Angus Robertson

The new certificate issued this morning is fine, but the server should really be setup to automatically renew it a few days before it expires, rather than waiting until after it has expired, I saw the expiry warning this morning as well. Angus

ICS V9.4 is now available from GetIt for Delphi 11 and 12. Angus

ICS has always supported the Content-Disposition: form-data header for POSTing files, but seems to bypassed Content-Disposition as a HTTP response header, declaring content as inline or attachment with a file name so it can be saved. We tend to look at Content-Type to determine if content should be saved. So I plan to add web server support to send Content-Disposition: inline and Content-Disposition: attachment, and client support to parse the header and file name. But also wondering whether Content-Disposition should be sent as a request header when POST/PUTing a single file as binary, to avoid needing to base64 encode it within form-data, which is a major overhead for gigabyte sized uploads. Actually easy to add to the REST component that already has such an upload and the web server samples that save such data, but taking the file name from a URL parameter. Done a little Googling, but can not see any official use of Content-Disposition as a request header, maybe I missed something? Any thoughts, is it worth adding to ICS? Angus

The release notes and DelphiPraxis announcements covered that: Also note when building the ICS packages for the first time with 3.4, there may be a dialog 'entry point could not be located', because the new DLLs are only extracted from the resource files when the first application is run, but the packages have built OK. Angus

Sorry, unless I reproduce bugs, hard to fix. Angus

xx{ $ENDIF MSWINDOWS} initialization {$IFDEF MSWINDOWS} xx {$ENDIF MSWINDOWS} Angus

The new ifdef should be one line lower. Angus

I tested D9.4 building OK in D2007, but I no longer have a license for D2010. Line 3825 is beyond the end of the unit. It could be the compiler does not like the if/ends You could try adding a new {$ENDIF} before initialization and {$IF MSWINDOWS} after. Angus

The OverbyteICSNetMon sample builds fine for Win64, built it two days ago. But there is a comment in the sample 'Pending - NPCap does not seem to work on Win64, needs more testing', and I've never had time to look into it. This code was written 20 years for Pcap and quickly updated for NPcap, perhaps I missed some stuff. In particular, it uses Windows magic to assume that a Win64 version of packet.dll is found., Angus

OpenSSL has released maintenance versions of the four currently supported versions, 3.0.16, 3.2.4, 3.3.3 and 3.4.1. There is one high security fix for 3.2 and later relating to Raw Public Keys (RPKs), but these are disabled by default and not yet used in ICS, and a low level timing side-channel in ECDSA signature computation fix that needs hardware access to exploit. These OpenSSL versions are included with the final ICS V9.4 release. Windows binary zips are available from https://wiki.overbyte.eu/wiki/index.php/ICS_Download or https://www.magsys.co.uk/delphi/magics.asp In addition to the three DLL files, the zips include compiled RES resource files that contain the same DLLs, text files and version information, see the RC file. The RES file may be linked into application EXE files and code then used to extract the DLLs from the resource to a temporary directory to avoid distributing them separately. ICS V9.1 and later optionally support loading the resource file. Beware OpenSSL 3.4 exposed a minor ICS bug creating X509 certificate requests and creating CA signed certificates, which is fixed in V9.4. or a one line change for earlier versions. Also note when building the ICS packages for the first time with 3.4, there may be a dialog 'entry point could not be located', because the new DLLs are only extracted from the resource files when the first application is run, but the packages have built OK. ICS V9.4 defaults to using OpenSSL 3.4.1, provided the new OverbyteIcsDefs.inc files is installed, with an earlier version optional by changing the Defs file. Angus

I use this function to disable and reanable all controls in a container: procedure EnableOrDisableChildren (Container: TWinControl; Enabled: Boolean) ; var index: integer; aControl: TControl; isContainer: boolean; begin for index := 0 to -1 + Container.ControlCount do begin aControl := Container.Controls [index] ; isContainer := (csAcceptsControls in aControl.ControlStyle) ; if NOT isContainer then aControl.Enabled := Enabled; //recursive for child controls if (isContainer) AND (aControl is TWinControl) then begin EnableOrDisableChildren (TWinControl (aControl), Enabled) ; end; end; end; Angus

All those checks for ? relate to non-unicode compilers converting UTF8 file names to ANSI with substitutions for bad characters, so I've made them conditional on a new property that will need be enabled for Delphi 2007 and earlier to get the same 'Skipped Inaccessible Unicode Name' error. Angus

Thanks, I'll look at this for next release due this week. Angus

You would be better to avoid using LineMode if the lines are 'unusual', always read all received data, buffer it, and check for end of line/row/packet yourself, which can be multiple methods. That is what the TIcsIpStrmLog component does, but you may need to copy the code to add more flexibility. Angus

Of course TWSocket can be used for HL7, but using TIcsIpStrmLog requires a lot less code. OverbyteIcsAppMonSrv.pas even parses the | delimited fields. Angus

Never heard of HL7, but it looks like a simple ASCII protocol, one line at a time. I'd suggest you use the TIcsIpStrmLog component in TCP Server mode which has an onRecvEvent that returns a simple line at a time, you can define the line end in various ways. The main sample is OverbyteIcsIpStmLogTst,dpr that sends and receives lines of data, including to itself. ICS V9,4 adds a new component OverbyteIcsAppMonSrv.pas that handles a text protocol very similar to your example with | as field separators, communicating between different ICS applications, with a new sample IcsAppMon.dpr use the server component to collect information from multiple clients and return information those clients. Angus

I'm aware Indy officially only supports OpenSSL 1.0.2, but that version would never give the reported error message mentioning BoringSSL, so something unusual is happening here. Angus

The reference in the error to BoringSSL is interesting, this is a Google fork of OpenSSL that is now incompatible with OpenSSL due to the many changes Google has made, but OpenSSL is currently adding BoringSSL Quantum ciphers to the next release of OpenSSL, so it goes around in circles. No-one can advise you on new ciphers without knowing which specific version of OpenSSL (or BoringSSL) you are using. For instance, the CHARH20/POLY1305 ciphers were not in older versions of OpenSSL. I did a quick search of my Embarcadero directories and can not find any OpenSSL DLLs. Angus

Adding: HttpRest.RestParams.AddItem('filename', 'anyname.jpg'); would be normal, with the real name of the file, not the path. Most servers expect the name of the file in the parameters, not the request headers. And telling the server you are sending JSON content when are you not, is just wrong. But at least it works. Angus

Extracts of code assume I'm familiar with those applications, I am not. I asked for the request headers and body content sent, so I know what these applications actually send to the server. Angus

The next release of ICS is finished, in SVN and the overnight zip. Once documentation is finished, it will be release next week. Meanwhile, testing of this version would be appreciated, so any serious problems can be found and fixed before the release. I'd particularly like C++ users to try and install it, it's okay for Win32, but getting some missing symbols for Win64, despite adding them. Angus

Due to planned OpenSSL security releases 11th February, I'm postponing the next release until those versions are bundled and tested with ICS V9.4, hopefully later that week. Meanwhile. I'd really appreciate feedback on V9.4 in the overnight zip, just saying you are using it is good, might avoid fixes needed due to bugs I've accidentally introduced. And specifically C++ users, as mention In the last message, so it can be installed by GetIt. Angus

The fact you can use Curl or Postman is not relevant to whether ICS works, it will with the correct parameters. I've looked at the Wordpress document, and tried some of the examples against a WordPress site I manage, and just get 404 errors, but it is WP 5.2.21 and I'm not the admin, so maybe the APIs are different or I'm not allowed to use them. The documentation example for 'create a media item' is ' POST /wp/v2/media' so absolutely useless. I don't know Curl either so no idea what --data-binary does. If you can post the actual http headers, body and response made by Curl or Postman, that should explain what is actually happening. Angus

Thanks, now fixed, That function is only used for diagnostic dumping of SSL packets, which I never use due to massive logs. Angus

The ICS web server should probably offer an event to make creating customised error pages easier, I've put it on the wish list. Our error pages are very minimal. Angus