Angus Robertson

The SslCertX509 property is type TX509Base and has methods to load, save and examine the content of the certificate and private key, IsCertLoaded, IsPKeyLoaded and IsInterLoaded say what has been loaded, so in your case nothing because you have not yet called InitContext, only created it in your code snippet. If you just want to examine a certificate text, load it into a TX509Base object instead with the LoadFromTextEx method which will return any errors. Angus

SslContext.SslCertX509,ValidNotAfter returns certificate expiry as TDateTime Angus

Well it seems ICS and FileZilla are both trying to compensate for the misconfigured server, the other difference in the logs is FileZilla has set binary mode, but you did not in ICS, perhaps the FTP server is giving a misleading error and does not like ASCII mode. You could also try the better FTP sample OverbyteIcsXferTst.dpr, it will probably set binary automatically. Angus

Sorry, I can not see what host name or IP address either client connected with, only the LAN 10.xx.xx.xx address the passive connection is trying to use, and I assume the FTP server is not on your LAN so is incorrect. The FileZilla log may make some comment after the passive mode line, but not in a language I understand. A public FTP server should never offer a private 10.xx or 192.168.xx address for a passive connection, it is incorrectly configured. There may be an issue with the ftpFixPasvLanIP FOptions which is attempting to fix this problem, but without more logging or testing there is little I can do. Angus

Are you talking about Filezilla server or client? Both are quite clever in handling poorly implemented NAT routers provided they are configured correctly. ICS knows there is a problem, thus the suspicious comment, but I can not advise you with the partial redacted log you supplied. Look at the FileZilla log and see what is different. Angus

Thanks, will check it and add to ICS next week. I bodge sync MX look-up in the mail queue unit, would be good to have a cleaner option. Angus

Thanks, will be fixed next week. Angus

Look at the IP addresses, totally different for control and data channels. Perhaps you are accessing FTP via a NAT router that can cause problems. Angus

If you allow an HTTPS request to be made, you must load OpenSSL before that happens. Or use the modern component TSslHttpRest which handles all the SSL stuff for you. Angus

I assume you are talking about a websocket client component, there is such a new component in ICS V8.71 not released yet but can be downloaded from the overnight zip or SVN. The new client is in OverbyteIcsWebSocketCli.pas with a sample in OverbyteIcsHttpRestTst.dpr (because it descends from the HTTP REST component). It's been tested against a couple of public websocket servers, and both of the ICS server implementations, one is new and built into the multi web server sample. It's also running on one of my public web sites, which the sample tests against. Angus

OpenSSL has released a new version 3.1.0, Windows binaries are available in SVN and the overnight zip file and separately from http://wiki.overbyte.eu/wiki/index.php/ICS_Download or https://www.magsys.co.uk/delphi/magics.asp This is a minor release that does not require a new version of ICS, the main improvement is a FIPS 140-3 compliant FIPS Provider, 3.0 was FIPS 140-2. Note the ICS Windows build can not be FIPS approved. There have been numerous performance improvements implemented compared to the OpenSSL 3.0 release. Plans for future OpenSSL releases are at: https://www.openssl.org/roadmap.html Angus

Much of my code is similar to yours, except it uses different methods that do vastly more complicated things than the simple methods in the older component. Just build it and run it, with a log window, and it will just download a file. Or you can run the OverbyteIcsXferTst.dpr sample that does the same thing. It will be in SVN in a few days when I've done more snippets. Angus

Uses OverbyteIcsWsocket, OverbyteIcsFtpcli, OverbyteIcsFileCopy, OverbyteIcsFtpMulti; procedure TSnippets.AddLogText(const Line: String); begin LogWin.Lines.Add(Line); end; procedure TSnippets.onXferEvent (LogLevel: TIcsCopyLogLevel ; Info: string ; var Cancel: boolean) ; begin if (LogLevel = LogLevelInfo) or (LogLevel = LogLevelFile) then begin AddLogText (Info) ; LabelProgress.Caption := Info ; end ; if (LogLevel = LogLevelProg) then begin if Info <> '' then LabelProgress.Caption := 'Progress: ' + Info else LabelProgress.Caption := '' ; end ; if (LogLevel = LogLevelDiag) and ShowDiags.Checked then AddLogText (Info) ; if AbortFlag then Cancel := true ; end; procedure TSnippets.doFtpDownOneFileClick(Sender: TObject); var FtpMultiClient: TIcsFtpMulti ; taskres: TIcsTaskResult ; myftppath, myftpfile, myfiletarget: String; myftphost, myftpusername, myftppassword: String; myftptype: TFtpType; myfilereplace: TIcsFileCopyRepl; begin // parameters for the single FTP download operation myftppath := '/testing' ; // FTP server path for file myftpfile := 'speed50meg.zip'; // FTP file to download myfiletarget := IncludeTrailingPathDelimiter(DirTemp.Text) + myftpfile; // where we download to myftphost := 'ics.ftptest.org' ; // supports IPv4 and IPv6 myftpusername := 'anonymous' ; // no uploads myftppassword := 'icssnippets' ; myftptype := FtpTypeAuthSslBoth; // or FtpTypeNone, FtpTypeConnSslBoth (no SSL or only SSL) myfilereplace := FCReplAlways; // or FCReplNever, FCReplNewer // create component and events to see progress FtpMultiClient := TIcsFtpMulti.Create (self) ; FtpMultiClient.CopyEvent := onXferEvent ; doFtpDownOneFile.Enabled := false ; AbortFlag := false ; LabelProgress.Caption := '' ; try try // essential FTP parameters FtpMultiClient.SocketFamily := sfIPv4; // or sfIPv6 or sfAny FtpMultiClient.HostName1 := myftphost ; FtpMultiClient.FtpType := myftptype ; FtpMultiClient.UserName := myftpusername ; FtpMultiClient.PassWord := myftppassword ; FtpMultiClient.MaxAttempts := 2 ; // logon attempts, may try IPv6 then IPv4 FtpMultiClient.FailRepeat := 2 ; // retries for failed xfers FtpMultiClient.PassiveX := True ; // must be after connection type FtpMultiClient.FtpSslVerMethod := ftpSslVerBundle; // or ftpSslVerNone to skip checking certificates FtpMultiClient.FtpSslReportChain := False; // true to list SSL certificates FtpMultiClient.SrcDir := '/' ; // required FtpMultiClient.BulkMode := BulkModeDownload ; // required // connect, login, get features taskres := FtpMultiClient.FtpLogon ; if taskres = TaskResOKNew then begin taskres := FtpMultiClient.FtpDownOneFile (myftppath, myftpfile, myfiletarget, myfilereplace) ; end ; AddLogText ('Task Result: ' + IcsGetTaskResName (taskres)) ; AddLogText (FtpMultiClient.ReqResponse) ; except AddLogText ('FTP Error - ' + IcsGetExceptMess (ExceptObject)) ; end ; finally FtpMultiClient.FtpLogoff ; FreeAndNil (FtpMultiClient) ; LabelProgress.Caption := 'FTP Completed' ; doFtpDownOneFile.Enabled := true ; end ; end; This code is from a new ICS snippets application that has simple examples of many common ICS tasks, this one downloads a single file using SSL from one of my public FTP servers, using the modern TIcsFtpMulti component. It only needs a couple more properties and it will download multiple directories of files. Angus

Most ICS high level protocol components provide both sync and async methods, the former are often easier to work with for many applications. Impossible to say why the presented code is not working, since there are no given parameters or any logging of what the component actually does. It is also the old way to create FTP applications. You should build the sample OverbyteIcsXferTst.dpr which uses the modern TIcsFtpMulti component. Look at the Single FTP tab and the doFtpDown1Click method which shows how to download a single file, although it is just as easy to tell it to download a complete directory structure of thousands of files, I appreciate OverbyteIcsXferTst.dpr is a complex sample illustrating several different components, I'll do a simple FTP snippet later today. Angus

LocaleCharsFromUnicode was available in XE2 so is now used from that version. A lot of conditional code has now gone. Angus

Now perhaps, maybe not 10 years ago when this stuff was written, but I'll bring the unit up to date shortly. Angus

ICS V9 is https://svn.overbyte.be/svn/icsv9/ But maybe I've set permissions for private access until more of it is completed. Angus

There is a Linux package that allows me to fix non-Windows build issues since I don't have any Apple hardware so not allowed to build for that. But the low level messaging functions are MacOS specific and simply don't work on Linux, so sockets don't work. There is an ICS V9 in SVN which does work on Linux, but so far only socket samples, no protocols yet, needs a lot of work. Angus

ICS is nor currently supported on Linux, only MacOS. A new V9 version plans Linux support, but it is a long way from release. Some of the ICS functions may work on Linux, in OverbyteIcsUtils.pas please note the comment 'Charset conversion functions optionally may use GNU iconv library (LGPL) by explicitly defining conditional "USE_ICONV". Otherwise ICS attempts to use Windows APIs or just dies. Angus

SVN and the overnight zip add new client and server components for the MQTT protocol based on work at https://github.com/pjde/delphi-mqtt updated heavily for SSL support. I notice the original Github repository has been forked over 70 times, so presumably at least that many people were interested in using MQTT, however I'm not sure a person, so while I can see the sample client and server sending data to each other, the new components really need to be tested in a better environment against other clients and servers. Who can help? Also, I used Geoffrey Smith's fork, after discussion in this forum, but wonder if any of the other 70 forks have useful additions? So if you use MQTT, please try and look at this new version, so any changes and improvements can be done in the new month before it released and becomes harder. I deliberately renamed TMQTTParser to TIcsMQTTParser, TMQTTClient to TIcsMQTTClient and TMQTTServer to TIcsMQTTServer to avoid conflicts if the original units are installed, otherwise the new units should be compatible with the original, but with added SSL/TLS if anyone uses that. Angus

The new websocket client component does not have a public or private Timer property, you will need to be more specific. There is FPeriodicTimer but that is internal use. Angus

Looking at the OverbyteIcsHttpRestTst sample, it seems client certificate was never tested since the private key is not loaded, it needs a one line change. Client certificates were originally tested with an older sample. Even with the fix, it would not have worked unless PemTool can see the private key. I'm improving both samples at the moment with more error handling, will be in SVN within a couple of days. Angus

So your real problem is a private key that OpenSSL does not recognise or is for a different certificate. Without seeing the actual files, no-one can help you. That is why I suggested asking your supplier for a bundle file so the files can not get mixed up. You can email them to me, original files not the bundle you created and I'll check. Angus

The ICS SMTP and MailQueue components will send email using Office365, again provided all the permissions are set in Azure. Look at the OverbyteIcsMailQuTst.dpr sample which allows two different SMTP servers to be specified and will retry both multiple times to send email. In Azure, set Supported account types to All Microsoft account users, then in Graph permissions enable all of these (probably too many...); email, Mail.Read, Mail.ReadWrite, Mail.Send, MailboxSettings.Read, offline_access, openid, POP.AccessAsUser.All, profile, SMTP.Send, User.Read REST, SMTP and POP3 should then work with OAuth2. Angus

Almost certainly your REST email problem is down to the complexity and multitude of Azure permission settings. Hard to be specific without knowing the email account type, that must match the permissions. I've tried to explain it as best I can in the 'Google and Microsoft OAuth2 Email Application Accounts' comments in the OverbyteIcsSslHttpOAuth.pas unit, Angus