Angus Robertson

I am still seeing those debug lines in my main web server application, but not in two other ICS sample web servers. But this is purely something I see under the Windows 11 debugger, the server itself on two Windows Server 2018s is handling tens of thousands of requests daily and one Windows Server 2022. My other Windows 11 DNS problem turned out to be no gateway on one of the two network adapters. Angus

ICS includes an updated version of THTMLParser from Dennis Spreen 20 years ago, very simple, just works. https://svn.overbyte.be/svn/ics/trunk/Source/OverbyteIcsHtmlPars.pas Angus

RcptName name is used for the SMTP protocol, HdrTo is used to build the message header, and it is normal for that to have friendly name and email address. The component does not add them together, although some SMTP forwarders and POP3 servers may do so. RcptName is sometimes added by servers as X-To: header or similar. Angus

I don't test OverbyteIcsDDWebService for each new release because it has dependencies outside ICS, but it is next on my list to add support for OCSP, next week as well. Angus

I did some initial testing, and the version of OverbyteIcsSslMultiWebServ in SVN has the comment 'Added authentication using POST requests.' There were no relevant changes to the server itself. But I'll be doing some more work on POST uploads and authentication next week, so will test it again before the next release. Angus

I'm not sure that this is actually a problem, since ICS already has various derived components like: THttpAppSrv = class(THttpServer) which don't give any errors. But I don't see any purpose in setting the name FWSocketServer.Name either, it might have been used for debugging a long time ago, but I've just removed it from my copy so your problem will go away, unless anything thinks the name is needed? Angus

Done a little more research, to connect to this site needs literal SslOpt2_LEGACY_SERVER_CONNECT adding to SslContext.SslOptions2. With OpenSSL 1.1.1 this defaulted set, but with 3.0 is not set due to: Angus

I'm now seeing the same 'unsafe legacy renegotiation disabled' error on both sites with OpenSSL 3.0, but that error did not happen with 1.1.1. So better, but not really fixed unless it really is an OpenSSL error that few other sites show up. Angus

I added the TSslHttpRest REST component four years ago, to speed up application development by combining several other ICS components needed for HTTPS applications together and building parameters in various ways. It is used for OAuth2 authentication, TIcsTwitter, TIcsRestEmail (Gmail and Outlook), TDnsQueryHttps, TIcsSMS, TIcsInetAlive and SSL/TLS certificate ordering TSslX509Certs. The last ICS TSslHttpRest release added various file downloading strategies, including resuming failed partial transfers, the next TSslHttpRest release will add various file uploading strategies using POST including multipart MIME with metadata content. Ideally, there will be new components to simplify access to various cloud services, ie TIcsMsAzure, TIcsGoogleCloud, TIcsAmazonCloud, TIcsOSSwift (Open Stack), TIcsMsDrive, TIcsDropbox, perhaps TIcsWebDAV if still used. I'm old-fashioned, I don't use any cloud facilities, I just have hosted Windows servers in a rack running the ICS FTP server for all my own upload and download needs. So supporting these various cloud protocols needs research and accounts, and a lot of reading and testing, and decisions of which specific APIs need support from a component. But I guess various ICS users are already using one or more of these cloud providers with their own applications, perhaps also with non-ICS components. Ideally I'd like such users to take ownership for developing and testing the component for a specific cloud service, based on a common template, while I update TSslHttpRest to support the extra features like multipart MIME needed, So is anyone using ICS for cloud storage? Angus

Sorry, I did say I was unable to connect to depatisnet.dpma.de with either version of OpenSSL, it was www.dpma.de that connects with 1.1.1 but not 3.0. Not sure what this means, could be OpenSSL has improved security that now breaks the site. depatisnet.dpma.de appears to be configured differently, so always fails. Someone using Wireshark may be able to interpret the handshaking, but that won't fix anything. It's frustrating that the browsers work, why? You could try looking for a proxy that works, but they are often based on OpenSSL. Angus

Currently, the ICS REST component sample does not include file uploading, only building, sending and parsing parameters. There is an old non-SSL sample \WebDemos\ OverbyteIcsHttpPost.dpr that illustrates four different methods for uploading a file using POST, including multi part MIME, which may be tested against the ICS web server samples to receive files. It really needs combing with the OverbyteIcsHttpRestTst.dpr sample for modern use. Angus

ICS V8.68 supports both OpenSSL 1.1.1 and 3.0, you don't need to use an old version. By default it looks for the 3.0 DLLs, then 1.1.1, or GSSLEAY_DLL_IgnoreOld and GSSLEAY_DLL_IgnoreNew control which is loaded. Angus

Done a little more research. SSL Labs tests www.dpma.de okay, but it warns does not support Secure Renegotiation. Using ICS and OpenSSL 3.0.2 I get a different error to depatisnet.dpma.de, 'unsafe legacy renegotiation disabled', but I can connect OK using OpenSSL 1.1.1. There is an OpenSSL issue about this, but it seems OpenSSL is removing support for unsafe negotiations which some older servers try to use. The ICS REST component specifically disables renegotiation, but even enabling it does now allow connection to either web site. So I'm afraid my earlier comment stands, misconfigured web server. Angus

In technical terms, depatisnet.dpma.de is a crap web site! Just run an https://www.ssllabs.com/ test and it says 'Assessment failed: No secure protocols supported' which is very rare, normally poor sites scrape through with a D or E assessment for old protocols. As you say, normal browsers seem to display the page OK, perhaps there is some scripted magic relocation going on or the server does not like our Agent string, but that should only be checked once SSL is negotiated. Rather than using TSslHttpCli, you should start new projects with TSslHttpRest which handles all the SSL and logging for you, look at the OverbyteIcsHttpRestTst.dpr sample. Unfortunately OpenSSL does not provide explanation for protocol errors, they just fail. Angus

The old download page exists, http://vclzip.bizland.com/v4src.htm but all the source downloads are password protected and you can not buy a new license. But maybe someone not using theirs would sell it? I still use VCLZip. Not sure if Kevin is still around, would have been good if it had been made open source. Angus

Ditto, I use Delphi 2007 (and 10.4 and 11.1) on Windows 11. Learnt 10 years ago that I needed a backup of the four NET target files, and have restored them numerous times since after Windows Updates. Sort of related, I also have a workaround that brings the old Windows Help 32 system back to life, as used by Delphi 7 and many other applications from 20 years ago, but which was removed from Windows Vista and later https://www.magsys.co.uk/apps/ Angus

I agree Pointer() would be better here, and probably in many other places in ICS... Angus

That function should not be using RcvdCount, it may not be accurate when it is called. Most components receive data into a fixed size buffer, not a string, I'll change it next week. Angus

VLCZip was commercial software sold with Delphi source, last release was about 15 years ago, but I still use it in my applications. It never became open source. So really need to replace it, but adding a DLL to my projects is a non-starter. ZipMaster should ideally build the C code into a DCU so that it can be linked directly, but this would be needed for all compilers. I still use Delphi 2007 for some of my historic projects, too much work to update them. Or built to OBJ files like ZLIB that can just be inserted into a PAS unit? Angus

Bottom line is testing multiple variants of authentication and proxy settings is a nightmare, takes a long time to setup all the testing environments locally, so if you want this investigated we will need access to the proxy and server to which ICS is failing to connect. But won't have time to look for at least a week. The change three years ago was done by a user accessing a Windows domain with single sign on, but I guess not via a proxy, which I can not test. Angus

Did you work out the Device Installation Class under which your modems are installed, other than Modem or Ports? It should be a single line change to enumerate a new class. Angus

It's unclear to me from the readme and help whether ZipMaster is a linkable Delphi component or a DLL with a Delphi interface. The documentation seem to assume you are familiar with the component and not migrating from something like VCLZip. Angus

The Ansi warnings relate to my updated version of AsyncPro adport.pas unit that allows named COM ports to be opened, but this is for 4.06, not recent Unicode versions, you'd need to update whatever Async Pro you are using with my very minor changes. Strange the component did not find one of your modems, although it did find 18 other COM ports you've previously installed. Can only guess Samsung has installed it using keys, you'd need to check what they are and update the component. Angus

The Magenta Hardware Components download includes compiled demos for all the components. Angus

I released Magenta Serial Port Detection Component free earlier this year, part of Magenta Hardware Components at: https://www.magsys.co.uk/delphi/maghardware.asp It finds serial ports by several methods. Angus