Angus Robertson

I bought a YubiKey 5 NFC recently to test, not spent much time with it yet, the documentation and tools are clear as mud, not managed to install an SSL certificate on it yet... Angus

A little research showed Digicert was only supporting Safenet dongles. But at least the concept of allowing the end user to load the certificate into the dongle rather than shipping it removes that major obstacles for users outside major countries. Also surprised to find K-Software has updated it's web site for the first time in years, thought it was moribund, ignoring emails, etc. But prices massively higher, $313 for one year. I paid $188 for three years which is now $657 for the same thing, some massive profiteering going on here. Angus

Looking at the Digicert site, they offer: My own qualified hardware token - use the Code Signing certificate provisioning application to install your Code Signing certificate on your token. 'Qualified' might be a weasel word... Also: DigiCert KeyLocker cloud HSM (USD $90.00 / year). Seems there are more options around. Angus

ICS defines Utf8String and Unicode string for old compilers. We still support Delphi 2007 since I still support my own commercial applications using it, but I stopped using Delphi 7 15 years ago. The original poster is making life more complicated for himself by using old ICS components. ICS v9 has a new sample Snippets, with several examples of making REST requests, one of which is: SslHttpRest := TSslHttpRest.Create (self) ; try try SslHttpRest.RestParams.AddItem('username', myusername); SslHttpRest.RestParams.PContent := PContUrlEncoded; StatCode := SslHttpRest.RestRequest(httpGET, myurl, False, ''); // sync request, no extra parameters AddLogText ('HTTP Rest Request Response: ' + IntToStr(StatCode)) ; if StatCode = 200 then begin AddLogText (SslHttpRest.ResponseRaw); AddLogText ('Address: ' + SslHttpRest.ResponseJson.AsArray[0].S['address']); end; except AddLogText ('HTTP Error - ' + IcsGetExceptMess (ExceptObject)) ; end ; finally FreeAndNil (SslHttpRest) ; end ; You completely ignore SslContext, encoding, Json, input and output steams, in most circumstances. There is a POST snippet, but it uploads a file. Angus

ICS components could set the MultiThreaded property automatically, but the developer would still need to call IcsWndControl.ProcessMessages somewhere in the thread or the code would just stall, except in the simplest of applications. Angus

I was talking about loading the OpenSSL DLLs and initialising the environment, not making a request. The SslContext should be initialised when the thread starts, once, I thought I made that clear before. Your application is making no attempt to check you are actually communicating with the government servers, no certificate chain checking. SSL servers accept hundreds of requests a minute without needing to re-initialise anything. Angus

There are two fundamental misuses of ICS in the code snippets supplied. 1 - the code is said to be running in a thread, but the MultiThreaded property of TSslHttpCli is never set, so messages for the thread will be processed using Application.ProcessMessages in a different thread. 2 - More seriously, the ICS components are being created and perhaps destroyed for each HTTPS request made, which is probably the cause of the memory leak, and is also highly inefficient. Specifically, OpenSSL is being loaded automatically by the components when the SslContext is automatically iniitialised by the request starting, and perhaps being unloaded when the request ends. The SslContext is designed as something to be shared by components, initialised once and then reused. Or OpenSSL can be loaded once when the program starts, to allow use with multiple SslContexts, in servers for instance that use multiple certificates. Many of the ICS samples show how to load OpenSSL early. ICS v9 has various improvements relating to freeing and destroying components, particularly when exceptions happen during that process, to ensure that inherited destroys are still called and not skipped which can cause memory leaks. Having said that, reports of memory leaks using ICS are very rare, and many ICS applications run for weeks or months without a problem. Angus Angus

ICS v9 is about to be released, see comments a week ago here, Part of that release process is building ICS on Delphi 7 and I had to change several new components due to missing language features and components in Delphi 7. I will not be doing that again, a waste of my time and potentially causing problems for newer compilers if I introduce new errors. Angus

Current versions of OpenSSL do not work on Windows XP, nor is ICS supported on XP. I would suggest you remove all the GUI interaction except to a log file, so you know if the problem is ICS or the GUI. Angus

Delphi 7 is end of life, ICS support has now ceased, I won't be running it up again now ICS v9 has been tested on it. Also, running TSslHttpRest in a thread is not tested heavily (or atall), being async you can download hundreds of files in parallel in the main thread. Angus

OK, seems easy enough, I'll add another TOAOption of OAopAuthBasic and check that in GrantAuthToken to set up basic authentication with the client id and secret. Perhaps you can confirm the endpoint is content to ignore the client stuff as being part of the parameters, safer not to remove them. I'll send you a unit to test next week, but it's missed the next ICS release. Angus

Unusual, what login data is the required to get the token, something unrelated to OAuth2? If you want this incorporated in the component, I'd need an end point and account to test it. Which grant_type are you using? Otherwise you could derive your own version of the component and override the method you are using with your own. Angus

I always download and install from an ISO image, and mostly write that image to a DVD as well for posterity and repeat installs. Still got a lot of original CDs from Delphi 1 onwards, and the printed manuals. Angus

A variation on invite only could be requiring an existing member as sponsor. Angus

You can always override the procedure with your own version omitting the MagWait function completely, as some other ICS units do, see TIcsHttpMulti.DoRequestSync in OverbyteIcsHttpMulti.pas, Angus

Due to the large number of new components and changes, ICS V8.71 has been renamed to ICS V9.0 for final release. All the source units have updated versions and copyrights, some unused units have gone. All the active samples (per readme9.txt) have also been updated with new versions and copyrights and there is a new ActiveDemos.groupproj group that allows them all to be built together. ICS v9 is available from a new SVN repository https://svn.overbyte.be/svn/icsv9/ and also from the Zipped Daily Snapshot section of https://wiki.overbyte.eu/wiki/index.php/ICS_Download The snapshot download URL is: https://wiki.overbyte.eu/arch/icsv9w.zip The final release notes and updated wiki pages are still being written and will be available next week. Meanwhile, I'd appreciate it if some active ICS users could download V9 now and test for installation and backward compatibility with existing applications, particularly with Delphi 7 and XE compilers. I updated literally hundreds of package files manually, for the last time, and it would be good to know they actually install before the final V9 version is released. There is also a new ICS V10 SVN repository for the next major version with Linux support, but this is many months away from being complete, so please ignore it for now. ICS V9 is planned to be a long term support release with no new components or major features added, just bug fixes as needed, major changes will be for V10. V9.0 has been tested with Delphi 7, but I had to make changes to several new components due to missing language features and TWebBrowser does not exist, so V9.0 will be the last tested with D7. Delphi 2007 is easier to support for those building ANSI projects and will become the oldest version supported. Angus

My invoices from Worldpay in the UK break down the handling fees into two parts, VAT exempt which includes the percentage transactions charges (up to 4%), and VAT standard rate for fixed transaction costs which include approval and declined fees (4.5p each) and the monthly cost for card facilities. So no need for end users to be charged tax for bank fees. These are for VISA and Mastercard. No idea how taxation works in any other country. Angus

Both of which are done by the new ICS component TIcsNeighbDevices which gives a similar display to the two Nirsoft scanner tools. Angus

That is what the ARP protocol does, except your version requires software running on every device and for those devices to be running. Angus

If you don't want to raise an exception for response errors, you simply set the property ResponseNoException true, you don't need to comment out any code. No idea why an exception would kill a DLL, that must be your design, not handling exceptions correctly. Never heard of memorymodule, not sure what relevance it has here. Your main issue, unless I've read this wrong, would appear to connecting to alternate servers on failure. If an ICS socket fails to connect, or you time out a connection attempt early, it takes a few moments for the socket to close and be ready for another connection, just because the Close event is called does not mean the socket is ready after errors, TCP has various timeouts when making connections. So where you need to contact sequential servers after failure, you should use alternate THttpCli components. I usually have an array of components, all using the same events, with Tag set, so you know which component caused the event. I did this recent in a new ICS component TIcsDomainNameCache which uses an array of components derived from THttpCli. Angus

If you mean all the local IP addresses on your LAN, ICS has a new component TIcsNeighbDevices that builds a historic LAN neighbourhood MAC device and IPv4 and IPv6 address table using ARP, neighbourhood discovery and network scanning. There is a new sample OverbyteIcsNetTools.dpr that illustrates its use. Angus

OpenSSL has released new versions of the three active branches. These fix a low severity security issue which is a possible denial of service when checking long DH parameters which ICS does no longer uses, but could potentially be used in certificates for malicious web sites. Windows binaries are available in SVN and the overnight zip file (tomorrow) and separately from https://wiki.overbyte.eu/wiki/index.php/ICS_Download or https://www.magsys.co.uk/delphi/magics.asp Separately, YuOpenSSL has released 3.0.10 and 1.1.1v as commercial DCUs allowing applications to be used with OpenSSL without needing separate DLLs. Angus

My latest JVCL re-installation from GetIt after installing Delphi 11.3 failed somehow, missed all the paths necessary, had to add a path for JclBase manually. Angus

I would store them in files, but not thousands of small files, a few larger files, with a database indexing their location in those large files. At least assuming they are not randomly being deleted. Easier and faster to back up. Angus

ULONG_PTR should not have been declared in the SSPI unit, we have a Types unit that collects together backward compatible types and already had ULONG_PTR. Angus