Angus Robertson

To complicate dongles even more, Windows shows my Trusted Platform Module as a Security Device, but my USB dongle with a signing certificate and key as a Smart Card Reader (ACR101 SIMicro), so it;s quite probably the OpenSSL TPM engine might not recognise the latter. It comes with it's own windows drivers which work with Microsoft code signing. Angus

Yes, the ICS comments about engines say you have to extract the certificate from the Trusted Platform Module and turn it into PEM for OpenSSL, and there are TPM tools to do that. You can send commands to the TPM to query what it has. My desktop has a TPM and the ICS code signing certificate is on a USB dongle. Windows does have APIs to access the TPM, but I've never had a commercial need to look at them, TPMs have become more important this year with so many people needing remote access to secure corporate networks. Angus

Sorry, currently ICS does not support using certificates other than those loaded from files using OpenSSL functions. ICS does have support for OpenSSL engines which are essentially DLLs designed to access secure hardware such as tokens, but I've never seen such a DLL and OpenSSL has changed a lot in the 10 years since engine support was added. You can read the comments in WSocket on Apr 24, 2009 for more information. You would need to build the Trusted Platform Module project in github but it might need ICS changes to maker it work. Engines are obsolete with the next release of OpenSSL 3.0 due soon and there is a new way to access secure hardware so we may revisit this if someone provides a TPM provider which is the new way. I don't believe there is any possibility of OpenSSL accessing certificates and private keys in the Windows store. Not sure if Indy has current engine support. Angus

I never mentioned USB tokens, nor did you, no idea how they relate to a discussion about the windows store. Private keys are often stored on hardware security devices precisely to stop them being copied. Angus

These MacOS changes are now in SVN and will be zipped overnight. Angus

Thanks for joining this thread and helping to get ICS working on MacOs64. I've updated Ics.Posix.KEventTypes,pas with your fixes, but am wondering whether I should also be changing WSocket to use EV_SET64 and TKEvent64 instead of EV_SET in TIcsEventQueue? Or does MacOS64 support both. Not in SVN yet. I don't believe there is much point in trying to retain MacOS32 compatibility going since 10.4 no longer supports it. Regarding your off-list comment about TMultiReadExclusiveWriteSynchronizer and ThreadID, I did change this to ThreadID: TThreadID; last week to match all other instances. Please be aware I can now build for Linux64 but not for MacOS since don't have any Apple hardware, so I can catch general Posix compiler issues, but not Mac only issues. And the Linux message handler is not done yet. Angus

If GetIt says it's trying to open a file on your local PC, that will be fixed by changing to online mode. It should be intelligent enough to recognise that error on it's and use online mode. Angus

I'm amazed this problem is not fixed yet. It happens if you install a new release from an ISO image or DVD which used to be a separate installer, but now uses GetIt in offline mode pointing to a massive file locally. This all works fine, except once it completes GetIt continues to look in that massive file for all the components you now need to re-install instead of looking online. The important line is 'GetItCmd.exe -c=useonline' which is used once. Angus

Quite true, I use ICS in several Windows services. However all windows services need a message loop, that is how they are stopped and controlled. Obviously not the case with Linux. Angus

ICS Windows console applications need a message pump anyway, and are relatively rare. I only have a single console application that sends emails when SVN is updated. An old version of ICS supported Kylix with a message pump which we could bring up to date, but if FMX supports this already, that is faster. Angus

ThreadID: Cardinal; should really be ThreadID: TThreadID; to match all other use in the unit. Perhaps there is another mismatch somewhere that has caused truncation or something? Angus

On a Windows form the entire application runs from ProcessMessages, if that is not the case with FMX then I guess it's a different design concept. Angus

Pleased you got the package built, I've put updating the sample uses sections on my list. Sorry, never tried debugging a non-windows platform. I have been wondering why ICS is using a lot of MacOS specific libraries to emulate Windows messages, when the FMX forms unit seems to have ProcessMessages which one assumes works similarly to the Windows forms unit, it might be early versions of FMX 10 years ago were more limited. But I have other delayed projects to finish and can not investigate yet. Angus

Not tried it yet, but Mida Convert sells tools to convert VCL to FMX, including various third party components: http://midaconverter.com/ Angus

This error is building the package under windows, it can not find RTL, Angus

After updating to 10.4.1, installing FMXLinux, updating PAServer to the latest, and recreating my Linux Profile, I can now build and run the FMXLinux sample, so it does all work on UBUNTU 20.04. However, when building the new ICS Linux package (which is in SVN) I now get: E2597 ld-linux.exe: error: cannot find bplrtl270.so despite adding binlinux64 to the system path. Also 79 FMX units mplicitly imported into the package. Still ned to fix the message pump, but getting closer. Angus

SVN and the overnight zip have many updated units with Posix support, most of the changes are in new units I've added or things I'd changed over the years. Some Posix is TODO, particularly ICMP/ping, ShellExec and some Windows specific file operations in OverbyteIcsFileCopy. But these changes allow the ICS FMX packages to build for the Linux 64-bit platform, and hopefully the MacOS64 platform. There is a new package IcsLinuxD104 that I'm able to build without errors, just a few hints and TODOs although final compile fails probably because I'm using an unsupported Ubuntu version. This all needs FMXLinux installed first and you will get 79 FMX units implicitly imported into the package, because FMXLinux does not have a package, or I can not find it. The main work needed is the message pump and timer support, the current implementation is MacOS specific using Apple libraries. I believe FMXLinux probably includes replacements, but it is undocumented and little source code, and without being able to build Linux applications not going to try. We have an ancient ICS version built for Kylix with a message handler that could be used, but my knowledge of Linux is zero so someone else will need to make a decision and finish the Linux implementation. Hopefully not too much effort. Angus

Seems 'Required package 'fmx' not found' really means that Delphi for Linux does not support FMX, no GUI applications. Or at least until you install FMXLinux using Getit. Angus

I wrote the Mail Queue component 10 years ago and it was available from the Magenta Systems site, only integrated with ICS early last year. For persistence, all emails are written as disk files and into database (simple text file). You specify how many attempts to send each email with what gap, which are repeated for each server (if more than one) or it will look-up MX records and send directly, but that really only works if the server has proper reverse DNS for major email providers. Once sent, the file is deleted or moved to an archive directory. The sample app has a window to view the queue in a grid to see what is left in the queue and delete stuff. and I include that window in my applications. So really all the concepts of a forwarding SMTP mail server, but it would need a better database design for heavier traffic, it really intended to send hundreds of emails at a time, not thousands. Angus

Change to using the TIcsMailQueue component, you prepare email using THtmlSmptCli after which you forget about it while a thread tries to send the mail using several mail servers over several days, all queued. Designed specifically for servers to call for help, Used in the OverbyteIcsSslMultiWebServ.dpr sample. Angus

Yes, although I only send one message at a time, I'd hope the bureau has systems in place to stop bulk SMS from bad names. The other bureau ICS supports offers the same for a price, but fixed for the account. These places are how people fake SMS, but most commercial SMS comes with a name, not a number. Angus

The Overbyte ICS library includes an TIcsSms component that uses REST to send SMS via two different British bureau with a pre-paid account , there is a demo project. Adding further bureaus is not hard, although they have their own ideas about authentication, one uses name/pw, the other a JSON block. ICS supports SMS Works at https://thesmsworks.co.uk/ which allows you to set the originating SMS address to anything you like, name or number which is cool. In the past I've used the Async Pro SMS component with an SMS modem connected by RS232 cable, had to modify the code to make it work properly, but there are more things to configure, does not work from VMs, or data centres, etc. Angus

The code exporting X509 certificates from the Windows store was designed to build Certificate Authority root bundles with which to verify SSL/TLS certificates in ICS applications, not to export server certificates with private keys, generally you already have those as PEM or PFX files from your certificate supplier. But Windows no longer has a complete CA store and downloads new roots on demand, so ICS stopped using exported certificates a while ago and builds it's CA bundles differently. If you don't have original PEM files, you can export certificates manually from the Windows store to create them, if they were originally installed with export allowed. Angus

If you use RawParams you also need to set ContentPost to say what you are posting. BTW, all the REST APIs I've used so far have accepted a Json value of 'True', but I will look at improving TRestParams, not immediately though. Angus

The RestRequest method includes RawParams string which is where pverides any TRestParams. Angus