Jump to content

Angus Robertson

Members
 View Profile  See their activity

  • Content Count

    1881

  • Joined

  • Last visited

  • Days Won

    33

Everything posted by Angus Robertson

  1. Angus Robertson

    Some assistance on SSL required

    Angus Robertson replied to AllanF's topic in VCL

    I would suggest reading ICS wiki FAQ_Using_TSslCertTools which explains all about certificates, and FAQ_Order_SSL_Certificates. There are other FAQ on how we handle trust stores. Angus
  2. Angus Robertson
    TCustomTimeoutWSocket timeouts relate to a socket that is already opened and connected, primarily a server socket, not to TCP DNS and connection attempts. As Francois says, you can use a timer to abort the connection, but this does not stop the windows connection attempt so the socket can not be re-used immediately for another attempt. Angus
  3. Angus Robertson

    Some assistance on SSL required

    Angus Robertson replied to AllanF's topic in VCL

    Those are really old files and should have been removed a long time ago. The primary demo and documentation for X509 certificates is OverbyteIcsPemTool.dpr which will display, create, and convert numerous certificate formats, it is complex but will do almost everything the OpenSSL command line tool will do, in code. For a simple self signed certificate, there is an ICS function CreateSelfSignedCert in OverbyteIcsSslX509Utils. Angus
  4. Angus Robertson
    I assume you are now talking about clients and not servers? Simple answer is no, TCP is a lazy protocol based on waiting for responses from slow networks (decades ago) so nothing happens fast. Long answer is Windows allows you to change the TCP timeouts, but such changes effect all applications on the PC and generally it's a very bad idea. Real solution is to try and ping the server before connecting using TCP, because you can timeout after a few seconds and give up. ICS has a threaded ping component for this purpose. and a high level client/server component TIcsIpStrmLog that uses ping for exactly this purpose. TIcsIpStrmLog may be configured as a client or server and allows simple text lines to sent, using few lines of code in the application and only a couple of events. There is a sample OverbyteIcsIpStmLogTst.dpr that send packets to itself. The component supports SSL and will order it's own certificates. Only problem with ping is sometimes it's blocked by firewalls so no response. You can use a UDP server in parallel with the TCP server for a quick hello, no response is similar to ping. Angus
  5. Angus Robertson

    Some assistance on SSL required

    Angus Robertson replied to AllanF's topic in VCL

    The ICS FTP server and client already support One Time Passwords automatically, added that long before SSL/TLS became common, In the server, set the OtpMethod to those you wish to iupport, and the server hello prompt changes to advertise OTP, which the FTP client handles automatically. Angus
  6. Angus Robertson

    [BUG] HTTPS support in 64bits - Access Violation

    Angus Robertson replied to Marcelo Jaloto's topic in ICS - Internet Component Suite

    SVN and the overnight zip are updated with the 64-bit fix. Still having fun and games with 4-bit samples, think I'll try an older version of Delphi. I checked other functions with TBytes, most already had const or var, a couple were missing both so added, although they were only used in ICS with TBytes buffers so should not have caused any issues. Angus
  7. Angus Robertson

    Some assistance on SSL required

    Angus Robertson replied to AllanF's topic in VCL

    Might come back this in the summer when OpenSSL 3.0 adds support for Certificate Management Protocol, which I'll try to support in ICS as well as Let's Encrypt. Angus
  8. Angus Robertson

    Some assistance on SSL required

    Angus Robertson replied to AllanF's topic in VCL

    I've only been talking about server certificates here. Client certificates are totally different and make things very confusing. ICS clients and servers do support client certificates but not automatically and there are no samples using them, really only needed for exceptionally high security stuff like Swift bank transfers. The ICS component has properties to add digitalSignature and codeSigning extensions to certificates, not sure which OID they add. Angus
  9. Angus Robertson

    Reading caller number at the same time phone is ringing

    Angus Robertson replied to ertank's topic in FMX

    If you are talking about a simple analogue telephone line, this is all down to the hardware monitoring that line and how it delivers the caller id to your computer., 20 years ago some modems and special hardware had this feature, and you use an RS232 port to read it on a PC. But with analogue telephony being rapidly replaced by VoIP and the old PSTN copper cable telephone networks and exchanges turned off and obsoleted (by 2025 in the UK), this is really historical curiosity. Angus
  10. Angus Robertson

    Some assistance on SSL required

    Angus Robertson replied to AllanF's topic in VCL

    The latest version of the ICS FTP server includes full SSL/TLS support and will even automatically order and install free Let's Encrypt certificates, or commercial certificates if you really want to pay. The most important point about certificates is they are mostly for public domain names that can be accessed on the public internet, and the certificates are published in public logs for any to find and check. Indeed hackers monitor those logs, and within a few seconds of a new certificate being issued expect hacking attempts to port 80. BTW, port 80 needs to be open to order a domain validated certificate. and the ICS FTP server also has an HTTP server to satisfy the request, only runs for a few seconds until the order process is finished. If you don't care about domain validation and only encryption, you can use self signed certificates which ICS will also generate. The X509Certs component will even issue certificates signed by a private CA, I use that on my LAN for testing lots of internal servers. Angus
  11. Angus Robertson

    [BUG] HTTPS support in 64bits - Access Violation

    Angus Robertson replied to Marcelo Jaloto's topic in ICS - Internet Component Suite

    So reference counting was the culprit, sorry missed that in the blizzard of overnight messages. I don't use TBytes very often but will carefully check ICS for all such use. As I said yesterday, the web server sample was erratic under Win64, but my development PC had not been rebooted since the last patch Tuesday and does become more unstable over time. Should be able to update SVN later today. Angus
  12. Angus Robertson

    [BUG] HTTPS support in 64bits - Access Violation

    Angus Robertson replied to Marcelo Jaloto's topic in ICS - Internet Component Suite

    Making it const Buffer: TBytes; is a safe change, var would be dangerous since it's a cast pointer. Still confused why it would be necessary, I always thought pointers did not need to be declared const, and the different behaviour when compiled with Win32 and Win64 suggests a compiler bug to me? I'll need to check a few other functions using TBytes. Angus
  13. Angus Robertson

    [BUG] HTTPS support in 64bits - Access Violation

    Angus Robertson replied to Marcelo Jaloto's topic in ICS - Internet Component Suite

    Since I can not reproduce the problem with Win64, I'll do nothing more for now. I still await the IcsLogger log lines I asked for. Angus
  14. Angus Robertson

    [BUG] HTTPS support in 64bits - Access Violation

    Angus Robertson replied to Marcelo Jaloto's topic in ICS - Internet Component Suite

    His solution may have fixed the exception, but will not return any sensible ALPN data, and will probably introduce other problems instead. I did wonder whether I should use PAnsiChar instead of TBytes, which would be safer in case someone in the future tried to resize the parameter. But TBytes seems to be the preferred method for working with binary and is mobile compatible, where Ansi is not. Angus
  15. Angus Robertson

    [BUG] HTTPS support in 64bits - Access Violation

    Angus Robertson replied to Marcelo Jaloto's topic in ICS - Internet Component Suite

    I quite understand that pointers differ in Win64, but they that code is not copying pointers, it is copying 8-bit bytes. Will you please build the OverbyteIcsSslWebServ sample with ICS 8.64 Win64 and your changes, make an request to https://localhost/demo.html with Display SSL Info and Logger Dest Event ticked, the log should contain lines with AlpnCB similar to: [16:22:53 127.0.0.1] SNI "localhost" received 16:22:53:024 AlpnCB> inlen: 12 - 02683208687474702F312E31 16:22:53:031 AlpnCB> Protocols: h2,http/1.1 [16:22:53] SSL Application Layer Protocols allowed from client: h2,http/1.1 16:22:53:044 0000000002710020 ICB> SSL_accept: SSLv3/TLS read client hello where those two lines are the input and output from IcsWireFmtToStrList. I'm not going to look at this further with evidence of a real problem in ICS. Or you could add IcsLogger to your own server to get the same logging information. Angus
  16. Angus Robertson

    [BUG] HTTPS support in 64bits - Access Violation

    Angus Robertson replied to Marcelo Jaloto's topic in ICS - Internet Component Suite

    Sorry, but you misunderstand the declaration for TBytes, it is a pointer to a dynamic array of bytes, not a pointer to a array of pointers. A byte remains the same size however compiled, so your proposed suggestion of copying the content based on the pointer size will cause many problems. I can only assume your correction was theoretical and you did not test it with an ICS SSL server application that uses the code. I've just built the OverbyteIcsSslWebServ sample with Win64, and ALPN is working as expected, as I showed earlier in this thread, I am getting some other strange exceptions running Win64 samples today, so there may be other Win64 issues elsewhere, or with OpenSSL Win64, but not with ALPN. Don't have time to investigate further at the moment. Angus
  17. Angus Robertson

    [BUG] HTTPS support in 64bits - Access Violation

    Angus Robertson replied to Marcelo Jaloto's topic in ICS - Internet Component Suite

    The ALPN changes are in V8.64 which is not released yet, but the changes can be downloaded from the SVN overnight zip on the page you mention. However I did not fix any bugs in the server version, just improved the code as previously mentioned. Angus
  18. Angus Robertson
    If you are using TSslWSocketThrdServer then you should be using TSslWSocketThrdClient. However TSslWSocketThrdServer is itself a descendent of TSslWSocketServer which does not use threads, so it all depends on how you are using the component. OnSessionClosed is only gone to triggered once since the client is destroyed immediately afterwards. Presumably you started with the OverbyteIcsThrdSrvV3.dpr sample which is the documentation and sample for TSslWSocketThrdServer, but does not support SSL. Angus
  19. Angus Robertson

    a icsv858 TSslHttpRest bug

    Angus Robertson replied to xauxag's topic in ICS - Internet Component Suite

    Further to my last comment, I'm not going to change the code at the moment. If you specifically want to ignore the Location: header for an API request, set property FollowRelocation to false. This is what the TSslX509Certs component does making REST requests which return Location: headers for responses 201 and 409. Angus
  20. Angus Robertson

    a icsv858 TSslHttpRest bug

    Angus Robertson replied to xauxag's topic in ICS - Internet Component Suite

    Thanks, 201 Created is used a lot with REST, the Location code already has lots of special cases and I guess we need another. Angus
  21. Angus Robertson

    WinInet coding for Windows XP

    Angus Robertson replied to ertank's topic in Network, Cloud and Web

    I was wrong about TLS/1,3, it has been experimentally added to Windows 10 1909 but only for use in Microsoft Edge (old version) not Internet Explorer, enabled in Internet Options, Advanced, Security. Can not test it because Edge stopped working months ago and just puts errors in the Windows Logs instead. Angus
  22. Angus Robertson

    WinInet coding for Windows XP

    Angus Robertson replied to ertank's topic in Network, Cloud and Web

    No versions of Windows support TLS/1,3 yet using SChannel, not even Windows Server 2019. Only applications using OpenSSL 1.1.1 or browsers with their own SSL libraries like Firefox and Chrome support TLS/1,3. Even TLS/1,2 was not supported by Windows Vista and 7 until a patch a couple of years ago when Microsoft realised people did not want to use Windows 10. And it's now increasingly common for protocols earlier than TLS/1,2 to be disabled on web servers for security reasons. Angus
  23. Angus Robertson

    HTTPS Client

    Angus Robertson replied to WKB's topic in ICS - Internet Component Suite

    Start by building and running the OverbyteIcsHttpRestTst.dpr demo in SslDemos, that directory includes the latest OpenSSL DLLs, assuming you are using the latest ICS download, which is V8.63 or V8.64. You get a version exception using newer DLLs on older ICS versions, or vice versa. Angus
  24. Angus Robertson

    Internal Error C1118 (D7)

    Angus Robertson replied to WKB's topic in ICS - Internet Component Suite

    That sounds like an IDE or compiler error rather than an ICS error. I've not really used D7 for 10 years or more, but ICS should still build on it, others have reported errors in D7 which I've fixed this year. Angus
  25. Angus Robertson
    Should have said earlier the main event that tells you a client is connected is receiving data in the onDataAvailable in TSslWSocketClient, this is where any data from the remote client arrives. You assign this even in the OnClientConnect event. Very unusual for a server to initiate sending data to a client without receiving something first, even a blank line. Angus
×