Angus Robertson

Good, seems to read whole pages correctly now. BTW, your ICS fix is in SVN now. Angus

Or the automated Google scan tools were finding something in one of the components or OpenSSL binaries that has been used in a malicious application somewhere, unfortunately they don't tell you anything specific, just that your site is banned in all browsers until you remove your malicious file, so it's trial and error. Angus

Not sure when Default() was added, but it gave an error in Delphi 2007. The keep-alive issue was not in the ICS server, but in my application. But you still need to fix data being received correctly, if you remove the close line for your google example, it takes four minutes for the window to become responsive and display the received data, which is the Google timeout. The Microsoft page actually shows how poor the ciphers are in older Windows versions, it says there are none for TLS/1,2 in Windows 7, although a couple have now been added. but not nearly as good as OpenSSL supports on Windows 7. Angus

I started fixing errors with Delphi 2007 to get it to build, but there were too many. Simple things like type LONG missing. Does not matter for personal projects, but is important if the code is ever to incorporated into libraries. The issue with async requests seems to relate to most of the content not being returned until the connection is closed. This URL works fine: www.magsys.co.uk GET /delphi/ddservice.asp HTTP/1.1 Connection: close Host: www.magsys.co.uk While this does not, the end of the page only appears after the server closes the connection on a 60 second timeout: www.telecom-tariffs.co.uk GET /serverinfo.htm HTTP/1.1 Connection: close The first server is IIS. the second the ICS web server, so it seems we have aggressive Keep-Alive that is ignoring the Close command, another ICS bug for me to fix. But it shows up a bug in your code as well. I chose that page because it shows the SSL/TLS connection parameters selected by the server, useful to check browser capabilities, and the poor range of ciphers supported by SChannel on older versions of Windows. Angus

And a link to the download page top left, with the words Download Latest DDService. There are no zips on the open Delphi pages because Google blacklists my site when it finds Delphi components. Angus

I've completed a new release of DDService Application Framework from the late Arno Garrels, it now supports Delphi 5, 7 and 2006 to XE8, 10 Seattle, 10.1 Berlin, 10.2 Tokyo and 10.3 Rio, as well as C++ Builder 2006 to XE5. Note that bugs fixed in these new releases had already been done in DDService. Also added new unit to control, install and remove Windows Service applications. The new and old versions may be downloaded from https://www.magsys.co.uk/delphi/ddservice.asp or from an SVN repository at: http://svn.magsys.co.uk:8443/svn/ddservice/ , use username = ics and password = ics for read access. Angus

Interesting, it does work with modern compilers, not with Delphi 2007, too many new language features. At least the sync request returns a full page, the async request only returns one buffer load of data. While SChannel avoids the need for OpenSSL DLLs, it does mean encryption protocols and ciphers are determined by Microsoft, and they don't really care about keeping up to date, particularly with older operation systems, it took years for Windows Vista and 7 to get TLS/1,2 and probably only because anything older is becoming obsolete soon. TLS/1,3 is still not supported by Windows 10/2019 a year after everyone else started using it, including ICS. If you take this further, ICS already has soon functions to interact with the Windows certificate store for checking certificate chains, it's one of our options, using them will save you a lot of effort. Angus

Yes, should not have taken that out, we do need to break the loop, I'll put it back. However even that may not stop TriggerDataAvailable being called again since there may still be received data buffered, Much nicer if there was no exception in the first place. Angus

There is no need for the function DetectRemoteSession to be in the DPR, it can just as easily be in MainFrm.pas, just not in a method in a form. Angus

Look at the new sample OverbyteIcsSslMultiWebServ.dpr in \Samples\delphi\sslinternet\, this is effectively a commercial web server using THTTPAppServer and lots of AddGetHandler, with a minimal interface designed to be used as a Windows service. I will be adding another ICS sample shortly using the DDService environment once I've brought it up to date for new compilers, but the ICS code will be identical. Your exception must relate to code you've written in the handler, add some error handling. Angus

I'm attempting a new release of DDService adding support for XE7 and later. Collected original SvcMgr.pas files from all versions if Delphi, think I have to update each new one to DDSvMrg,pas and then create DIFF files using WinMerge. Not too hard, since there is only a single service bug fix (quoting image path) in 15 years and Arno fixed that in 2008. But are there any other service handler bugs in DDService that should be fixed for a new release? I also want to add an example of how to use DDService for dual GUI/service , there is a demo CombiService on my system but not tried it and not sure where it came from Has anyone done this with DDService? Angus

That was where I was getting confused, a server running on the client is simple but unlikely to work in 99% of cases unless the client has a unique public IP address, most of us block incoming connections, use NAT., dynamic IP addresses, firewalls, etc. But leaving a connection open to a remote server is even worse once you have more than a few hundred clients, servers can only handle a few thousand simultaneous connections at best. Still no idea what a data consumer means. If it is a local web server and only needs to handle simple notifications to update pages, then the new TSimpleWebSrv added recently is lightweight and easier to implement than the full web server, ICS uses it for Let's Encrypt authentication requests and OAuth2. Angus

That error means you failed to free an instance of TSuperObject, I've not seen it in my own projects or the ICS samples. It only appears for DEBUG builds. Not sure that line is a good idea, even in debug builds. Angus

I've looked at a couple of pages on webhooks and still have no idea which end is listening and which is sending, or what. Someone will need to explain this as simple HTTP concepts. The ICS HTTP client has keep-alive that leave connections open potentially for days or weeks, the HTTP server has a timeout to stop that happening. Angus

The latest files in my DDService version are 20 April 2014, mostly XE6 units. I'm not sure how the DIFF files that patch a copy of the installed SvcMgr.pas file are created, or whether the zip includes the tools to create new DIFF files. Suspect the patched XE6 file could be distributed and used in more recent versions without a problem, which might be what you doing. Angus

DDService is also in CodeCentral, up to XE2: https://cc.embarcadero.com/Item/28354

DDService adds the following according to the readme: I'll put it in my SVN repository next week, Arno would be pleased, he put a lot of effort into DDService. I handle power, time and device events in my services using the normal Windows messages, wrote a hardware component that does it all. Angus

The late Arno Garrels wrote an updated component, or rather he patches TService with updates to avoid copyright issues. I've used it in a couple of applications but not managed to make a dual GUI/Service application work properly (it was not designed for that) so still use SvCom. Keep meaning to update it for newer Delphi versions. Angus

Although the Windows service APIs rarely change, there are new ones periodically to improve interaction with GUIs and taskbar notifications, although I don't need any of that stuff. Not looked for a long time, but TService used to use old APIs and was never updated. Main problem with long term support is RTL changes in new versions of Delphi, not often, but breaks new compilers. Usually a simple change provided you have the source code. Angus

I've never need help from Aldyn support, the software just works although I've fixed a couple of minor things myself. They have a version for Rio which means it's been updated in the last year or so, Developers do go on holiday, sometimes you have to be patient. Angus

I've used SvCom from Aldyn Software for 15 years. It is commercial software, still being updated for new Delphi versions, comes with source code. The major benefit is it allows applications to be created as dual purpose GUI and service applications, which means you can develop and test under the Delphi debugger with a minimal GUI window usually just a log window and start/stop buttons. Some of my applications can be optionally installed as a service, but have a full GUI as well, and include their own code to install as a service. Angus

That may be so, but this thread is two months old and not available to people looking at the ICS source code. The more effort I have to put into checking and testing bug fixes, the longer they take. Angus

Perhaps you can explain what this patch is intended to achieve, in the code as a new patch, so anyone looking at it understands why you are proposing a change and marking the changes as V8.63. Looking at the patch, I've no idea myself, so won't use it. Angus

Six new zips for Win32 and Win64 versions of OpenSSL 1.1.1d, 1.1.0l and 1.0.2t can now be downloadable from the Wiki at: http://wiki.overbyte.eu/wiki/index.php/ICS_Download or https://www.magsys.co.uk/delphi/magics.asp . The latest 1.1.1 DLLs are also included in the ICS distribution SVN and overnight zip. These releases include four low priority security improvements and bug fixes, including a Windows specific fix where configuration files placed in 'C:/usr/local' could override some OpenSSL settings. ICS applications require V8.57 or later to support OpenSSL 1.1.1c. Changes in 1.1.1d may be found at https://www.openssl.org/news/openssl-1.1.1-notes.html , 1.1.0l may be found at https://www.openssl.org/news/openssl-1.1.0-notes.html and 1.0.2t at https://www.openssl.org/news/openssl-1.0.2-notes.html Angus

Yes, V8.62 supports up to 1.1.1z assuming there are that many versions, and some idiot at OpenSSL does not break something, as they did a few years ago by removing some exports to solve a security issue, don't think they'll do that again. I always copy the latest OpenSSL into the directories of all my ICS applications on my main development PC and public servers and restart them, before publishing, only a few minutes testing, but I'd find out quickly if connections failed due to an SSL problem. Angus