Angus Robertson

Yes, OnSessionConnected event is fired for UDP, but should be virtually instantaneous since no traffic is sent, you should have waited until the state changed before sending anything, but send would just fail and you are ignoring errors and it would not explain the exception. Angus

Using a redundant MessagePump without threads is untested and certainly serves no purpose before making any requests or listening. If you remove it, does the code work? The LocalIPList function is an easier way to get a list of addresses as strings, you need to set family and IPPROTO_UDP protocol, the default is TCP only. Angus

I have never seen a message pump crash with ICS. But I know using a non-existent interface will fail. Been a long time since I did a project with UDP broadcasts. Angus

If you are connecting to another device, you don't need to set a local IP address, use 0.0.0.0 and let Windows worry about it. Sometimes interfaces come and go, that could cause an error. Local address is really for listening sockets, although can be used on servers with multiple IP addresses to select an outgoing address. Angus

The version of OpenSSL that ICS v5 used will not work today, the protocols have changed since then. It may be worth trying to build a subset of ICS v8 with Delphi 5, language wise it was really 64-bit streams I think which you could change, not sure when Int64 came in, that would be harder. There are also minimum version checks you'd have to disable. Or get Delphi 7 or 2007 and upgrade your project, fewer changes and testing than unicode versions, unless a simple project. Angus

I have a stress testing tool ComGen, written using ICS, that will generate multiple TCP or UDP streams (or serial RS232), short or long, sending variable volumes of custom data including HTTP,, with or without SSL/TLS. It will create up to 2,000 client simultaneous connections, with x per second, that was used for testing SSL Socket Server where the SSL connection overhead restricts how many connections a single thread can accept per second. This is all done in a single thread. ComGen is part of my ComCap package (ComCap collects data) but can be used on it;s own. Angus

There is a new ICS Multi Host FTP Server sample using IcsHosts in the overnight zip, really designed to be a Windows service application. It supports multiple SSL hosts with multiple listeners, can order it's own SSL certificates and will create self signed certificates for any missing, and will email status information and errors to an administrator. Angus

If you connect on port 21, SSL only starts if you send the AUTH command, The SslType method specifies how AUTH is used, but won't stop it. Angus

Because pure Delphi renderers are far less likely to have security holes than proper browsers, partly because they don't usually run scripts, but you also have control over what external links they load if any. We all know clicking on dodgy email links is the main way nasties like ransomware gets onto networks, sometimes just displaying an external web page. Sure they don't usually handle all the latest browser capabilities, but that is the compromise you make for safely, and you design your pages to match their capability. ICS includes a Web Browser sample using the THtmlViewer component with tick boxes to enable or disable links and external graphics. and also log all HTML and HTTPS protocol. Angus

While services should be stopped by the service manager, this won't work if if the main thread in the service has stopped and messages are not being processed. So you need a backup after repeated stop attempts with timeouts fail. the equivalent of End Task in Task Manager which sometimes is needed to stop non-responding applications. I've done this with TerminateProcess which needs a process handle which you can get from a process ID, which requires searching the process list to match exe names. I did this from a second service that monitored the first, making sure the message queue was working and a few other things. The second service also sent emails so this could be checked manually to make sure it restarted ok. Service manager should already be set-up to immediately restart a stopped service, so that part is easy once it stops. Angus

Build and test the OverbyteIcsHttpRestTst.dpr sample. The OverbyteIcsSslHttpRest.pas unit itself has several examples of how to create new components using TSslHttpRest like TIcsSMS, ,TIcsTwitter, TDnsQueryHttps (DoH) and real soon TIcsRestEmail for GMail. All with demos in OverbyteIcsHttpRestTst.dpr. Angus

Totally agree, I have no intention of vegatating in front of day time TV, which is why I still work on ICS. At leat while Moorfields Hospital keeps my eyes working, victims of diabetes. Angus

You reach an age where you really don't want to learn new stuff. I had one of the first brick sized mobiles back when UK mobile phone numbers were six digits long, but only got a modern smart phone four years ago, had to catch up. Angus

Not much maintenance, someone else set-up SVN on my public server 12 years ago and I barely touched it until Windows 2008 support ceased and I had to move it to a new server. Took a while to find out why svn; was not responding finally discovered a service svnserver.exe had been running for 12 years which I never noticed. I tried a git pull once, put me off Git for life, so complicated. Angus

Sorry I can not help. I do not use C++ Builder and have never supported it. ICS is dependent upon end users to help us support C++ and no-one did until 10.2. Also, USE_SSL support will be ceasing in ICS, it is historic and in future ICS will always support SSL/TLS as do all the new components added in recent years. Angus

For Delphi, we test without USE_SSL maybe every couple of years, never tested it for C++. We really don't have time or inclination to support 20 or different compilers with and without SSL. This is a free package. SSL code is embedded in almost every unit, removing a couple of SSL only files will not help. Angus

The oldest version of OpenSSL that ICS supports is 1.0.2, it will not load older versions, nor even that old out of support version shortly. If you want to use ancient versions of OpenSSL, you'll need to use an anciient version of ICS, if you can find one. Angus

Com0Com works fine on Windows 10, you need the 64-bit version with code signed driver. By default it uses alphabetic port names CNCA0 and CNCB0 which some async components don't support (only numeric), but I fixed Async Pro 15 years ago to accept them. Angus

No idea where you found Win32OpenSSL-1_0_0a.exe must be 10 years old, we certainly don't support it. You will find the latest OpenSSL included in the ICS zip. Sorry, we don't support C++ XE7, there are no packages for it. Other users have helped us support C++ for 10.2 and later, but you will need to update the XE3 package and make it work with XE7. Angus

V8.65 is not released yet, but I did build it Delphi 7 successfully several weeks ago, so use the overnight zip. Angus

If you use TIcsIpStrmLog. you won't need to be concerned about the low level receiving function, that is tried and tested in the component which provides you with packets or lines. Angus

For a new application, you should look at the OverbyteIcsIpStmLogTst.dpr sample that uses TIcsIpStrmLog. This is effectively a high level version of TWSocket that may be configured as a client or a server and hides most of the low level events and error handling from you, supports SSL/TLS and allows you to send lines or files, and receive from a single event, only needs a few lines of code for either. Try the sample which will send data to itself. Angus

The OnSessionConnected event and state wsConnected really mean async connection attempt finished, either successfully or failed according to the error code, it may not be triggered for 30 seconds or more with TCP timeouts. Connecting to a local port not listening fails quickly. Every ICS async method results in a state change and one or more events being called when done, so you can decide what to do next, depending on what happened. That is the major difference from using blocking TCP implementations that don't return until completed. You can not use state alone to know when a connections succeeds. Angus

You don't normally configure IcsHosts or the server through the object inspector, but from an INI file. The component has two functions IcsLoadFtpServerFromIni and IcsLoadIcsHostsFromIni which load all the required settings from an INI file set-up similarly to the following, this is the second of two servers, behind a NAT firewall, but could be using public IP addresses. It orders the SSL/TLS certificate automatically without any other settings. Once the settings are loaded, you call ValidateHosts to check everything then Start, BTW, these IcsHosts settings prevent FTP being accessed without SSL. [FtpServer:2:Host1] Hosts=sip.magsys.co.uk HostTag=SIP.MAGSYS BindIpAddr=192.168.1.123 BindIpAddr2=2a00:1940:1:2::123 BindNonPort=21 BindSslPort=990 AuthSslCmd=True AuthForceSsl=True Desc= HostEnabled=True SslCert=C:\certificates\local\sip_magsys_co_uk.pfx SslPassword=password SslSecLevel=sslSrvSecTls12Less CertSupplierProto=SuppProtoAcmeV2 CertDirWork=d:\weblogs\acme-certs\ CertChallenge=ChallFileSrv CertPKeyType=PrivKeyRsa2048 [FtpServer:2] DefaultHost=sip.magsys.co.uk ServerDesc=sip.magsys.co.uk on 192.168.1.123: 21/990 HostEnabled=True BannerConnect=220-\h\n220-\v\n220-ICS\s\n220 Server: \p at \o MaxClients=100 MaxAttempts=5 PasvIpAddr=217.146.115.85 PasvPortRangeStart=21001 PasvPortRangeSize=997 MD5UseThreadFileSize=100000 TimeoutSecsLogin=60 TimeoutSecsIdle=300 TimeoutSecsXfer=60 ZlibMinLevel=1 ZlibMaxLevel=9 ZlibNoCompExt=.zip;.rar;.7z;.cab;.lzh;.gz;.avi;.wmv;.mpg;.mp3;.jpg;.png; AlloExtraSpace=1000000 ZlibMinSpace=50000000 ZlibMaxSize=500000000 ListenBackLog=5 SrvOptions=[ftpsCwdCheck,ftpsCdupHome,ftpsNoPasvIpAddrSameSubnet,ftpsHidePhysicalPath,ftpsModeZCompress,ftpsSiteXmlsd,ftpsThreadRecurDirs,ftpsThreadAllDirs,ftpsEnableUtf8,ftpsAutoDetectCodePage] SslRenegotiationInterval=0 BandwidthLimitKB=0 SslCertAutoOrder=True CertExpireDays=30 RootCA=C:\certificates\TrustedCABundle-magdev.pem Angus

Sorry the lack of an FTP sample using IcsHosts, it's been on my list all year but other projects keep putting it back. It is however properly documented, follow the links from http://wiki.overbyte.eu/wiki/index.php/FAQ_Using_IcsHosts and all the properties are separately explained, including HostNames which are the DNS names for the SSL certificates. The latest version of IcsHosts does not even need SSL/TLS certificates, it will automatically create self signed certificates so the server can start, and then order proper certificates from Let's Encrypt, if required. The sample to look at is really OverbyteIcsSslMultiWebServ.dpr since the set-up and use of IcsHosts is almost identical in all servcers. Angus