Angus Robertson

Sorry, skimmed the message... Angus

ICS used to use self signed SSL/TLS certificates when there was nothing better, but issuing your own CA signed certificates is almost as easy and more friendly. ICS has a sample that does it manually, or the servers do it automatically, there is also a function to install the ICS root CA into the Windows store for clients. Angus

I'm attempting to build ICS for Linux, to help with the MacOS support. I used Hyper-V Quick Create to create an Ubuntu 18 VM, took about 10 minutes and a few key clicks, except xRDP no longer works on that build and without it you can not connect to install the fixed packages. Started again with Ubuntu 20 which works fine and displays a Gnome desktop with full connectivity. Installed PAServer and running it in a terminal window, expected port and IP address. But when I create a profile in 10.4 with those details, just get connection failed. There is no Windows firewall, maybe Ubuntu 20 has one? Or am I missing something obvious? Thought I'd try and setup Apache web server, but can not find it. Angus

Thank you for your Linux contribution @wright. But how did you test it. Running any ICS FMX samples in Linux using the WSocket unit just freezes the application when TIcsEventQueue is created, and I can not trace into it with the debugger. I have made progress with Linux support for Ubuntu 22.04, OpenSSL now loads correctly, albeit Ubuntu has a two year old version 3.0.2 and seems not to want to upgrade to newer versions. I have a new PemTest sample that views and creates SSL/TLS certificates on Linux, not in SVN yet. Unfortunately, older Ubuntu releases don't include OpenSSL 3 so can not be used with ICS. Angus

Component, Import Component wizard, Import Type Library. Angus

The best solution is for the web server to provide valid SSL certificates, Let's Encrypt for public hosts, your own CA for internal domains. For your own CA, the root certificate needs to be installed on client devices, easy for Windows, less easy for mobiles. The ICS component library does all this automatically for ICS web servers, but can also generate certificates for other web servers. Angus

REST server is just another name for a web server that support API type requests as well as web pages and media. Start with the sample OverbyteIcsSslMultiWebServ which is effectively a complete web server, and add code for your specific APIs and probably authentication. Most servers are run as Windows services, so OverbyteIcsDDWebService is almost the same but can be run as a GUI or installed as a service. Both samples also include websockets which can be useful for simple API requests with less overhead than HTTP. Angus

It should only take a few minutes to update Midware to the latest ICS, read my notes carefully, fix the compiler errors and correct the uses in the packages. Angus

Yes, there were massive changes in ICS V9.1 that meant many projects and derived components need updating, mostly relating to SSL/TLS, but also some unit split in two, and new package names for D10.4 and later, the important stuff is at: https://wiki.overbyte.eu/wiki/index.php/Updating_projects_to_V9.1 but you should also read the release notes for V9.1 and readme9. I only maintain and support ICS, Midware is supported by François Piette and I guess it has not been updated for V9.1, his web site says last release was in 2020. Angus

ICS V9.2 is now also available from GetIt for Delphi 11 and 12, thanks Embarcadero. Angus

These problems all came down to a missing line in the configuration file, so the ICS proxy behaved as a TCP proxy instead of an HTTP proxy, and did not modify HTTP headings. I'll look at writing a configuration GUI for the IcsHosts files, to make it all easier and self documenting, it's not obvious which settings relate to the several protocols IcsHosts servers support. Angus

Please take this problem to email, it seems specific to your application rather than a general ICS problem. I've replied. Angus

To sum up, you are unable to make the ICS proxy work with a specific web server or web broker, really no idea what that is. How do you know this is an ICS problem? Have you tried using the ICS proxy with other more modern web servers like Apache, as I have it, Your service example is undocumented, no setup instructions, I've no idea what is supposed to do, and I don't have time to debug it for you. Angus

I've tested the ICS proxy as a reverse HTTP proxy for HTTPS<>HTTP, I've emailed you the URL, everything seems to work fine with a browser, with web pages of varying sizes. The servicetest zip you posted seems to use web broker, never used that, and nothing to do with ICS. I'm afraid I don't have the spare time to build, install and test such applications that are unconnected to ICS. Angus

I only managed to tick a few boxes, guess I've managed without all those tools for 25 years. My experience is the IDE is more stable to less third party stuff you install. Angus

There are no simple solutions to supporting multiple cloud providers. The free ICS component library has the HTTP REST and OAuth2 support you need, and has components to access cloud email at Google and MS, so should not be hard to add support for cloud storage, but someone will have to dedicate a few days to supporting and testing each cloud service. Angus

Each of these cloud providers has its own REST API to access storage services. You can sign up to each of them, read loads of API documentation and write code using various REST components for each one, and hope they don't change the API too often. Or search GetIt for commercial components that have done all this hard work, and hope the authors keep them up to date as APIs change, TMS Software and /n Software come to mind, never used them myself. Angus

I'll be testing using my own public proxy server, remembered I do have one http server, svn.overbyte.be. But I have some stuff to catch up with first. Angus

Thanks, I'll look at reproducing it on my servers, main problem is all my web sites are https only and force http to https, so needs something set-up for testing. Angus

To fix a bug I must be able to reproduce it. Sure the logs sure some different numbers, but I've no idea what data or requests you are sending, no headers logged or anything useful for debugging. Forward proxy is intended to direct to another web site, such as this one that generates a lot of data, very useful for testing in a live environment, the internals of the proxy moving data are the same for forward and reverse HTTP proxy. Angus

Nothing obvious missing, why did you create a certificate in the Windows store instead of a PEM/PFX that ICS would create for you? I find it better to test with real IP addresses, your server won't start if there are any web servers running on 80/443. The two logs look the same except for a couple of values, not sure what they are supposed to show. All my mail travels through TIcsProxy, and I use the Forward Proxy on my public servers to access my local servers remotely, so the component is well tested, and rarely touched to break it Angus

TStringList handles most requirements for CSV handling with the CommaText method, you can change the delimiter if needed. You read one line at a time into TStringList.CommaText and get one line per column, or vice versa to create a CSV record. The file can be read or written with a second TStringList or sequentially with normal file handling code if large. Angus

What specific new features and performance improvements are you looking for? What is the business case for the major effort a migration would involve? This is many weeks or months of work, and retesting. All your other questions have been covered in detail over the last 15 years as others have migrated from non-unicode compilers to modern Delphi. I've just released a new version of one of my products built with Delphi 2007 because of third party component problems with Delphi 11. The end users don't care. Angus

OpenSSL has released new versions of the active versions, 3.3.1, 3.2.2 and 3.0.14 which have several low priority security fixes. Windows binaries are available in SVN and the overnight zip file and separately from https://wiki.overbyte.eu/wiki/index.php/ICS_Download or https://www.magsys.co.uk/delphi/magics.asp In addition to the three DLL files, the zips include compiled RES resource files that contain the same DLLs, text files and version information, see the RC file. The RES file may be linked into application EXE files and code then used to extract the DLLs from the resource to a temporary directory to avoid distributing them separately. ICS V9.1 and later optionally support loading the resource file. These OpenSSL versions are included with ICS V9.2 due for release in a few days, but available from SVN and the overnight zip. Separately, YuOpenSSL has released 3.0.14 as commercial DCUs allowing applications to be used with OpenSSL without needing separate DLLs. Note: OpenSSL also released 3.1.6, but this ceases support in less than a year and has two newer releases, so we've stopped building binaries for it. 3.0.14 is a long term support release so is still being built. Angus

Your management may need to concede that the components offered by Embarcadero are often missing features in third party components, which is why there are so many of them. Angus