Angus Robertson

Perhaps FastCGI instead, which runs continually. I'm just updating the Jose stuff to handle the server side of Json Web Signing/Tokens for REST servers, currently it only does JWS/JWT for REST clients, and was thinking about how it could be used with web servers other than ICS, FastCGI seems a possibility. TIcsMailQueue can be used separately to queue and send email, the queue format is standard SMTP pick-up as used by Microsoft, although I've not used it like that. Angus

You could also try using TIcsMailQueue which sends mail in the same way as TSslSmtpCli but runs a mail queue with repeated retries to multiple servers on failure. Your application would need to keep running until the queue was empty, and not run multiple copies, but mail is more likely to be delivered. Angus

Your console application will need events so you can not really take any short cuts. There is a sample Samples\delphi\MailNewsDemos\OverbyteIcsConSmtp.dpr that should help. Angus

Thanks, will be fixed in SVN later today. Don't fire up Delphi 7 very often. Angus

Historically I prefer major non-Microsoft applications at root level, easier to find. no access restrictions is a bonus. I also installed all Delphi samples and common files in the same directory, and third part libraries, to keep versions from different releases separate. And I do that in VMs with multiple copies. I also prefer my own directory naming convention of real names rather than RAD studio version numbers which almost no-one uses. Angus

I keep the last two versions on my main development PC, plus D2007, so uninstalled 10.2 before installing 10.4, and 10.3 is still fine. I have VMs with all the old versions. For the past 20 years, I've installed Delphi in my own named root directories, never program files, but just realised that I was never offered a choice of install directories while installing 10.4 from the ISO, or if I was, missed it on some cluttered screen. So it now seems to be buried in program files... Angus

Depends what you think SFTP means, there is no standardised protocol with that name. If you mean FTP over SSH with a private key, ICS does not support that. If you mean FTP using SSL/TLS, then ICS does support it, But the source code is not as simple as you think, clients don't need a private key or SSL certificate, only servers, unless you are trying to implement client certificates which is very rare. ICS also does not recognise files with extension PPK, nor whatever content you have in it which is what the OpenSSL error effectively says. But you don't need it. There are several ICS FTP example applications, I suggest you build Samples\delphi\sslinternet\OverbyteIcsXferTst.dpr first. Angus

ICS V8.64 has been released at: http://wiki.overbyte.eu/wiki/index.php/ICS_Download ICS is a free internet component library for Delphi 7, 2006 to 2010, XE to XE8, 10 Seattle, 10.1 Berlin, 10.2 Tokyo and 10.3 Rio, and C++ Builder 2006 to XE3, 10.2 Tokyo and 10.3 Rio. ICS supports VCL and FMX, Win32, Win64 and MacOS targets. The distribution zip includes the latest OpenSSL 1.1.1g win32, with other versions of OpenSSL being available from the download page. Major Changes in ICS V8.64 include: 1 - ICS now supports International Domain Names for Applications (IDNA), i.e. using accents and Unicode characters in domain names. Domain names can only contain lowercase ASCII letters and numbers and a couple of symbols, so Unicode U-Labels (nodes in a domain) must be converted to A-Labels (Punycode ASCII) with an ACE (ASCII Compatible Encoding) prefix. So www.mâgsÿstést.eu becomes www.xn--mgsstst-pwa1e4l.eu and мособлеирц.рф becomes xn--90aijkdmaud0d.xn--p1ai. 2 - Added a new WMI component based on the Magenta Systems WMI and SMART Component which allows listing all WMI classes, adding and updating network adaptor IP addresses, and adding and updating records in Windows DNS Server (2012 and later). 3 - For SSL/TLS servers, the initial client hello sent before protocol and cipher negotiation starts is now available in the onSslServerName event, when it is easier to select the SslContext to be used on shared servers supporting lots of hosts. 4 - There are various improvement for SSL/TLS servers using IcsHosts. NonSSlPort may be zero for to allocate a random port (not for SSL), the new BindPort and BindSrvPort properties show the real port while listening, reported by ListenStates. If SslCert can not be found the server will create a self signed SSL certificate with all the HostNames so the server can start. 5 - There are many X509 SSL certificate ordering improvements from Let's Encrypt using ACME. All the ACME challenges are now supported. tls-alpn-01 which works on SSL port 443 using a special self signed certificate thus avoiding a server running on port 80 as well. dns-01 which updates Domain Name Server TXT records to avoid using any servers, allowing wild card orders, currently Windows DNS Server on the same server, but Cloudfare is planned. Note the OverbyteIcsX509CertsTst sample running on a Windows DNS Server is able to order a certificate with multiple wildcard and normal domain names automatically in a few seconds, where a similar commercial certificate would cost at least $100 per wildcard. 6 - TRestParams used with the TSslHttpRest component, has more parameter content types: PContXML, PContBodyUrlEn, PContBodyJson and PContBodyXML. The existing PContUrlEn and PContJson now specify REST params are sent as URL ? arguments, while the PContBodyxx version send params as content body. XLM parsing into an ISuperObject has been added so SOAP and XML REST responses can be processed similarly to Json responses. 7 - The TFtpServer component has a new TFtpOptions ftpsAuthForceSsl which requires SSL/TLS before allowing the LOGIN to be processed so that clear text credentials can not be sent. May also be set using IcsHosts with AuthForceSsl=True for specific Hosts only. Failure gives '533 USER requires a secure connection'. 8 - Added a Websocket server implementation (HIXIE and HYBIE protocols) ported from phpws project, written by Stan Korotky <stasson@orc.ru>. There is no a specific component for websockets, they are handled internally from a custom TWebSockSrvClient. 9 - Did a refresh of the three SSL/TLS trusted root certificate bundles included with ICS, to add new roots and remove untrusted certificates. 10 - Added CreateSelfSignCertEx to OverbyteIcsSslX509Utils to create self signed certificates with subject alternate names and specific key types. More detailed release notes are at: http://wiki.overbyte.eu/wiki/index.php/ICS_V8.64

The ICS V8.64 distribution includes packages and project groups to install on Delphi and C++ 10.4 Sydney. and is available via GetIt for 10.3 and 10.4, Angus

Power broadcasts give warnings when the system is about to close down, while designed for battery powered kit, they do work on desktops, my PCs have USB connection to the APC UPS so can close down early. Can not say specifically under what circumstances these messages appear, but belt and braces when saving data... PBT_APMBATTERYLOW: mess := 'Battery power is low' ; PBT_APMQUERYSUSPEND: mess := 'Request for permission to suspend' ; PBT_APMSUSPEND: mess := 'System is suspending operation' ; Angus

You should also listen for WM_POWERBROADCAST, but this has to be set-up to work, WM_ENDSESSION and WM_QUIT, lots of ways of closing down. Angus

Thanks, will be fixed today. Angus

You should be repeating RestRequest and not using DoRequestAsync so the request is properly initialised, missed that, other problems may occur attempting to make this a class. Angus

Many thanks, also fixed EVP_DigestVarifyInit. That may get be closer to finding an ECDSA signing bug I've been looking for on and off for a couple of years, its shown up another error in code that was bypassed previously. Are you using the signing functions and finding problems, is that why you are finding all my API conversion errors? Angus

You should be using the onHttpRestProg event with DebugLeve=DebugBody so you can actually see any error messages and what is really happening. But please don't post long logs here, no more than a few pertinent lines. Angus

As I said, you are recursively starting a new HTTP request from the within an event called by that request, you need to start the next request outside the event, either from a timer as I suggested, or by sending a message to a function that starts the next request. Sleep stops messages being processed so defeats the concept of event driven programming, it should only generally only be used in threads that don't do anything else. Angus

Not looked closely at your code, only got as far as sleep in an event handler which is very bad design. You are also recursively starting a new request from the event, which calls the event again... To use async functionality properly, you should use a timer and triggers. ICS provides such functions in OverbyteIcsUtils, ie IcsGetTrgSecs, IcsGetTrgMins, IcsTestTrgTick which are used in OverbyteIcsSslMultiWebServ1.pas as an example. You set a trigger in the event to how every many seconds you want to wait, then test it in a timer triggering once a second or slower, then start the next request. Angus

Also use TSslHttpRest instead of TSslHttpCli since this avoids you needing to use an SslContext in your application, look at the OverbyteIcsHttpRest sample. Angus

From that extra information, I assume the first POST attempt succeeded, you then had a time out due to a bad connection and it died., This goes back to what I said yesterday, Windows keeps trying to open a TCP connection and you can not stop it early with a timeout, only by freeing the socket and starting again with a new socket. This is nothing to do with threads, just standard TCP connections. And why we recommend using a array of several hundred dynamically created THttpCli components all using async methods running in parallel sharing the same events for testing lots of remote sites. No threads necessary. Angus

Sorry, no idea. When used correctly, THttpCli just works. You ned to add some logging to see what you are not sending for what responses you are receiving. Angus

TIdThread is not an ICS component, probably Indy, which may mean you have mixed two libraries. May or may not be relevant to your problem. The only benefit of using threads with ICS to download multiple URLs is where the host is unavailable and Windows waits up to 30 seconds attempting to connect, blocking other actions. Apart from that, ICS will do several hundreds downloads in parallel. The most important issue if you really need to use threads is to make sure the ICS message pump is called in a solid loop if using async methods. Angus

And Microsoft says Windows will ship with MsQuic in the kernel, https://techcommunity.microsoft.com/t5/networking-blog/msquic-is-open-source/ba-p/1345441 Angus

Clouldfare supports QUIC/HTTP/3 now, so it's not just Google and has published speed comparisons. https://blog.cloudflare.com/http-3-vs-http-2/ We don;t expect any problem updating ICS to support OpenSSL 3.0, but won't do it until the API is stable with the first beta release in a month or two. OpenSSL plans QUIC/HTTP/3 for the release after 3.0, six to 12 months away. Hard to know how hard it will be to implement in ICS, but we'll certainly have a go. Supporting LibreSSL in ICS is possible, the API interface library is designed to support different OpenSSL versions dynamically, the main issue is LibreSSL has 'improved' some of the OpenSSL APIs, many macros are now function calls instead (good thing), So quite a lot of effort required to support LibreSSL with no obvious improvements to end user applications,

OpenSSL plans to add QUIC but not until stardardisation is closer, Google has been pushing this for 10 years or so and no standard yet. https://www.openssl.org/blog/blog/2020/02/17/QUIC-and-OpenSSL/ Angus

Sorry about that, must have forgotten to upload the 1.0.2u files to the wiki server, done now. However both 1.0.2t files come up as downloadable, not tried doing so. Angus