcrypto-3.dll". OverbyteIcsDefs.inc has a new define OpenSSL_Resource_Files which causes the resource file to be linked, the major/minor version being defined as OpenSSL_30, OpenSSL_31 or OpenSSL_32 (not supported yet), the actual resource files are LibV3xOpenSSL32.RES and LibV3xOpenSSL64.RES where x is the minor version. Note ICS supports linking specific major/minor versions of OpenSSL, but only one per application, but not multiple patch versions which don't have new features, only security and bug fixes. The RES files are distributed in the zip files with the DLLs from the ICS wiki site, with the latest versions in the source directory. If the new resource can not be found or there is a problem extracting the DLLs, ICS falls back to looking for OpenSSL DLLs as previous releases. The OverbyteIcsDefs.inc in SVN has define OpenSSL_Resource_Files enabled, so if copied will mean projects rebuilt will automatically have the OpenSSL resources linked without any other changes. A decision will be taken before the final release as to whether this is best behaviour, it does resolve a long term problem of DLL hell or keeping OpenSSL DLLs updated in potentially dozens of different directories, particularly if applications build to Win32 and Win64 directories, now a single set of any version is needed in "C:\ProgramData\ICS-OpenSSL". The only downside is larger EXE files, particularly if an application has multiple EXEs. ICS has a global variable GSSL_DLL_DIR that defines where to look for the OpenSSL files, defaulting to blank but set in all samples to the program directory so a known version of OpenSSL is loaded. Perhaps ICS should set this to "C:\ProgramData\ICS-OpenSSL" by default so only a single set of DLLs are needed. Only snag is automating a means of getting files to this directory if the resource files are not used. Angus

Thanks, did not know that, there should really be an Auto Suffix tick box, so it's self documenting. Angus

Indeed, I thought I'd changed the package suffix to 29, but somehow the change got lost, and so D12 packages were built with suffix 28 which D11 then found due to so many different paths searched, and crashed the IDE on start-up. The risk of updating old components to use new compilers before the original developers have done so, if they are still around. Parnassus is now installed in both D11 and D12, but calls itself Yukon instead of Athens, one reason I've stopped using these names for ICS, gets very confusing. Angus

Not sure if my problem with D11.3 relates to Parnassus. It seems Delphi has taken a dislike to dclframviewer280.bpl built months ago, which is HtmlViewer, I added that to D12 and probably got some packages wrong. Angus

I had Delphi 11.3 and 12.0 installed together for a week, Parnassus only installed in 11.3, no problems. But when I updated the license key for 12.0 yesterday, 11,3 stopped working. So I guess Parnassus has screwed me as well. Parnassus only works with a subscription license key, not beta keys, which is why the problem did not show up earlier. Annoying. Angus

The ICS TSslHttpRest component now has proper support for multipart/form-data parameters, using TRestParams, available in SVN and the overnight zip. There is a new content type for FormData and a new method AddItemFile that allows one or more files to be added as parameters. The OverbyteIcsSnippets sample has two new HTTP file uploads buttons, one doing a simple file upload, the second a form-data upload, which set-ups the parameters as follows: MyJsonParams := TRestParams.Create(self); MyJsonParams.PContent := PContJson; MyJsonParams.AddItem('FileTitle', mytitle); MyJsonParams.AddItem('FileName', myfile); SslHttpRest.RestParams.PContent := PContFormData; SslHttpRest.RestParams.AddItem('FileTitle', mytitle); SslHttpRest.RestParams.AddItemA('JsonBlock', MyJsonParams.GetParameters, true); SslHttpRest.RestParams.AddItemFile('FileName', mysrcfile, 0); SslHttpRest.RestParams.AddItem('Submit', 'SubmitFile'); SslHttpRest.HttpUploadStrat := HttpUploadNone; StatCode := SslHttpRest.RestRequest(httpPOST, myurl, False, ''); This part was relatively straight forward, but testing proved interesting, particularly with an 8Gbyte file. The ICS application web server read uploaded data in a memory buffer, so that was changed for file stream above a certain size, likewise TRestParams needed a file stream for size. Then our form handling code needed updating for character sets as recommended by the latest RFC with a new parameter display web page in the ICS web server samples for testing. So a long process, but much improved REST functionality. Angus

Further to the announcement of RAD Studio 12.0 Athens today, ICS V9.,0 already has packages to install on Delphi 12, and is available now from GetIt. If installing VCL only manually, the overnight zip has a new D12InstallVcl.groupproj that replaces the old D12Install.groupproj, or use the existing combined D12InstallVclFmx.groupproj and just don't install the FMX packages (which is exactly what the new group does). This change will be made for all compilers for V9.1 and will remove a lot of VCL only packages that are a pain to maintain. Angus

The server can enumerate the parameters sequentially, rather than by accessing them by name, I just added a function to ICS to do exactly that, for diagnostic purposes. But comma separated values could be used as an array. It all depends on what the server expects, and it may not follow normal standards. Angus

You could look at https://github.com/mtrojnar/osslsigncode OpenSSL based Authenticode signing for PE/MSI/Java CAB files, There must be some code in there to add the certificate to the exe, or maybe the whole tool is what you are looking for, an alternate to signcode that does not have horrible pop-ups, builds on any platform. If you can build it, I'd like to play with it. Angus

I would recommend you upgrade to the latest ICS V9.0, there were a number of fixes relating to objects not being freed after exceptions, lots of clean-up, particularly for Win64 servers. There is no general problem with the ICS web server crashing, the following is from the status page of one of my public ICS web servers, doing SQL queries, REST requests and standard web pages, it just keeps running, until time for Windows Update or a new version: WSocket: TWSocket (c) 1996-2023 Francois Piette V9.1 Server: THttpServer (c) 1999-2023 F. Piette V9.0 Windows Boot Time: 10-Oct-2023 21:54:24 WebAppTelecom Start Time: 10-Oct-2023 22:54:27 Server OS: Windows Server 2019 Standard 1809 Win64 10.0.17763 Compiler: Delphi 11.3 Win64 OpenSSL Version: Static OpenSSL 3.0.11 19 Sep 2023, Legacy Provider Loaded OK SQL Requests: 49,572 Total Requests: 104,933 Total Connections: 117,470 Max Simultaneous Connections: 60 Total Data Received: 73.7M Total Data Transmitted: 3.03G Angus

Look at the new OverbyteNetTools sample, the LAN Devices tab scans the LAN for devices in various ways and shows the MAC vendor, often useful for identifying all those IoT devices that our LAN seem to accumulate, often announcing themselves as Amazon or Google, NEST, Tuya, Espressif, and others, just on my LAN. For reasons unknown, they sometimes change MAC address to something random and back again. Angus

ICS has a simple functon IcsGetMacVendor that loads the tab separated https://linuxnet.ca/ieee/oui/nmap-mac-prefixes list into a simple TStringList, sorts it, then accesses by partial Find, very quick, simple and efficient. It also checks for randomly generated MACs that fail look-up and report that. Angus

I can not trace route ptbtime1.ptb.de (192.53.103.108) from the UK, no response to any hops beyond my ISP. The time client does seem unhappy with IPv6 time servers, it's failing on all the Google IPv6 addresses before trying the IPv4 ones and working. Ditto Cloudfare, will check later in the week. I mostly use time.cloudflare.com now, well distributed around the world, but not Google. But Facebook and Apple also have distributed servers, all are better than the random addresses that come back for ?.ntp.org. Angus

Sorry, I don't have the time to debug end user applications, only fix proven reproducible problems in the ICS components. Angus

Has anyone looked at the Google RBM (Rich Business Messaging) APIs, used for the SMS replacement RCS Chats that seems to be appearing on all our phones? Personally, I'd missed it, just use Whatsapp. Not sure if RBM is the same as RCS, don't really follow mobile trends... But receiving and sending RCS from my desktop without needing to forward SMS would seem useful. Angus

No-one has ever sent me a Telegram message, but I don't have it installed either. WhatsApp is however widely used, but does not have an official API for the consumer version. But RCS is being installed automatically, although perhaps not enabled by default, and will fall back to SMS, which is universal. Angus

Sorry, no simple answer, something your own code is doing is corrupting memory, so the client can not be freed correctly. Or a function being called from the client. No easy way to find the problem. Perhaps comment out various parts of the code until the problem disappears to narrow it down. Angus

If you get an exception in that function, your application has probably already freed the client, although the exception should have happened a few lines higher. But it could also be memory corruption. If you have recently converted your application from Delphi 7 AnsiStrings to Unicode, I would look very carefully at all your string handling for received data. Angus

Thanks for the information, but you have not explained what the clients are doing. And I'm still confused as to why you think clients being disconnected when idle is a bad thing, that is the design. If you want idle clients to remain connected, set long KeepAlive timeouts, several hours. Zero for no disconnect is not documented as a design feature., The ICS web server is well tested over 20 years, in use on many public web servers, including my own. Angus

I'd like to know for what purpose you are using the ICS web server, what application, and why you are trying to disable server timeouts with WebServerSSL.KeepAliveTimeSec := 0; WebServerSSL.KeepAliveTimeXferSec := 0; Web servers are not supposed to keep idle connections opens unless keep-alive is requested. The Heartbeat timer should ignore zero timeouts, but I've never tested it, since no-one needs that feature. Also, you sometimes mention the connection being closed, sometimes the web server, which seems highly unlikely. Angus

You have shown an extract from a long function, if there was an error the connection will be disconnected anyway. The handshake event is called merely to allow the application to know there was a failure and report it to the end user. Angus

Permissions, always, they are complex to set-up in Azure and use in code. In particular, consumer and business accounts are different, the latter need a Microsoft User Authority to be passed and enabled, And the scopes specified when you got the bearer token must match those set-up for the account. Angus