Angus Robertson

If you are stuck using an old version, which is understandable for old compilers, why not just customise the Answer404 function? Angus

You have not explained how you are attempting to upload the file, what parameters the server is expecting, nor the URL, nor the result of logging from the progress event which would make some of your errors obvious. The OverbyteIcsSnippets sample has two upload examples, doHttpSimpleUploadClick builds Json command line parameters, HttpUploadFile = file, and HttpUploadStrat := HttpUploadSimple; to POST a binary file, while doHttpFormUploadClick builds a form with a file as a parameter. Your code is similar to the second snippet, but is missing several lines such as RestParams.PContent := PContFormData and has all those ExtraHeaders that duplicate the headers addiws by the component, and which might be the reason for the 500 error. Angus

Are you using an old version of ICS? ICS added full Websocket server and client support two years ago, and handles the upgrade negotiation process automatically. The main unit is OverbyteIcsWebSocketSrv.pas which contains a derived connection class THttpWSSrvConn that handles the Websocket protocol. There are two samples OverbyteIcsSslMultiWebServ.dpr and IcsAppMon.dpr that show how it all works. Angus

Just pass your literal SQL command to the Execute method, it returns a RecordSet which is a DataSet method. Angus

Why not just execute the stored procedure from Delphi? I don't have any SQL statements in Delphi applications, just build the stored procedure parameters and use the ADO Execute method which returns a DataSet RecordSet that I parse for various results. It means you can test all your SQL outside of Delphi. Angus

Assuming you've missed a newline after http/1.1, this looks is standard authentication, any proper library should handle it, ICS certainly should. Angus

Are you using a new or ancient XE7 version of ICS? It sounds like the TSslContext component has got lost. Angus

I wrote an open source component that indexes Windows directories and files recursively, written 20 years ago and used on every version of Windows and Delphi since, it just works, never fails. It currently builds a list of 1.2 million files on my c drive which it compares with the same number on a second drive, for backup on Windows 11. Angus

There is a fix for this freezing problem in SVN, will be zipped later tonight. ICS went into an endless loop if SSL data was received after close down was completed but before the handles were reset. Found against a recent Nginx web server release, The SSL code is almost unchanged in 15 years, so not sure why the problem has not shown up before, it seems to happen with both TLSv1.2 and TLSv1.3 so does not seem to be protocol related. Angus

Think FMX TStringGrid is your closest bet, I've used it to replace TListView. But no obvious multi-select, Perhaps you can do the TListView VCL trick of drawing tick boxes in the first column and checking mouse events to 'select' them. The lack of many matching VCL components does make FMX conversions a pain. Angus

Should be in SVN today, if I don't get distracted. Angus

Sorry, the logging you provided has no detail about the HTTP protocol used, it is only for SSL development purposes. So is no-use in diagnosing your problem. The HttpRest log set to body level will be more useful, you can email it. Angus

I'm looking at your Json problem, the main issue here is whether it's acceptable to use non-printing characters in Json values. When I wrote TRestParams, I assumed that non-printing characters would be escaoped before beiing added to SuperObject so used the AsJson option not to escape them a second tme. But that should really be an optional, so I'll add a second parameter to AddItemSO so escaping becomes the default, but can be changed. Your comment about 'aaa~bbb' being sent was incorrect, the component translates non-printing characters for logging and display, the Json would have contained your original #29 character which would have confused the server. Angus

There are a few problems with your code. For V9.3, sslRootCACertsBundle no longer returns a Base64 PEM string, but a smaller PKC12 binary TBytes. And there is a LoadAllFromTB method that checks the format and loads the bundle correctly. V9.1 loaded the default CA bundle automatiucally on startup into a public IcsSslRootCAStore component unless you undefine OpenSSL_AutoLoad_CA_Bundle, or have not updated your OverbyteIcsDefs.inc file. SslContext has a new property UseSharedCAStore that ignores the files and lines properties and uses the preloaded store instead. You are still using TSslHttpCli, replace this with TSslHttpRest and you don;t need an SslContext, it's all handled for you. Angus

Thanks, for the explanation, I see that buffer is a dynamic TBytes, unusual for 20 years ago when Delphi didn't really support TBytes. I only started making wide use of TBytes a few years ago with a lot of new library functions. I'll fix the code, and check other receive loops for similar problems. I'm hoping to release ICS V9.4 this month, with various minor fixes. Angus

Thanks, I'll have a look at how the buffer is declared. But this code has not changed in almost 20 years, have you actually seen this fail? Angus

This is the INI file I used with VCLToFireMonkeyFormConvtr.exe, it also has a few ICS components that should not matter. Not used it a for a couple of years. Angus VCLToFireMonkeyFormConvtr.ini

A few more comments about the Thales Safenet signing token with Sectigo certificates: Unlike the Centum token I used before, Safenet has an 'Enable single logon' tick box in Advanced Client Settings, which means it remembers the token password once entered, until Windows reboots, which in my case is usually once or twice a month. You need the latest version of signtool to work properly with new tokens, my 2016 version did not work with the /kc argument and gave a crypto API error. I'm now using the following command, where you need to replace certfile with the exported PEM, DER or CER certificate file name, token-password with the new password you set (leave {{}} alone), and update the Private Key Container Name that in my case is a time stamp of when the key was created, Sectigo_20250107102535 to your own version, to allow signtool to locate the private key: signtool sign /f "certfile" /csp "eToken Base Cryptographic Provider" /kc "[{{token-password}}]=Sectigo_20250107102535" /as /fd sha256 /tr http://timestamp.sectigo.com /td sha256 "filename' 'filename' 'filemask' If using the /kc argument to pass a password with single logon enabled, the password is saved as if entered manually. Beware when testing that five incorrect password attempts will lock the dongle, assuming the other syntax is correct. The /kc command may need another parameter if you have multiple tokens. Not noticed it before, but signtool allows you to sign multiple files with one command, add two or more filenames at the end, also mask characters are allowed so "c::\path\*.exe" will sign all exe files in the path specified. Multiple files also work for the verify command. It seems the Thales SafeNet Authentication Software also works with Yubico tokens, mine is recognised. Angus

Thanks, will fix soon. Angus

I renewed my Sectigo code signing certificate last Saturday, submitted documents on Monday, which the web site said were rejected, yet the order was approved and shipped Tuesday morning via UPS, and arrived Thursday, quite impressed. Although the Sectigo London office is a few miles away, the token was shipped from Sectigo's Lille office in France to London, with an invoice valuing the 'electronic document' at $10 so no customs duty to pay. Perhaps Sectigo has an arrangement with Thales (a large French company) who sell the Safenet tokens to provision them as well. Plugged the token into my PC, and the new certificate appears in the Windows Store, as reported by the ICS Delphi PemTool. All much less painful than I was expecting, except the massive cost increase over electronic certificates, and no invoice yet from K Software. Angus

That is an old code signing certificate, issued almost three years ago before tokens became mandatory, and will stop working in April. So if you have renewed it, you are still using the old certificate. Certificate suppliers almost never supply PCKS12/PF files containing private keys, since you never send your private key to them as part of the certificate signing request, only the public key. They supply a PEM or DER, which you then combine with your private key to build a PCKS12/PFX containing both. This was discussed earlier in this topic. BTW, the Internet Component Suite (available from GetIt) which I support, contains a lot of tools for manipulating and building certificates, including exporting private keys from the Windows Store, issuing signed certificates, and getting free ones from Let's Encrypt. Angus

Not surprised it does not work for Certum, I used one of their dongles for a few years and it required special driver software, incompatible with the Windows Certificate Store. Would not use them again. Angus

I've just ordered a Sectigo dongle via K Software, a renewal of my last certificate, so hopefully should not take too long. My understanding is signtool has special parameters that bypass password requests, not tried them yet. Angus

Look at the sample for Magenta GPS and Location Component at https://www.magsys.co.uk/delphi/maghardware.asp It uses Google Maps API JavaScript to display blobs on an embedded Edge browser window. Angus

I'd first make the general comment that it is always best to develop and test the two parts of client/server applications separately, against known working versions. In this case, with the ICS OverbyteIcsSslMultiWebServ and OverbyteIcsHttpRestTst samples. Don't know if C++ allows you to build them, but the wiki site allows you to download prebuilt executable files. Your settings are missing a websocket path or page, just ws://127.0.0.1/ so you are assuming the web server default HTML page is actually a Websocket request, this was never testing with the ICS web server, perhaps my fault for not expecting anyone to try that. Since you set default page to index.html, I assume that is the websocket URL you are checking for, but you don;t show any of that code. I find it best to use a virtual path /websocket/ to clarify that such requests from HTML. Angus