Angus Robertson

Thanks, not sure why the content checking is so strict, but added your fix to my copy, will be in SVN with the next batch of updates next week. Angus

ICS SMTP access also supports OAuth2 authentication as standard, which may be required for some Microsoft accounts. Angus

You should be using the TIcsMailQueue component, there is a working mass mailer example in OverbyteIcsMailQuTst.dpr. You prepare mail using TSslSmtpCli, the queue component saves it as an EML file and places it into a queue from which a thread tries to send it repeatedly to multiple SMTP servers, and when sent successfully the EML file is either deleted or archived. At least I hope it's the correct EML format, I've never tested with other applications. Angus

SFTP and FTPS can mean anything people want to mean, using those letters without explanation is confusing. Angus

If by SFTP you mean secure FTP rather than Simple FTP (a UDP protocol), ICS has a sample OverbyteIcsSslMultiFtpServ.dpr which is really designed to be a Windows service application. It supports multiple SSL hosts with multiple listeners, can order it's own SSL certificates and will create self signed certificates for any missing, and will email status information and errors to an administrator. This sample is really a commercial FTP server and just needs the addition of user accounts. Angus

Your TMyRec would not work as a header since the String types point to memory and only the pointer would be sent, it needs fixed length elements and ideally Length: Integer at the start set to the actual length, so the application decoding it can handle changes in the record in the future. Angus

As we explained previously, you need to design a protocol with a header to explain what type of data you are sending and how much. One well known such protocol is HTTP which ICS supports, and is much easier to use than designing your own. One standard in most protocols is that text is terminated with CRLF at the end of each command or line, which your SendStr does not do, but which can be useful to know that a complete line has arrived for processing and potentially to recognize that text is being sent, although binary files may potentially include CRLF. Angus

Magenta Hardware Components is a set of six main components for Delphi 2007 to Delphi 11.0 and later, as follows: 1 - Magenta Serial Port Detection Component which contains serial COM port enumeration functions, using several methods which can identify different ports depending on how they are installed, all are combined and a sorted array returned with friendly names and install information. 2 - Magenta Hardware Events Component that listens for Windows hardware event messages and calls events handlers for device changes such as serial ports, disk volume changes, low disk space events and power events. 3 - Directory Changes Monitoring Component, that notifies changes in a directory such as file or directory Create/Delete/Modify/Rename. 4 - Magenta GPS and Location Component is designed to process GPS location data from various sources with an event triggered when movement is detected. GPS sources supported include Windows Location API, NMEA 0183 sentences, GT02 GPS Tracker Protocol, TK102/103 Tracker Protocol and WondeX/TK5000 Tracker Protocol. Sample shows movement track on a Google map. 5 - Magenta Firewall Component has functions to search and list selected Windows Defender Firewall rules and settings, and to add and remove such rules. There is also some code that may be used in Inno Setup scripts to set-up firewall rules during application installation. 6 - Magenta Check Disk and Format Disk component used to format fixed or removable disk drives and perform disk checks on Windows NT4 and later. More details and download from: https://www.magsys.co.uk/delphi/maghardware.asp Or SVN: https://svn.magsys.co.uk/svn/maghardware/ Magenta Hardware Components are freeware, but are still copyrighted by Magenta Systems Ltd who may change the status or withdraw it at any time, without notice. Angus

ICS V8.68 has been released at: http://wiki.overbyte.eu/wiki/index.php/ICS_Download ICS is a free internet component library for Delphi 7, 2006 to 2010, XE to XE8, 10 Seattle, 10.1 Berlin, 10.2 Tokyo, 10.3 Rio, 10.4 Sydney and 11.0 and C++ Builder 2006 to XE3, 10.2 Tokyo, 10.3 Rio, 10.4 Sydney and 11.0. ICS supports VCL and FMX, Win32, Win64 and MacOS 32-bit targets. The distribution zip includes the latest OpenSSL 3.0.1 win32, with other versions of OpenSSL being available from the download page. Major Changes in ICS V8.68 include: 1 - V8.68 is a minor release, mainly HTTP client and server improvements including new request and response headers to assist browser caching and conditional requests, improved error reporting to help diagnose failed HTTP requests, and improvements in the HTTP REST component allowing it to save files including resuming failed downloads and download files of any size. There are minor fixes in various components, and updates to installing on MacOS and C++ Builder. There is also a new File Clean-Up demo ideal for deleting the old log files that many applications (including some ICS samples) leave on systems. 2 -The HTTP client TSslHttpCli now keeps the Etag response header as ResponseEtag, allowing applications to save it with the page content, and when requesting a refresh to add the request method ReqIfNoneMatch or ReqIfMatch to avoid downloading the page again. Improved RequestDoneError to give more information than a simple abort, added httperrOutOfMemory and httperrBgException which happen while receiving and processing data in the OnDocData event and httperrSslHandShake. For range downloads, added the ContentIfRange request header which can send an RFC1123 date or Etag so a partial download only happens if the file is unchanged. 3 - Previously, the HTTPS REST client TSslHttpRest always downloaded content to a TMemoryStream with content size being limited to MaxBodySize (default 100 MByte), and generally restricted by memory to less than 250 MByte. To remove this limitation, added the HttpMemStrategy property with THttpMemStrategy on how to handle downloads: HttpStratMem only TMemoryStream; HttpStratTemp uses a work file in the system temporary directory for sizes larger than MaxBodySize; HttpStratFile always writes a named file HttpDownFileName (with .part extension during download); HttpStratResume is similar to HttpStratFile but supports resume of failed partial downloads (with .http extension for resume information). Property ResumeMinSize defines the minimum sized partial file that should be resumed, rather than start again (default 64K). Added ShowProgress property that causes download information to be sent to the OnHttpRestProg event. 4 -The HTTP server TSslHttpServer now supports the If-Range, If-Match and If-None-Match request headers for conditional pages using Etag or last modified date, and sends 304 not modified for matches, to help with caching. Added an ETag header to responses in AnswerStream and AnswerPage when we can create one from a file modification date and size (base64 CRC32), or if the EntityTag property is specified in the client onGetDocument event before using hgSendDoc or hgSendStream, perhaps a CRC32 of the entire content from a cache. The 304 not modified response now includes more recommended headers. Also add a Date: header to AnswerStream and AnswerPage responses to help with caching. 5 - The Multi HTTPS client TIcsHttpMulti has been updated to a fix a problem that meant large files failed download with only an abort error if too large for TMemoryStream, now downloaded to TFileStream with .part extension and renamed up successful completion. 6 - The previous ICS release added support for the OpenSSL 3.0 release. Now it's been available for three months it has been added to the main distribution, the samples SslInternet directory now has both OpenSSL 1.1.1m and 3.0.1. ICS now supports YuOpenSSL 3.0 and 1.1.1 versions as commercial DCUs allowing applications to be used with OpenSSL without needing separate DLLs. 7 - In TIcsFileCopy, the DeleteFiles method now supports a new Zipped property so files are zipped with .zip extension before being deleted, useful for cleaning up old logs to save space (requires VCLZip). The OverbyteIcsXferTst,dpr sample has a new File Clean-Up tab to test the multiple DeleteFiles method, it allow files older than x days or a specific date range to be archived/zipped (to save space) or deleted, ideal for deleting the old log files that many applications (including some ICS samples) leave on systems. 8 - In the FTP client TSslFtpClient, using the PORT command to set Active mode now prevents other FTP clients sharing the same port number and address, usually only a problem with a small port pool (which is not recommended). 9 - Updated the trusted root certificate bundle files, lots of changes from Microsoft since June, Google is now issuing it's own certificates. Updated the build-in sslRootCACertsBundle, few gone, now total 59 certificates commonly used. 10 - ICS should now build with C++ for RAD Studio 10.4 and 11.0, fixed the 11.0 packages and various Windows API related units, including for Win64. More detailed release notes are at http://wiki.overbyte.eu/wiki/index.php/ICS_V8.68

Thanks for the fixes, I've done 3, 4 and 5, all my mistakes adding new features for Windows. Will be in SVN shortly. But I don't understand 1 and 2, can not see why there would be a fatal error on line 162 or what fix you actually made to stop it. Angus

@anonymousaccount I've fixed the FTP server bug, you found the correct location of the bug but the fix was slightly different. Should not matter now since I assume you are using the new FTP server sample with IcsHosts. Will be in SVN shortly. Angus

I know, really can not be bothered with modern styles, it's content that matters to me! Sorry, should really have posted this in third party, did not realise there was a main forum as well as the sub-forums. Angus

We don't test ICS on MacOS, since the developers don't have access to any Apple hardware. So we are dependent upon contributors here to test ICS on MacOS and fix any bugs, which we then incorporate in the distribution. You may find using a much older version works better, except for obsolete OpenSSL versions. And we don't provide OpenSSL for MacOS either. I'll fix the TMsCertTools error, that is Windows only so should not build on MacOS. I'll look at the others, but they are not Windows specific. Angus

The onDataAvailable event is called repeated as more data arrives, you need to keep adding data to the receive stream until the connection is closed or your protocol signals the stream has received all that intended (why there are headers in HTTP). TWSocketThrdClient and TWSocketClient relate to ICS server components and won't help in this case. Angus

As François has said, to send binary files you should really be using a high level protocol like HTTP or FTP. If you really want to invent your own protocol, you will save a lot of time and effort by using the newish TIcsIpStrmLog component that can be configured as a client or server, and is really a much easier to use version of WSocket. There is a sample application OverbyteIcsIpStmLogTst.dpr that has a local mode, where the sample runs as both a client and server sending and receiving lines of data to itself. The component has a simple method SendStream that sends a stream of any size read from memory or a file, your earlier example with Send assume Windows can buffer your entire image, which will only work for smallish files. There is a onLogRecvEvent event that returns a string with received binary data you can write to a stream, but you will need to design a protocol to know the file name or type of data being received, it will be returned in variable sized chunks. Angus

Let’s Encrypt / ISRG has today fixed a problem in the server software that issues certificates validated with the “TLS Using ALPN” method, that meant some existing certificates could have been incorrectly issued (they estimate 1%) and is therefore revoking those certificates at 16:00 UTC on 28 January 2022. This will cause servers using these certificates to display untrusted warnings in most browsers and applications that check for revocation. ICS applications using servers with Hosts that automatically order SSL certificates using CertChallenge with ChallAlpnApp will be using these soon to be revoked certificates. Although ICS servers check the validity of SSL certificates, they do not currently check for revocation, mainly since this is the first time in 20 years of my using SSL certificates it has happened. So manual intervention is needed in the next two days, simply delete the certificate file specified in the host property SslCert and restart the server. Upon startup, the server will create a self signed certificate to allow it to start, then immediately order a new Let’s Encrypt certificate which should be downloaded and automatically installed within about 15 seconds. If the server application implements regular certificate checking with the RecheckSslCerts method (the OverbyteIcsSslMultiWeb/Ftp samples do that every two hours), the new certificate will be ordered without restarting the server. ICS client application are not directly effected by these certificates being revoked, unless they access servers that have not replaced the revoked certificates and implement certificate chain checking using the Windows store with the SslRevocation property set true. Because checking revocation slows down connection time, many applications don't do it. But I will look at implementing it in ICS for use with our PEM CA bundles and servers in particular. Anyone whose applications have ordered Let's Encrypt certificates that are about to be revoked should have received an email warning already. https://community.letsencrypt.org/t/2022-01-25-issue-with-tls-alpn-01-validation-method/170450 Angus

You should be using the OverbyteIcsSslMultiFtpServ.dpr sample which was introduced with V8.65, supporting implicit and explicit connections at the same time using multiple listeners, the FTP server hosting ics.ftptest.org has 10 listeners for various services. It also orders Let's Encrypt SSL certificates automatically, although not the multi-domain wild card one shown earlier which was done using another sample. It seems I did not update the old OverbyteIcsSslFtpServ sample for V8.,65, so perhaps the server changes were not backward compatible (we try to avoid that) and I never tested it. I'll put it on my list to check, but won't be making your suggested change since that will break new servers. Angus

To clarify, you are reporting a problem in the ICS FTP server relating to SSL port 990 connections relating to changes made in V8.65 a year ago? What is your actual problem, the code change works fine in my testing with implicit FTP, you can try itself by accessing my public server ics.ftptest.org with anonynous login: Connect/Logon to FTP Server: ics.ftptest.org:990 ! SSL Connected OK with TLSv1.3, cipher TLS_AES_256_GCM_SHA384, encryption AESGCM(256), message auth AEAD ics.ftptest.org SSL Connected OK with TLSv1.3, cipher TLS_AES_256_GCM_SHA384, encryption AESGCM(256), message auth AEAD ics.ftptest.org SSL Chain Verification Succeeded ics.ftptest.org 3 SSL Certificates in the verify chain: #3 Issued to (CN): *.ftptest.co.uk Alt Domains (SAN): *.ftptest.co.uk, *.ftptest.org, *.ftptest.org.uk, *.ftptest.uk Issuer (CN): R3, (O): Let's Encrypt Expires: 2022-03-21T16:06:48, Signature: sha256WithRSAEncryption < 220-ics.ftptest.org < 220-ICS TFtpServerW (c) 1998-2021 F. Piette V8.67 < 220 Server: MAGPUB5 at 2022-01-16T13:52:52 FTP Session Connected OK to: [2a00:1940:2:2::142]:990 > HOST ics.ftptest.org < 220 HOST Ok, FTP Server ready. Angus

So there is no HTML and your questions are not really about our proxy, but just how to convert a binary buffer into a string, for which you can use IcsMoveTBytesToString and IcsMoveStringToTBytes which is what the proxy uses. Angus

Please stop sending your comments as private messages as well, I do read this forum, when I'm in the office. Why do you specifically want to use OnDataSendTar and OnDataRevcTar events, they are very low level. If you want to modify headers and/or body, you should be using onHttpReqBody, onHttpRespBody, onHttpReqHdr, onHttpRespHdr, which have a simple String property you can update. If you change the body length, you map also need to change header fields. Angus

Also, our recent OpenSSL DLLs no longer work on Windows XP either, and ICS has removed support for unsupported OpenSSL versions that might still work on XP. We also digitally sign the OpenSSL DLLs and older versions of Windows XP do not recognise the root certificate used today. If you want to support the latest security standards, you need Windows 10. Angus

530 5.7.0 Must issue a STARTTLS command first. - this simply means the server requires an SSL/TLS connection, and you have not sent the command to start it. You are using the old sample that does not support SSL, you should be using OverbyteIcsSslMailSnd.dpr or OverbyteIcsMailQuTst.dpr (but that may not be in old versions). The ncrypt.dll missing error means new versions of ICS are no longer supported on Windows XP, sorry. I recently added some functions to access SSL certificates and private keys that needed newer Windows APIs not in Windows XP. ICS V8.66 is probably the last that supported Windows XP, I'll update the documentation. Angus

Since XP has been obsolete for several years, we don't test ICS against it, only Windows 7 and later, and that will be dropped soon. But there shouldn't be anything specific in ICS to stop it installing. What specific errors did you get with V8.58, and with V8.68? Angus

ICS V8.68 is now also available from GetIt in RAD Studio 11.0. Angus

Did a quick Google search for the error, seems the developer has messing with this 'security feature' for years causing a lot of problems, and recently with TLSv1.3 that changed how sessions are created. and in fixing 1.3 probably broke 1.2. What is really needed is the tick box to turn off the feature, which seems to have gone. I'm removing the port from the session cache name anyway, since conceptually it is wrong even if it does not fix this particular bug, it should save one TLS session set-up. Angus