Angus Robertson

Thanks, I'll fix it next week. Angus

OK, if you are moving away from C++ please don't worry about testing. Angus

Sorry, I updated various definitions from the 'latest' JWA file and that is also missing the semicolons. I'll update it again, should be in SVN tomorrow. In about a week, can you please check for other C++ errors in the overnight zip, the next release will be the last to support these old compilers, and maybe C++. Angus

Although we distribute OpenSsl.exe, it is not something we support, there are numerous online resources devoted to OpenSSL scripts, which many people use, but Delphi users normally write code with the APIs. You can test signing text and streams with the OverbyteIcsJoseTst sample, and the OverbyteIcsPemtool sample has some very old encryptions functions on the Extras menu, but there has never been demand for encryption using OpenSSL since there are native Delphi packages around. Angus

I suggest you build the OverbyteIcsHttpRestTst and OverbyteIcsXferTst samples and test your HTTPS downloading with those, the TIcsHttpMulti component in the latter downloads gigs of files daily here. I'll need to know a lot more about why you need to use TMultipartHttpDownloader to bring it up to date with HTTPS, etc, no point if no-one needs to use it. Angus

TMultipartHttpDownloader is a very old component designed in the days of slow dial-up internet to speed up downloads by doing several parts at once. But very few applications need that since broadband downloads are so far. What happens when you use a modern component like TSslHttpRest which includes saving to a file and repeat partial failed downloads? Angus

SVN and the overnight zip include changes that allow ICS SSL servers to use certificates from the Windows Certificate Store instead of using disk files. Apart from rebuilding, no code changes are needed, simply add one line to the server configuration file. The HTTP Rest sample will be updated shortly to use a client certificate from the Windows Store. There is now a simple method LoadOneFromStore that creates a bundle in a TX509Base with certificate, private key and intermediates that can be used in any ICS projects, it can be tested in the PemTool sample. Angus

I only work with Delphi and Windows platforms, any support for C++ or other platforms in ICS is dependent on other developers, and such contributions are very rare. C++ support will cease unless someone comes forward to take responsibility for it. I have no commercial need for mobile platforms, and my own requirements are the driving force behind my contributions to ICS over the last 20 years. Angus

ICS does not support any mobile platforms, only Mac OS-X now and Linux Ubuntu with the next major release next year. Angus

The debug output I see daily with internet applications and Windows 11 is: onecore\net\netprofiles\service\src\nsp\dll\namespaceserviceprovider.cpp(550)\nlansp_c.dll! 708884C8: (caller: 76C0E326) LogHr(10) tid(4f74) 8007277C No such service is known. The service cannot be found in the specified name space. Guess Microsoft does not run it's own applications under a debugger. Angus

If the connection is closed prematurely, you have no idea how much data the remote client successfully read. So your high level protocol needs some method of confirming how much data was received and what to send. The FTP and HTTP protocols allow such thing, in different ways. A few months ago, I was debugging the ICS FTP client and server handling resumed transfers of 50GB files over the public internet, which was fun. They always worked on a LAN, but the FTP control connection was being closed by some horrible router somewhere after an hour or two of inactivity. But it alll works now. Angus

Sorry, no more suggestions, there is no reason to get all those OpenSSL errors. Can PemTool open existing P12/PFX files with a password? My PemTool built last week with Delphi 2007 works fine. I'll test PemTool on Delphi 7, but it won't be for a couple of weeks until I do the final new release. Angus

Do you actually have legacy.dll in the same directory as the other OpenSSL DLLs? PemTool About should say: SSL Version: OpenSSL 3.1.1 30 May 2023 Dir: C:\DelphiComp\ics\Samples\Delphi\SslInternet\libcrypto-3.dll Legacy Provider Loaded OK Compiler: Delphi 11.3 Win32 Angus

Before I spend any time looking at this, can you reproduce it using PemTools. I know this all works since all my Let's Encrypt p12 files use 3DES so they can be loaded by old versions of Windows, in the SslX509Certs unit: { V8.67 is 3DES available, prefer that so older versions of Windows will load our PFX file } if (ICS_OPENSSL_VERSION_MAJOR < 3) or ICS_OSSL3_LOADED_LEGACY then P12KeyCipher := PrivKeyEncTripleDES Angus

Sure some versions of Delphi have SHA-256, but the current version of ICS has to work back to Delphi 7, so rarely do we use new language features. I've fixed the original problem with OpenSSL not being loaded, it was for some hash functions, but not all. Angus

Not looked at the code, but such a change could mean data being sent twice, since it's already in the transmit buffer and will get sent the next time TryToSend is called. We avoid low level changes unless there is a very good reason. Angus

You need to set GSSLEAY_LOAD_LEGACY := True in formcreate so OpenSSL loads the legacy provider that has obsolete cryptography that old versions of Windows still require. Making those PKCS12 functions backward and forward compatible was a nightmare. Angus

All the SSL demos illustrate this, it is reported in the Handshake event. You should be using TSslHttpRest when it is logged automatically. Angus

Fixed back in February, in SVN. Angus

Because ICS does not have a native SHA-256 implementation, it now uses OpenSSL for digest operation. But there is no check in those digest functions to ensure OpenSSL is loaded, I'll add a new specific exception for that. To fix the problem, you just need to call LoadSsl or IcsLoadSsl before using the component and make sure the DLLs are available. Angus

Far too little useful information to make any proper comment. Angus

Looking at the code, this D7 bug was fixed back in February and has been in SVN since then, but I will test it again soon. Angus

The main advantage of SvCom was being able to create dual GUI/service applications, so you can run your service in the IDE under the debugger, often with a few VCL controls, and also install it as a service and run it in the background. One of my applications runs as both a service and GUI at the same time, depending on how the client configures it, with the two instances communicating, so the GUI shows everything the service is doing, it has a very complex GUI. DDService can be used similarly, but is less forgiving about the controls and the service will not start when certain third party controls are used. Debugging an application using TService, etc means a lot of logging or generally have a GUI test application to debug the main code. Angus

Sorry, can not tell you that, I never bought a copy of SvCom that would run on modern compilers, no idea if they still issue updates for new compilers. It was a good product in it's time, but despite coming with source code it still had some licensing magic that might never be updated for new compilers, so risky long term. Angus

SVCom is better than DDService in it's support for interactive applications with lots of VCL components. DDService fails to start if the form contains some third party components, but seems mostly fine with simple components, memo, edits, buttons, etc. So there is come magic going on in the modified forms unit that SVCom uses. But I was always concerned about long term support for new compilers, since SvCom has obscure licensing checks which is why I've been updating and supporting DDService for several years and now use it for all my server applications. Angus