-
Content Count
1881 -
Joined
-
Last visited
-
Days Won
33
Everything posted by Angus Robertson
-
Increasingly, DNS look-ups are offering more than one IP address, sometimes for load sharing, sometimes both an IPv4 and IPv6 address., like Google and many major sites. By default, ICS components ignore IPv6 addresses, and always use the first IPv4 address offered, when there is more than one. This is usually implemented in the OnDnsLookupDone event in the application or high level component. So if that first address does not respond, the application never tries any other addresses. This has become more of a problem when enabling applications for IPv6, by setting SocketFamily to sfAny or sfAnyIPv6. It is not uncommon for the IPv4 or IPv6 address to be unavailable, perhaps due to routing or firewall issues or simply IPv6 not being available. Currently, it's necessary to restrict the SocketFamily so only the working family is attempted. So I'm adding round robin DNS look-ups to some of the high level protocols, this has been on my wish list for several years. This is already done for the new TIcsTimeClient SNTP time client component in V8.60 which is particularly easy to test since pool.ntp.org returns four IPv4 and four IPv6 addresses, changing every few minutes, one of which is usually dead. The DNS round robin implementation relies on keeping the last successful connected IP address, so it can be re-used for subsequent connections, but looping through any alternative addresses if the last connection failed, for subsequent connection attempts. I've just added a similar implementation to the HTTP and FTP clients, not yet in SVN, which works fine, but only when you call the components multiple times, without destroying the component so the internal variables remain. Currently the application is unaware of how many different IP addresses are available. So I'm wondering if the DNS round robin implementation should be extended, either by letting the application know further attempts are worthwhile or perhaps by optionally making those attempts internally in the components? Or does anyone have suggestions for a better DNS round robin implementation? Angus
-
Round robin DNS look-ups
Angus Robertson replied to Angus Robertson's topic in ICS - Internet Component Suite
I added a new OnSelectDns event to THttpCli six months ago, to allow the application to handle alternate addresses. The latest version has THttpCli handling this internally provided the event is not set. I'd prefer DNS round robin to be handled in WSocket to make it easier to use, but most components have handled the OnDnsLookupDone event themselves. It only a year ago that WSocket got the ability to handle OnDnsLookupDone internally to simplify higher level components. Angus -
Ah, a white box on a white background with a light grey caption. Thanks, Angus
-
Automatically order, download and install SSL/TLS certificates
Angus Robertson replied to Angus Robertson's topic in ICS - Internet Component Suite
The X509 certificates are just files, in PEM, PCS12, or PCS7 single or bundle files, and can be copied to a UNC directory, where any server can pick them up. They can be manually installed in the Windows store, but not automatically, yet. The server is responsible for ordering new certificates, but the component includes a database with most of the information required. Angus -
OverbyteIcsJwaWinCrypt.inc missing ';' in the HPPEMIT
Angus Robertson replied to nSolvePaul's topic in ICS - Internet Component Suite
OK, I'll do that since this is simple, but I won't test so won't know if it breaks modern compilers, I assume you can do that? Listing a few canges is acceptable, any more and I need emailed complete units, particularly anything C++ related which I can not test. Angus -
OverbyteIcscryptuiapi.h what is it for?
Angus Robertson replied to nSolvePaul's topic in ICS - Internet Component Suite
Sorry no idea, that line is there for historic reasons for reasons I don't understand since I don't use C++, but I nearly always get caught out when I remove stuff I believe is unwanted. But I've commented it out here. Angus -
TIdSSLIOHandlerSocketOpenSSL and TLS 1.3 ?
Angus Robertson replied to Lars Fosdal's topic in Network, Cloud and Web
ICS implemented OpenSSL 1.1.1 last year, initially for draft versions of TLSv1.3, then the final version. There are comments in the ICS SSL units about the major changes needed to support 1.1.0 and 1.1.1, and ICS applications support for three major OpenSSL versions, one of which is chosen during initiatisation. Now looking at OpenSSL 3 (or maybe 4) due out later this year, they say before support ceases for OpenSSL 1.0.2 at the end of the year. Angus -
Trying to install ICS 858 on C++ Builder Rio 10.3.1
Angus Robertson replied to alank2's topic in ICS - Internet Component Suite
Every time I do a set of updates, I think it's time to automate the process, but at that moment I'm not usually planning any more major changes, so leave it for another day. Fortunately ther RAD Studio release cycle has slowed from twice a year, so less urgent now. Angus -
Generally no, TIcsLogger is a framework to implement diagnostic logging in ICS components, what is logged depends on the implementation in each different component. But rarely is rfeceived or sent data logged, due to the sheer volume. But logging actual data is generally easy, most components have events that can be used. Angus
-
Trying to install ICS 858 on C++ Builder Rio 10.3.1
Angus Robertson replied to alank2's topic in ICS - Internet Component Suite
I know that people still use Delphi 7 onwards, because they tell me when I make changes that are not Delphi 7 compatible, I use Delphi 2007 for most of my applications so I don't add language features from newer versions. But I can not recall anyone asking about old C++ versions for years, only the most recent versions, and they used to be told to lry the last XE3 package. So unless you can test at least the OverbyteIcsCBXe3Run package, I don't see any point in pretending it's worthwhile. I'll archive the old C++ files somewhere, so they are not lost. Angus -
Trying to install ICS 858 on C++ Builder Rio 10.3.1
Angus Robertson replied to alank2's topic in ICS - Internet Component Suite
What use are the old C++ package files if they do not contain all the units necessary to build the package, as required by the registration unit? Angus -
Trying to install ICS 858 on C++ Builder Rio 10.3.1
Angus Robertson replied to alank2's topic in ICS - Internet Component Suite
Sorry, been busy doing too many other things this week. When I add new units to ICS, I have to update literally hundreds of package files for all the old Delphi versions we support. A few I might fire up that version of that Delphi, but it takes days to do that for all old versions so mostly it's a text editor job. But currently the old C++ packages are untouched, and I suspect they will no longer build anyway, at least not without lots of errors. So I'll remove all old C++ files from the distribution, and going forward we'll just support 10.2 and later. If someone needs support for C++ XEx, they will be better working from a newer version than an older version. My email address is in the readme8.txt file. Angus -
You need to make your application SSL aware to use https, and that means using an SslContext, at least for older components. I suggest you look at the new OverbyteIcsHttpRestTst sample that uses the new OverbyteIcsSslHttpRest component, this hides the complexity of the SslContext from the application. Angus
-
OpenSSL 1.1.1b and 1.0.2r zips available
Angus Robertson posted a topic in ICS - Internet Component Suite
Four new zips for Win32 and Win64 versions of OpenSSL 1.1.1b and 1..0.2r can now be downloadable from the Wiki at: http://wiki.overbyte.eu/wiki/index.php/ICS_Download . The DLLs are also included in the ICS distribution SVN and overnight zip. 1.0.2r includes a moderate severity security issue, but I don't think it can impact ICS applications. Changes in 1.1.1b may be found at https://www.openssl.org/news/openssl-1.1.1-notes.html and 1.0.2r at https://www.openssl.org/news/openssl-1.0.2-notes.html Beware 1.1.1b fixes a problem relating to multiple handshake done messages with TLSv1.3 that I reported to OpenSSL almost a year ago, and provided a workaround in ICS to fix meanwhile. Others meanwhile reported the same problem updating old applications for TLSv1.3 so OpenSSL finally changed the handshake done behaviour. My original fix still seems to work OK, but need to do more debug traces to ensure nothing unexpected has also changed with TLSv1.3. Angus -
Trying to install ICS 858 on C++ Builder Rio 10.3.1
Angus Robertson replied to alank2's topic in ICS - Internet Component Suite
Because ICS is entirely supported by volunteers, and none of us understand C++. It would be far easier to cease support for C++. I've asked for assistance in producing C++ packages in the past, and one user kindly supplied some mostly working stuff, for 10.2 which I modified for 10.3, so renaming errors are mine. But when I can not build the packages and no-one else helps, errors are inevitable. So will some-one please email me a complete working set of 10.3 C++ package files, with whatevery changes are needed for the readme, and they will be placed in the distribution. I'm not going to work from a list of instructions I can not test. Angus -
ICS - THttpCli with authentication Kerberos
Angus Robertson replied to PZim's topic in ICS - Internet Component Suite
I know nothing about Kerberos, never knowingly used it. I don't believe it has any connection to OAuth, except they both end up with an access token from an authentication server. But since Windows uses Kerberos, I assume it can be used unattended without user interaction, which is not the case with OAUth which is designed for interactive web applications. So I doubt the TRestOAuth component will be much use in implementing Kerberos, although our OpenSSL implementation should handle encryption. For Windows applications, I would assume there are API calls that will handle Kerberos in the same way that NTLM authentication is handled, but again I've never look at that and have no plans to do so. Angus -
ICS V8.60 adds several new components
Angus Robertson posted a topic in ICS - Internet Component Suite
I have started a new ICS release V8.60, not finished yet but available from SVN and the daily overnight zipped snapshot at : http://wiki.overbyte.eu/wiki/index.php/ICS_Download V8.60 is a major update added several new components and sample applications created by Magenta Systems Ltd and previously distributed separately to the ICS distribution. Bundling them with ICS makes installation and updating easier, and allows existing ICS samples to make use of some the new components, such as UTF-8 file logging. There are a lot of comments in the various SVN uploads which are included in the overnight zip file. New classes added include: TIcsBlacklist TIcsBuffLogStream TIcsFindList TIcsIpStrmLog TIcsMailQueue TIcsStringBuild TIcsTimeClient TIcsTimeServer TIcsWhoisCli and there are four new sample applications that illustrate their use: OverbyteIcsMailQuTst.dpr OverbyteIcsIpStmLogTst.dpr OverbyteIcsWhoisCliTst.dpr OverbyteIcsTimeTst.dpr Also there are major updates to OverbyteIcsSslMultiWebServ.dpr which now has almost all the functionality of my commercial web server. V8.60 will also include the Magenta File Transfer components, not finshed yet. Angus