Angus Robertson

You have ICS V9,0 installed as well, it has different package names as shown in the screen shot, with D12 in the name. So remove the old ICS V9.0 packages first before installing V9,1. This is mentioned in the readme9, but you won't have seen that with GetIt. This applies to all upgrade installs of ICS V9.1 on Delphi 10.4, 11 and 12, that now use the same packages. Angus

The OpenSSL DLLs we supply still contain deprecated entries since older applications may use them. But loading entries is table driven by version, so adding a literal to the table will stop it for v3. Was it just one missing entry, or many? Angus

I had that recently when reinstalling D12 in a test VM, the Windows uninstaller system thinks the old version is still installed, and the installer does not check if unins000.exe actually exists, look for this registry entry and remove all the keys: This key is for Delphi 12, other versions will have different keys but searching for Embarcadero will find them. HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall{3CDF0089-74E4-454C-8A6C-BEE7ADFEF600}_is1 Angus

RAND_screen is one of hundreds of entries loaded, it's been in OpenSSL for ever, but not actually used by ICS (I believe). If the files loaded are incorrect, there is usually a much longer list of missing entries. Angus

Sorry, there is no official MacOS support for ICS, has not been for 10 years. If someone fixes it, I'll update it for the next release. Angus

The D12.1 ISO I downloaded is 7.23GB. There is a typo on the download page, Angus

I've not seen this problem in snippets, but don't often test the samples with Win64. I have seen it on a Win64 web server running on Windows Server 2018, discussed in this forum a few months ago, but the same Win64 web server runs fine on two others Windows Server 2022 and Windows 11. So there is a lurking Win64 problem somewhere, not convinced it's in ICS, could be OpenSSL or Delphi. Not easy to debug when it only fails on a heavily used live server, That particular web server is now built as Win32 due to the crashes, but a very similar API web server is still Win64 and never fails. Not had a web server crash for over two months. But if the error is reproducible in snippets, that will be easier to test. But not this week... Angus

Sorry, not looking at complex ICS bugs for a while, catching up on other stuff. Angus

Please read my comments about using the TIcsMailQueue component in a topic in this conference two weeks ago about sending HTML mail. Angus

Thanks, on my list to investigate, might be a couple of weeks. Angus

Basic Authentication has always worked with GET, my own websites have used it for over 15 years, hundreds of logins each day. If you can reproduce a problem using the multi web server sample, with logs, I'll look into it. Angus

Technically, https://test.com?test is an invalid URL, since there is no path included in the URL, Without the query parameter, ICS would add path / automatically, so probably should do so for the query parameter as well, that is what my Firefox browser seems to do. Will fix it next week. If you want to do it yourself, in THttpCli.DoRequestAsync change: if FPath = '' then FPath := '/'; to if Pos('/', FPath) <> 1 then FPath := '/' + FPath; Angus

As François says, you need to open that port using TWSocket, but it might take a long is you have to try 65,000 IP addresses. Build the OverbyteIcsNetTools sample, click the LAN Devices tab, then Start, That uses the IcsNeighbDevices component to build a historic LAN neighbourhood MAC device and IP address table includes ARP and IP range scanning, and reverse host lookup, shows MAC vendor name to help identify devices. Runs in a thread continually checking for new devices. The OverbyteIcsPemTools sample has a Test Host Certificates function that uses the TIcsIpStrmLog to connect to a long list of hosts, that could be adapted to ignore the SSL stuff and just open a port for your IP address list. Angus

Async components are certainly better for servers and applications making parallel requests, but sync are easier to write not needing to keep track of state, and where only one request is made at a time. The main issue here is knowing when RequestDone is called, what published component properties need to be checked and for what, and what other requests need to be made, a sync request hides all that from you so is easier to use. Your original use of the async component was actually sync since you had a wait loop afterwards, which is exactly how the sync component works, Angus

The OpenSSL_ProgramData define is ignored if OpenSSL resource files are linked, it's an alternative option. You can not use OpenSSL_AutoLoad_CA_Bundle if you want to change where OpenSSL is loaded, it's too late to change anything in code. You can set GSSL_PUBLIC_DIR to your own directory before OpenSSL is loaded (instead of c:\programdata) but sub-directorties will still be created in your new directory, each OpenSSL release needs a unique directory. Note I've not tested this! Use of the existing GSSL_SignTest_Check public variable is unchanged, if set true before loading OpenSSL, ICS checks the DLLs are digitally signed, which includes corruption checks. It does not check the signing certificate at the moment, too much extra code. This does not work yet for OpenSSL_AutoLoad_CA_Bundle, too late, need to think about that. Angus

Although the snippets sample was added after your release, you should be able to built it with V8.70 after removing some new units added with later releases. Or you download a compiled version of snippets and httpresttst from https://wiki.overbyte.eu/arch/icsdemos-clients.zip to test them. As I said, for sync mode you don't RequestDone event, just check the status code returned by the RestRequest method, the error code in the event is irrelevant. The one event you should use is OnHttpRestProg and set DebugLevel := DebugHdr, that is the logging event that shows exactly what the component is doing with commands, hesders and error messages, you will see that running either of the samples I mentioned. Angus

Because you no longer need to distribute the DLLs separately, the increase EXE size should mostly cancel out. Or change the defs file and leave the DLLs alone, this change was really intended for new applications. I have tried to explain all this. You also don't need to distribute a root bundle file, but many people probably ignored that. https://wiki.overbyte.eu/wiki/index.php/Updating_projects_to_V9.1 Angus .

Thanks, as the readme9 says, we no longer test Delphi 7, too old, but I'll add Types soon, all due to increasing use of TBytes that Delphi 7 does not understand. Angus

Thanks for the comments, but what I need are modified and tested package files I can release to others, no point my trying to make changes I can not test. Angus

To get started with the ICS REST component, I suggest you build and run the OverbyteIcsSnippets sample, click the 'HTTP REST Json Request' button and see what it does. You can then copy the doHttpRestReqClick function which is heavily documented for all the hard coded properties. In your code, you say you are using the TSslHttpRest component, but you are not using the RestRequest method which is how all requests are started, you've not looked at our REST samples. BTW, one of the arguments in RestRequest specifies if the component makes sync or async requests, so make a sync request and your processmessages loop is no longer required, nor the RequestDone method. Angus

Short answer, no difference as far as ICS is concerned. ICS does not use any of the new features in 3.1, 3.2 or 3.3, yet. Long answer, OpenSSL is adding new features for each release, 3,1 was minor stuff, 3.2 was QUIC for HTTP/3 clients, 3.3 has just entered alpha testing and adds QUIC for HTTP/3 servers. Not sure if ICS needs to support QUIC and HTTP/3 (or HTTP/2), the only benefit is performance primarily when displaying complex web pages with hundreds of elements, and ICS is primarily used for APIs, not creating web browsers. HTTP/2 is half way to HTTP/3 (compressed headers) and there is an Indy implementation using a DLL, but hear very little about it, not sure if Delphi users need it? I've vaguely thought about a proper Delphi HTTP/2 implementation, but it's a lot of work for no visible benefit, just small performance improvement. There is are some OpenSSL 3.2 features I may look at, but no rush. My own servers are still using 3.0. But ICS offers all the currently supported versions. 3.1 and 3.2 will disappear before 3.0, once the next long term support release comes out. Angus

I don't do C++ so it is totally untested for V9.1, I removed hundreds of old files and some of those might have been needed for C++. Once you get it working, please email any changes for the next release. We can then restore it for GetIt. Due to OpenSSL being more integrated now, there will probably be quarterly releases to match OpenSSL. Angus

Back to my reply yesterday, you are still not requesting a secure connection, just from a different demo. Beware SSL connections to IP addresses will always give certificate errors, and won't connect unless you ignore those errors, as will happen since you've left the default Verify Certificate Mode. Your server should have a domain host name, that name should be set in DNS and the IcsHosts.Hosts setting and the SSL certificate should be for that host name, and the client connects to that host name, that is what SSL/TLS is all about. ICS V9.1 will create that certificate locally if it does not exist, although for the public internet it will order a certificate from Let's Encrypt. Can not tell if the server is running correctly, the client is connecting to non-SSL port 21, you have not shown the logging for the SSL certificates chain. You get that error message because you've left the IcsHosts setting AuthForceSsl=True so it refuses to connect without SSL, FTP is very insecure without SSL sending plain text passwords. Angus

Can you please first update ICS to V9.1, all those files and jobs were obsolete years ago and have been removed from the distribution. You will find documentation for IcsHosts at https://wiki.overbyte.eu/wiki/index.php/TWSocketServer.IcsHosts Angus

You are trying to connect to port 990 which is SSL only, but your client says 'sslTypeNone'. That server sample does not create any PEM files. You would be better using the latest V9.,1 release, and the OverbyteIcsSslMultiFtpServ and OverbyteIcsXferTst samples. Angus