Angus Robertson

VLCZip was commercial software sold with Delphi source, last release was about 15 years ago, but I still use it in my applications. It never became open source. So really need to replace it, but adding a DLL to my projects is a non-starter. ZipMaster should ideally build the C code into a DCU so that it can be linked directly, but this would be needed for all compilers. I still use Delphi 2007 for some of my historic projects, too much work to update them. Or built to OBJ files like ZLIB that can just be inserted into a PAS unit? Angus

Bottom line is testing multiple variants of authentication and proxy settings is a nightmare, takes a long time to setup all the testing environments locally, so if you want this investigated we will need access to the proxy and server to which ICS is failing to connect. But won't have time to look for at least a week. The change three years ago was done by a user accessing a Windows domain with single sign on, but I guess not via a proxy, which I can not test. Angus

Did you work out the Device Installation Class under which your modems are installed, other than Modem or Ports? It should be a single line change to enumerate a new class. Angus

It's unclear to me from the readme and help whether ZipMaster is a linkable Delphi component or a DLL with a Delphi interface. The documentation seem to assume you are familiar with the component and not migrating from something like VCLZip. Angus

The Ansi warnings relate to my updated version of AsyncPro adport.pas unit that allows named COM ports to be opened, but this is for 4.06, not recent Unicode versions, you'd need to update whatever Async Pro you are using with my very minor changes. Strange the component did not find one of your modems, although it did find 18 other COM ports you've previously installed. Can only guess Samsung has installed it using keys, you'd need to check what they are and update the component. Angus

The Magenta Hardware Components download includes compiled demos for all the components. Angus

I released Magenta Serial Port Detection Component free earlier this year, part of Magenta Hardware Components at: https://www.magsys.co.uk/delphi/maghardware.asp It finds serial ports by several methods. Angus

OpenSSL has released new versions of the two supported branches, 3.0.2 and 1.1.1n, Windows binaries are available from http://wiki.overbyte.eu/wiki/index.php/ICS_Download or https://www.magsys.co.uk/delphi/magics.asp . OpenSSL 3.0.2 fixes a high security risk relating to specifically formed SSL/TLS certificates using elliptic curve public keys which can cause OpenSSL to enter an infinite loop and cause denial of service by freezing. The attack can be caused by clients processing bad server certificates, or by servers that request bad client certificates, and many other cases where these bad certificates are processed, The attack has not been seen in the wild, it was identified by Google. 3.0.2 also allows PCKS12 private keys without a password to be opened. OpenSSL 1.1.1n fixes the same bug. The bug is also in 1.0.2 and 1.1.0 but these are no longer supported and users should upgrade. Note the binaries are now digitally signed by 'Magenta Systems Ltd' instead of 'Open Source Developer, François PIETTE' due to the massive cost of renewing the open source certificate. Developers can always resign the DLLs with their own signing certificate to remove the Magenta name. Separately YuOpenSSL has released both these versions as commercial DCUs allowing applications to be used with OpenSSL without needing separate DLLs. Angus

The ICS web server sends binary data from a stream. If you want to send UTF-8, you need to make sure that stream is loaded with 8-bit data as UTF-8. Can not be more specific since there are many ways to build the response page with several helpers. ICS 8.41 is ancient, it only supported OpenSSL that are no longer supported. You should be using ICS V8,.68 and OpenSSL 3, new version today. Angus

The ICS proxy component is not designed for use in threads, it listens in the main thread and all clients use the main thread. Testing has shown single threaded ICS servers can handle hundreds of simultaneous clients, although using SSL/TLS takes an appreciable time to setup a new connection and is a limiting factor in how many new connections can be accepted each second. Exactly how many clients are accessing the proxy simultaneously, using what protocols, and for how long. Does your proxy have a GUI? That will almost certainly be the reason for the slow down. Angus

Microsoft makes it difficult to completely disable Windows Firewall on Windows 10, even if it's disabled you may find the task is still running. The Services GUI does not allow you to disable Windows Defender Firewall, it can only be done by changing the registry and rebooting. Also, doing so can upset applications that attempt to add firewall rules and assume it's always running. Not saying this is the reason for your problem, I'd check if you can connect to other servers first. Angus

Windows Firewall may be blocking access to a local server. Angus

TICsIpStrmLog can be configured as a server or client, it is a much easier to use version of TWSocket/TWSocketServer, and supports SSL/TLS. The sample application I mentioned can run as both client and server at the same time, sending data to itself. Or you can run two instances on separate PCs sending data to each other. Once connected, there is one event to send a string of data, and another event that receives strings, very simple to use. Unfortunately, the sample looks complicates because it illustrates all the features of the component. Angus

Know nothing about IntraWeb, what IP addresses did you configure it to listen on? There are several ICS samples that illustrate simple TCP connect. For simple telnet, you would be better off using TIcsIpStrmLog than TWSocket, much faster and easier to use, see sample OverbyteIcsIpStmLogTst,dpr. Angus

sgcWebSockets does include an OAuth2 server, for 600 euros. Angus

OpenSSL has released quarterly updates for the two supported branches, 3.0.1 and 1.1.1m, Windows binaries are available from http://wiki.overbyte.eu/wiki/index.php/ICS_Download or https://www.magsys.co.uk/delphi/magics.asp . OpenSSL 3.0.1 fixes a medium security risk relating to clients verifying X509 certificates from the server, a malicious server could potentially send a bad certificate that caused the client to hang or misbehave during verify. https://www.openssl.org/news/secadv/20211214.txt Now OpenSSL 3.0 has been available for three months, updated the main supported OpenSSL release to 3.0.1. The samples SslInternet directory now has both OpenSSL 1.1.1m and 3.0.1, ICS will try and load OpenSSL 3.0 first, then 1.1.1 if not found, unless the global variable GSSLEAY_DLL_IgnoreNew is set true before OpenSSL is loaded. Likewise GSSLEAY_DLL_IgnoreOld may be set true to ignore 1.1.1 and fail unless 3.0 is available. This is available from SVN and the overnight zip. Note the binaries are now digitally signed by 'Magenta Systems Ltd' instead of 'Open Source Developer, François PIETTE' due to the massive cost of renewing the open source certificate. Developers can always resign the DLLs with their own signing certificate to remove the Magenta name. Separately YuOpenSSL has released both these versions as commercial DCUs allowing applications to be used with OpenSSL without needing separate DLLs. Angus

OpenSSL 3.0 (and 3.0.1, 3.0.2 etc) has now been designated a Long Term Support release, with security and bug fixes until 7th September 2026. ICS users are recommended to update to V8.68 or later and OpenSSL 3.0 for long term support. The current LTS release 1.1.1 will continue to be supported until 11th September 2023. The older 1.0.2 release only receives security fixes if you have a paid support contract with OpenSSL. The next main release will be OpenSSL 3.1.0 with initial support for QUIC which is needed for HTTP/3, but it may take a couple of years for all the work to be completed, they plan to release updates every six months. Angus

To clarify, this is down to DNS. If a DNS lookup returns both IPv4 and IPv6 addresses, the client will usually try IPv6 first. The Windows HOSTS file has both IPv4 and IPv6 lookups for localhost so servers need to listen on both addresses. Can be fixed by removing the IPv6 address from HOSTS. Angus

Yes, I've seen that. If the client is allowed to use IPv6 and IPv4, it will try IPv6 first, timeout and try IPv4. All client software should have a setting to make it use IPv4 only, in ICS it's SocketFamily. Angus

That diagram suggests the cloud service is running both authentication and API services, really need a version where they are separate. It should not be that difficult to design an authentication REST server using ICS or Indy, clearly it would need a database behind it which takes it beyond the type of samples ICS offers, and into end user application territory. It would also need a protocol between the authentication and API servers, not sure if there is a standard for that, guess that is Okta's market. Angus

Not really look at the server OAuth2 implementations, but isn't it usually a separate REST server than handles authentication, returning a bearer token which is passed to the API server, which presumably then checks back locally with the authentication server to validate it? Often the authentication server is run by a separate company, like Okta. Started looking at Okta once, but the level of emails and calls I got put me off. Angus

The ICS fork is at: https://svn.overbyte.be/svn/ics/trunk/Source/OverbyteIcsSuperObject.pas and https://svn.overbyte.be/svn/ics/trunk/Source/OverbyteIcsSuperXMLParser.pas There is a sample application OverbyteIcsJoseTst.dpr that illustrates parsing Json and XML into a grid at multiple levels. The OverbyteIcsHttpRestTst.dpr sample does the same thing for Json APIs over the internet. The OverbyteIcsSslX509Certs.pas unit makes extensive use of SuperObject to create and parse Json for SSL certificate orders. Angus

ICS includes forked version of SuperOject 1.2 so that ICS can offer the same JSON support on all platforms, It's not the latest version, since ICS already has time zone functionality that got added to SO. Also removed TSuperWriterSock since did not need it. I've added better TDateTime support, reporting JSON parse errors and other minor fixes. Fully compatible with D7 to D11.0. The unit's only dependency is an ICS utility unit, so it can be used without anything else. Angus

I set different levels when checking the password, that determine what data the execute events are allowed to access. I will check the sample works the same with GET and POST in a day or two. Angus

Yes, ICS should build on Linux, but is awaiting a Linux expert to update the MacOS message handler code to proper Linux. Angus