Angus Robertson

Why would you need IOCP with ICS? Angus

Surely those headers are sent with the WebSocket Upgrade request? Why send them again perhaps each second on the same TCP channel, what would the server do with them? Angus

I guess the point is the WebSockets protocol is supposed to be lightweight, and not cluttered with unnecessary headers. Why are you not sending the header information as WebSocket data packets. A configurable option would be needed to bypass that clean-up code. I'll put it on the list, but taking a break from ICS for a couple of weeks. Angus

ICS has various components for SMTP mail, all with the latest SSL/TLS., free from https://wiki.overbyte.eu/wiki/index.php/ICS_Download Look at the OverbyteIcsMailQuTst sample which can now be downloaded pre-built. Angus

Full release notes for V9.0 will follow next week, meanwhile these are the main changes: New samples Samples/Delphi/SslInternet/OverbyteIcsSnippets.dpr - Small samples of codes for FTP, HTTP, sockets and email. Samples/Delphi/OtherDemos/OverbyteIcsNetMon.dpr - Internet Packet Monitoring Components, display packets and traffic using Npcap and raw sockets. Samples/Delphi/OtherDemos/OverbyteIcsNetTools.dpr - Network Tools Demo, uses all the main IP Helper functions, also TTIcsNeighbDevices, TIcsDomainNameCache, IcsDnsQueuy, TDnsQueryHttps, TIcsWhoisCli, TIcsIpChanges, TPing and TPingThread. Samples/Delphi/PlatformDemos/IcsHttpRestTstFmx.dproj - FMX HTTPS REST and OAuth, Send SMS and DNS over HTTPS functions demo. Samples/Delphi/PlatformDemos/IcsSslMultiWebServ.dproj - FMX Advanced multi host web server demo. Samples/Delphi/SslInternet/OverbyteIcsMQTTst.dpr - MQ Telemetry Transport message queuing service. Note this sample needs the VirtualTree component to be installed. Major sample updates for new components Samples/Delphi/SslInternet/OverbyteIcsHttpRestTst1.dpr - Uses TSslWebSocketCli for WebSocket Client, New embedded TOAuthLoginForm window using TOAuthBrowser for OAuth2 logins. Select client SSL certificate from the Windows Certificate Store. Samples/Delphi/SslInternet/OverbyteIcsSslMultiWebServ.dpr, OverbyteIcsDDWebService.dpr - Uses THttpWSSrvConn for WebSocket Server. IcsHosts can use server SSL certificate from the Windows Certificate Store. IcsHosts can now request a SSL certificate from the remote client. WebSocket server support. Uses TIcsDomainNameCache for multiple reverse DNS lookups. Samples/Delphi/SslInternet/OverbyteIcsPemTool.dpr - Can now export an SSL certificate from the Windows Certificate Store with its private key. Samples/delphi/OtherDemos/OverbyteIcsBatchDnsLookup.dpr - Uses TIcsDomainNameCache for multiple lookups. Samples/Delphi/SslInternet/OverbyteIcsSslMailSnd.dpr, OverbyteIcsSslMailRcv.dpr, OverbyteIcsMailQuTst.dpr - New embedded TOAuthLoginForm window using TOAuthBrowser for OAuth2 logins. Samples/delphi/OtherDemos/OverbyteIcsNsLookup.dpr - Uses single or multiple DNS servers, including built-in list of public servers, also sync requests. New Components TIcsDomainNameCache and TIcsDomNameCacheHttps - Cache forward and reverse DNS lookup requests, using several methods. TIcsMonSocket - Internet monitoring using raw sockets. TIcsMonPcap - Internet monitoring using Npcap NDIS driver. TIcsIpChanges - Monitors IP address changes dynamically. TIcsNeighbDevices - Builds historic LAN MAC device and IPv4 and IPv6 address table using ARP, neighbourhood and IP range scanning with reverse host lookup. TOAuthBrowser - OAuth authentication browser window VCL/FMX form. TSslWebSocketCli - WebSocket client protocol. TIcsMQTTServer and TIcsMQTTClient - MQ Telemetry Transport message queuing service, client and server. Major Component Upgrades TDnsQuery - Add synchronous methods and more response properties. Check multiple DNS server hosts including public DNS lists. TSslWSocketServer - IcsHosts can use server SSL certificate from the Windows Certificate Store. IcsHosts can now request a SSL certificate from the remote client. TIcsFtpMulti - Send NOOP command periodically during multi hour transfers so connections are not closed accidentally. New classes and Functions THttpWSSrvConn - WebSocket server protocol. Internet Helper Functions - Unit OverbyteIcsIpHlpApi.pas includes IpHlpConnsTable, IpHlpAdaptersInfo, IpHlpAdaptersAddr, IpHlpIpAddrTable, IpHlpIpNeighbTable, IpHlpIPForwardTable, IpHlpIpPathTable, IpHlpGetDnsServers, IpHlpIfTable2, IpHlpIPStatistics, IpHlpUDPStatistics and many other functions. TIcsMonFilterClass - Filter network traffic on protocols or IP addresses. TIcsTrafficClass - Maintains network traffic statistics by protocols and IP addresses. Angus

Thanks, fixed. Angus

I bought a YubiKey 5 NFC recently to test, not spent much time with it yet, the documentation and tools are clear as mud, not managed to install an SSL certificate on it yet... Angus

A little research showed Digicert was only supporting Safenet dongles. But at least the concept of allowing the end user to load the certificate into the dongle rather than shipping it removes that major obstacles for users outside major countries. Also surprised to find K-Software has updated it's web site for the first time in years, thought it was moribund, ignoring emails, etc. But prices massively higher, $313 for one year. I paid $188 for three years which is now $657 for the same thing, some massive profiteering going on here. Angus

Looking at the Digicert site, they offer: My own qualified hardware token - use the Code Signing certificate provisioning application to install your Code Signing certificate on your token. 'Qualified' might be a weasel word... Also: DigiCert KeyLocker cloud HSM (USD $90.00 / year). Seems there are more options around. Angus

ICS defines Utf8String and Unicode string for old compilers. We still support Delphi 2007 since I still support my own commercial applications using it, but I stopped using Delphi 7 15 years ago. The original poster is making life more complicated for himself by using old ICS components. ICS v9 has a new sample Snippets, with several examples of making REST requests, one of which is: SslHttpRest := TSslHttpRest.Create (self) ; try try SslHttpRest.RestParams.AddItem('username', myusername); SslHttpRest.RestParams.PContent := PContUrlEncoded; StatCode := SslHttpRest.RestRequest(httpGET, myurl, False, ''); // sync request, no extra parameters AddLogText ('HTTP Rest Request Response: ' + IntToStr(StatCode)) ; if StatCode = 200 then begin AddLogText (SslHttpRest.ResponseRaw); AddLogText ('Address: ' + SslHttpRest.ResponseJson.AsArray[0].S['address']); end; except AddLogText ('HTTP Error - ' + IcsGetExceptMess (ExceptObject)) ; end ; finally FreeAndNil (SslHttpRest) ; end ; You completely ignore SslContext, encoding, Json, input and output steams, in most circumstances. There is a POST snippet, but it uploads a file. Angus

ICS components could set the MultiThreaded property automatically, but the developer would still need to call IcsWndControl.ProcessMessages somewhere in the thread or the code would just stall, except in the simplest of applications. Angus

I was talking about loading the OpenSSL DLLs and initialising the environment, not making a request. The SslContext should be initialised when the thread starts, once, I thought I made that clear before. Your application is making no attempt to check you are actually communicating with the government servers, no certificate chain checking. SSL servers accept hundreds of requests a minute without needing to re-initialise anything. Angus

There are two fundamental misuses of ICS in the code snippets supplied. 1 - the code is said to be running in a thread, but the MultiThreaded property of TSslHttpCli is never set, so messages for the thread will be processed using Application.ProcessMessages in a different thread. 2 - More seriously, the ICS components are being created and perhaps destroyed for each HTTPS request made, which is probably the cause of the memory leak, and is also highly inefficient. Specifically, OpenSSL is being loaded automatically by the components when the SslContext is automatically iniitialised by the request starting, and perhaps being unloaded when the request ends. The SslContext is designed as something to be shared by components, initialised once and then reused. Or OpenSSL can be loaded once when the program starts, to allow use with multiple SslContexts, in servers for instance that use multiple certificates. Many of the ICS samples show how to load OpenSSL early. ICS v9 has various improvements relating to freeing and destroying components, particularly when exceptions happen during that process, to ensure that inherited destroys are still called and not skipped which can cause memory leaks. Having said that, reports of memory leaks using ICS are very rare, and many ICS applications run for weeks or months without a problem. Angus Angus

ICS v9 is about to be released, see comments a week ago here, Part of that release process is building ICS on Delphi 7 and I had to change several new components due to missing language features and components in Delphi 7. I will not be doing that again, a waste of my time and potentially causing problems for newer compilers if I introduce new errors. Angus

Current versions of OpenSSL do not work on Windows XP, nor is ICS supported on XP. I would suggest you remove all the GUI interaction except to a log file, so you know if the problem is ICS or the GUI. Angus

Delphi 7 is end of life, ICS support has now ceased, I won't be running it up again now ICS v9 has been tested on it. Also, running TSslHttpRest in a thread is not tested heavily (or atall), being async you can download hundreds of files in parallel in the main thread. Angus

OK, seems easy enough, I'll add another TOAOption of OAopAuthBasic and check that in GrantAuthToken to set up basic authentication with the client id and secret. Perhaps you can confirm the endpoint is content to ignore the client stuff as being part of the parameters, safer not to remove them. I'll send you a unit to test next week, but it's missed the next ICS release. Angus

Unusual, what login data is the required to get the token, something unrelated to OAuth2? If you want this incorporated in the component, I'd need an end point and account to test it. Which grant_type are you using? Otherwise you could derive your own version of the component and override the method you are using with your own. Angus

I always download and install from an ISO image, and mostly write that image to a DVD as well for posterity and repeat installs. Still got a lot of original CDs from Delphi 1 onwards, and the printed manuals. Angus

A variation on invite only could be requiring an existing member as sponsor. Angus

You can always override the procedure with your own version omitting the MagWait function completely, as some other ICS units do, see TIcsHttpMulti.DoRequestSync in OverbyteIcsHttpMulti.pas, Angus

Due to the large number of new components and changes, ICS V8.71 has been renamed to ICS V9.0 for final release. All the source units have updated versions and copyrights, some unused units have gone. All the active samples (per readme9.txt) have also been updated with new versions and copyrights and there is a new ActiveDemos.groupproj group that allows them all to be built together. ICS v9 is available from a new SVN repository https://svn.overbyte.be/svn/icsv9/ and also from the Zipped Daily Snapshot section of https://wiki.overbyte.eu/wiki/index.php/ICS_Download The snapshot download URL is: https://wiki.overbyte.eu/arch/icsv9w.zip The final release notes and updated wiki pages are still being written and will be available next week. Meanwhile, I'd appreciate it if some active ICS users could download V9 now and test for installation and backward compatibility with existing applications, particularly with Delphi 7 and XE compilers. I updated literally hundreds of package files manually, for the last time, and it would be good to know they actually install before the final V9 version is released. There is also a new ICS V10 SVN repository for the next major version with Linux support, but this is many months away from being complete, so please ignore it for now. ICS V9 is planned to be a long term support release with no new components or major features added, just bug fixes as needed, major changes will be for V10. V9.0 has been tested with Delphi 7, but I had to make changes to several new components due to missing language features and TWebBrowser does not exist, so V9.0 will be the last tested with D7. Delphi 2007 is easier to support for those building ANSI projects and will become the oldest version supported. Angus

My invoices from Worldpay in the UK break down the handling fees into two parts, VAT exempt which includes the percentage transactions charges (up to 4%), and VAT standard rate for fixed transaction costs which include approval and declined fees (4.5p each) and the monthly cost for card facilities. So no need for end users to be charged tax for bank fees. These are for VISA and Mastercard. No idea how taxation works in any other country. Angus

Both of which are done by the new ICS component TIcsNeighbDevices which gives a similar display to the two Nirsoft scanner tools. Angus

That is what the ARP protocol does, except your version requires software running on every device and for those devices to be running. Angus