Angus Robertson

ICS V8.64 has been released at: http://wiki.overbyte.eu/wiki/index.php/ICS_Download ICS is a free internet component library for Delphi 7, 2006 to 2010, XE to XE8, 10 Seattle, 10.1 Berlin, 10.2 Tokyo and 10.3 Rio, and C++ Builder 2006 to XE3, 10.2 Tokyo and 10.3 Rio. ICS supports VCL and FMX, Win32, Win64 and MacOS targets. The distribution zip includes the latest OpenSSL 1.1.1g win32, with other versions of OpenSSL being available from the download page. Major Changes in ICS V8.64 include: 1 - ICS now supports International Domain Names for Applications (IDNA), i.e. using accents and Unicode characters in domain names. Domain names can only contain lowercase ASCII letters and numbers and a couple of symbols, so Unicode U-Labels (nodes in a domain) must be converted to A-Labels (Punycode ASCII) with an ACE (ASCII Compatible Encoding) prefix. So www.mâgsÿstést.eu becomes www.xn--mgsstst-pwa1e4l.eu and мособлеирц.рф becomes xn--90aijkdmaud0d.xn--p1ai. 2 - Added a new WMI component based on the Magenta Systems WMI and SMART Component which allows listing all WMI classes, adding and updating network adaptor IP addresses, and adding and updating records in Windows DNS Server (2012 and later). 3 - For SSL/TLS servers, the initial client hello sent before protocol and cipher negotiation starts is now available in the onSslServerName event, when it is easier to select the SslContext to be used on shared servers supporting lots of hosts. 4 - There are various improvement for SSL/TLS servers using IcsHosts. NonSSlPort may be zero for to allocate a random port (not for SSL), the new BindPort and BindSrvPort properties show the real port while listening, reported by ListenStates. If SslCert can not be found the server will create a self signed SSL certificate with all the HostNames so the server can start. 5 - There are many X509 SSL certificate ordering improvements from Let's Encrypt using ACME. All the ACME challenges are now supported. tls-alpn-01 which works on SSL port 443 using a special self signed certificate thus avoiding a server running on port 80 as well. dns-01 which updates Domain Name Server TXT records to avoid using any servers, allowing wild card orders, currently Windows DNS Server on the same server, but Cloudfare is planned. Note the OverbyteIcsX509CertsTst sample running on a Windows DNS Server is able to order a certificate with multiple wildcard and normal domain names automatically in a few seconds, where a similar commercial certificate would cost at least $100 per wildcard. 6 - TRestParams used with the TSslHttpRest component, has more parameter content types: PContXML, PContBodyUrlEn, PContBodyJson and PContBodyXML. The existing PContUrlEn and PContJson now specify REST params are sent as URL ? arguments, while the PContBodyxx version send params as content body. XLM parsing into an ISuperObject has been added so SOAP and XML REST responses can be processed similarly to Json responses. 7 - The TFtpServer component has a new TFtpOptions ftpsAuthForceSsl which requires SSL/TLS before allowing the LOGIN to be processed so that clear text credentials can not be sent. May also be set using IcsHosts with AuthForceSsl=True for specific Hosts only. Failure gives '533 USER requires a secure connection'. 8 - Added a Websocket server implementation (HIXIE and HYBIE protocols) ported from phpws project, written by Stan Korotky <stasson@orc.ru>. There is no a specific component for websockets, they are handled internally from a custom TWebSockSrvClient. 9 - Did a refresh of the three SSL/TLS trusted root certificate bundles included with ICS, to add new roots and remove untrusted certificates. 10 - Added CreateSelfSignCertEx to OverbyteIcsSslX509Utils to create self signed certificates with subject alternate names and specific key types. More detailed release notes are at: http://wiki.overbyte.eu/wiki/index.php/ICS_V8.64

The ICS V8.64 distribution includes packages and project groups to install on Delphi and C++ 10.4 Sydney. and is available via GetIt for 10.3 and 10.4, Angus

Power broadcasts give warnings when the system is about to close down, while designed for battery powered kit, they do work on desktops, my PCs have USB connection to the APC UPS so can close down early. Can not say specifically under what circumstances these messages appear, but belt and braces when saving data... PBT_APMBATTERYLOW: mess := 'Battery power is low' ; PBT_APMQUERYSUSPEND: mess := 'Request for permission to suspend' ; PBT_APMSUSPEND: mess := 'System is suspending operation' ; Angus

You should also listen for WM_POWERBROADCAST, but this has to be set-up to work, WM_ENDSESSION and WM_QUIT, lots of ways of closing down. Angus

Thanks, will be fixed today. Angus

You should be repeating RestRequest and not using DoRequestAsync so the request is properly initialised, missed that, other problems may occur attempting to make this a class. Angus

Many thanks, also fixed EVP_DigestVarifyInit. That may get be closer to finding an ECDSA signing bug I've been looking for on and off for a couple of years, its shown up another error in code that was bypassed previously. Are you using the signing functions and finding problems, is that why you are finding all my API conversion errors? Angus

You should be using the onHttpRestProg event with DebugLeve=DebugBody so you can actually see any error messages and what is really happening. But please don't post long logs here, no more than a few pertinent lines. Angus

As I said, you are recursively starting a new HTTP request from the within an event called by that request, you need to start the next request outside the event, either from a timer as I suggested, or by sending a message to a function that starts the next request. Sleep stops messages being processed so defeats the concept of event driven programming, it should only generally only be used in threads that don't do anything else. Angus

Not looked closely at your code, only got as far as sleep in an event handler which is very bad design. You are also recursively starting a new request from the event, which calls the event again... To use async functionality properly, you should use a timer and triggers. ICS provides such functions in OverbyteIcsUtils, ie IcsGetTrgSecs, IcsGetTrgMins, IcsTestTrgTick which are used in OverbyteIcsSslMultiWebServ1.pas as an example. You set a trigger in the event to how every many seconds you want to wait, then test it in a timer triggering once a second or slower, then start the next request. Angus

Also use TSslHttpRest instead of TSslHttpCli since this avoids you needing to use an SslContext in your application, look at the OverbyteIcsHttpRest sample. Angus

From that extra information, I assume the first POST attempt succeeded, you then had a time out due to a bad connection and it died., This goes back to what I said yesterday, Windows keeps trying to open a TCP connection and you can not stop it early with a timeout, only by freeing the socket and starting again with a new socket. This is nothing to do with threads, just standard TCP connections. And why we recommend using a array of several hundred dynamically created THttpCli components all using async methods running in parallel sharing the same events for testing lots of remote sites. No threads necessary. Angus

Sorry, no idea. When used correctly, THttpCli just works. You ned to add some logging to see what you are not sending for what responses you are receiving. Angus

TIdThread is not an ICS component, probably Indy, which may mean you have mixed two libraries. May or may not be relevant to your problem. The only benefit of using threads with ICS to download multiple URLs is where the host is unavailable and Windows waits up to 30 seconds attempting to connect, blocking other actions. Apart from that, ICS will do several hundreds downloads in parallel. The most important issue if you really need to use threads is to make sure the ICS message pump is called in a solid loop if using async methods. Angus

And Microsoft says Windows will ship with MsQuic in the kernel, https://techcommunity.microsoft.com/t5/networking-blog/msquic-is-open-source/ba-p/1345441 Angus

Clouldfare supports QUIC/HTTP/3 now, so it's not just Google and has published speed comparisons. https://blog.cloudflare.com/http-3-vs-http-2/ We don;t expect any problem updating ICS to support OpenSSL 3.0, but won't do it until the API is stable with the first beta release in a month or two. OpenSSL plans QUIC/HTTP/3 for the release after 3.0, six to 12 months away. Hard to know how hard it will be to implement in ICS, but we'll certainly have a go. Supporting LibreSSL in ICS is possible, the API interface library is designed to support different OpenSSL versions dynamically, the main issue is LibreSSL has 'improved' some of the OpenSSL APIs, many macros are now function calls instead (good thing), So quite a lot of effort required to support LibreSSL with no obvious improvements to end user applications,

OpenSSL plans to add QUIC but not until stardardisation is closer, Google has been pushing this for 10 years or so and no standard yet. https://www.openssl.org/blog/blog/2020/02/17/QUIC-and-OpenSSL/ Angus

Sorry about that, must have forgotten to upload the 1.0.2u files to the wiki server, done now. However both 1.0.2t files come up as downloadable, not tried doing so. Angus

Windows Server 2008 R2 (aka Windows 7) support ceased earlier this year. Windows Servers usually install very basic display drivers which is probably your problem. Angus

Those old files have gone from my local SVN and the zip list, easy to find errors when building project groups, but not things never in the group. But not in/out of the public SVN yet, lot of interconnected units still being tested. Angus

Thanks, I did see an exception recently rebuilding stacks of root certificates to check chains, the quick solution was to avoid rebuilding stacks (which was also more efficient), but this is probably the root cause, will fix it. Angus

Thanks, will fix. Angus

That is an obsolete sample never updated for modern compilers and not in the project group, but the files are still there for some reason, but not for much longer. The current sample is OverbyteIcsSslWebServ,dpr. Angus

Technically it's wrong, but the actual callback does not attempt to return anything, it's really just for logging. Angus

Thanks, will fix but that function is never used by ICS. Angus