Jump to content

Angus Robertson

Members
  • Content Count

    1886
  • Joined

  • Last visited

  • Days Won

    33

Everything posted by Angus Robertson

  1. Angus Robertson

    ICS V9.3 announced

    Strangely I just got the same error 'undeclared identifier DefMax', building D2007, it was because that constant was added recently, and I was upgrading an earlier version, removed the packages, restarted D2007, and it compiled without error. A little surprised, thought even D2007 was better behaved. Guess I need a new sacrificial D12 install for testing, just trashed my old Win10 VM to upgrade to Win11. Angus
  2. Angus Robertson

    ICS V9.3 announced

    I installed ICS from GetIt on D11 myself last week without any errors, and D12 uses the same packages. The usual reason for install failures is remnants of old ICS releases being found, I wrote a small app for GetIt that uninstalls old version packages which conflicted with the current versions, but perhaps you have an old ICS version in the path somewhere, thus the errors. If it continues to fail from GetIt, try the zipped version, tested that on D12 last week. Not really using D12 at the moment, too many missing FmxLinux errors whenever I do anything. Angus
  3. Angus Robertson

    ICS SSL under Linux x64

    The main issue with the various Base64 functions is they are mostly used for ASCII functions in protocols with strings, and having only AnsiString versions means lots of string casts to avoid warnings. I've been reworking a lot of low level stuff, tried to remove the String versions, but got so many warnings from dozens of units, had to restore them. But I have improved the code comments to suggest which functions can be used with binary, ideally TB versions, and which for text only. Angus
  4. ICS has a new Application Monitoring client and server system, I have it running on all my public servers monitoring my web, FTP, proxy Windows Services, and restarting them if they halt on or request if they experience critical errors. Have a read of: https://wiki.overbyte.eu/wiki/index.php/FAQ_ICS_Application_Monitoring The client part just sends simple TCP PING packets, the hard part is knowing when to send those pings, my first attempt just used a timer, but that started before the server started and did not check it ever started, things got better over the weeks. The server is currently basic, running on the same machine since it needs to restart the Windows Services if they stop, but I'm going to add remote monitoring of that server with a websocket API so a remote PC could monitor sereveral servers. Angus
  5. Angus Robertson

    ICS V9.3 announced

    A little searching suggests OPENSSL_LH_set_thunks is in the other DLL and has been for years. So I guess the extraction of the two DLLs from the ICS resources has been corrupted, try deleting all files in directory 3302, they should re-appear when you run your app again. This is the first report of a DLL issue in the nine months since I implemented these resource files. Angus
  6. Angus Robertson

    ICS SSL under Linux x64

    If you have found and fixed a problem in ICS, please let others have it. Angus
  7. Angus Robertson

    ICS V9.3 announced

    ICS V9.3 is now available from GetIt, for Delphi 11 and 12. Angus
  8. Angus Robertson

    ICS SSL under Linux x64

    You should have been using IcsBase64UrlDecodeA to return an AnsiString, or IcsBase64UrlDecodeTB for TBytes, to allow binary to be handled without loss. No idea why PBIGNUM is here, not used for digests, only raw keys. The function you show seems to be copied from IcsJoseJWKGetPKey, but our version casts to AnsiString and uses IcsBase64UrlDecodeA. Angus
  9. Angus Robertson

    ICS TFTPServer on C++ Builder 12.2

    The FTP server never sends command, only responses to commands from the client. Each response starts with a three digit number, so once connected the server will send one or more lines like: Connect/Logon to FTP Server: magpub5.magsys.co.uk:21 < 220-magpub5.magsys.co.uk < 220-Magenta File Server Release 2.9/ICS V9.3 - 16th September 2024 < 220-ICS TFtpServer (c) 1998-2023 F. Piette V9.1 < 220 Server: MAGPUB5 at 2024-10-03T17:39:18 The client should then respond with one of several commands, HOST, USER, TLS, FEAT, etc. If you can not build the Delphi FTP sample OverbyteIcsSslMultiFtpServ.dproj, I suggest you download and run the prebuilt version from https://wiki.overbyte.eu/arch/icsdemos-servers.zip and have your client connect to it, see what happens. Or look at whatever logs your client produces,. Or use the ICS Xfer sample to connect to your C++ server and look at the log. Angus
  10. Angus Robertson

    ICS V9.3 announced

    Which Windows version are you using? What was the last OpenSSL version that worked? Angus
  11. Angus Robertson

    ICS TFTPServer on C++ Builder 12.2

    The ICS low level debugging in not really designed for protocols, but SSL handling. You should add your own logging in the various FTP events, as the Delphi sample does, so you know exactly what stage of the session it stalls. Angus
  12. Angus Robertson

    ICS SSL under Linux x64

    One other thing you could check before verify is the length of the digest. It varies depending on your private key type and signing hash, but is generally the length of the key, so an RSA 2048 SHA256 digest will be 256 bytes long, binary. The JoseTst sample reports the hash length for all combinations of keys and hashes. This could be a simple check for the digest not being corrupted at some point. I might do some investigation to see if I can reliably add such a check to verify. Angus
  13. Angus Robertson

    ICS SSL under Linux x64

    So you are saying you've saved a TBytes digest created by IcsAsymSignDigestTB and used it with IcsAsymVerifyDigestTB without any string, encoding or base64 conversions, and it fails? Specifically,as in the function doTestSignClick in the JoseTst sample which displays the digest in hex and base64? I will convert that sample to FMX, as I said earlier, but it is not a priority. Angus
  14. Angus Robertson

    ICS SSL under Linux x64

    In this function. ICS does not use PAnsiChar as a null terminated string, it passes the actual TBytes length to the OpenSSL API, since the hash or digest is binary data. It would seem the old digest is being corrupted before verification. Angus
  15. Angus Robertson

    ICS SSL under Linux x64

    I missed the IcsAsymVerifyDigestTB name, it takes a TBytes binary digest (base 0) and casts it to PAnsiChar to pass to an OpenSSL API. ICS does not use TEncoding anywhere since it's not in old compilers, so I've no idea of the purpose of that line. ICS only uses base 1 for strings, not TBytes. Angus
  16. Angus Robertson

    ICS SSL under Linux x64

    You don't say what type OldDigest is, or which Jose function you are using, but casting and TEncoding is probably corrupting it. Try using IcsStringToTBytes instead, which is what the Jose unit uses. Angus
  17. Angus Robertson

    Windows versions supported by older Delphis

    OK, QueryPerformanceCounter 'was' more accurate in the days before CPU speed could be changed dynamically <g> And might still be over a few seconds timing an algorithm. And Ticks are probably more accurate than 20 years ago with faster motherboards. Angus
  18. Angus Robertson

    Windows versions supported by older Delphis

    ICS has a unit that emulates GetTickCount64 using QueryPerformanceCounter on older OSs, meaning it does not wrap at 49 days as using GetTickCount instead would. QueryPerformanceCounter is also more accurate than ticks if you are timing milliseconds. But 49 days running is rare nowadays, even for servers which Microsoft will forcibly reboot to load Windows Updates unless you take severe measures to stop it. Angus
  19. Angus Robertson

    Windows versions supported by older Delphis

    Suggesting you support an OS you don't at least test once is not a good idea. I have a Windows 7 VM that has Delphi 6 to XE installed, and I build and run stuff with a few of those compilers occasionally, so I know it still works. Trying to support anything older is dangerous. That VM still gets some Windows security updates, so has minimal support from Microsoft. One common API to avoid for Windows 7 is GetTickCount64 which was added with Vista and Windows 2008, don't think Delphi uses it internally. Angus
  20. The short answer is not easily with the ICS HTTP client components, they don't built a request nor buffer a response before processing it. The 'proper' solution would be to use the ICS proxy component as an intermediary to handle the encryption, which does give access to headers and content, but would still need changes since it would ignore the encrypted reply. If you are only taking to a specific server with limited requirements and error handling, it would be easier to write your own HTTP client I wrote a simple application 'Simple TCP Client Testing, ie HTTP headers' that uses the TIcsIpStrmLog component to send a simple HTTPS request to a server repeatedly, for heavy testing. TIcsIpStrmLog expects to send and receive text lines as used by most protocols, if your encrypted headers and content arr binary, you would need to use a simple TWSocket instead. Angus
  21. Angus Robertson

    ICS SSL under Linux x64

    One common issue using the Jose functions is they use binary arguments, originally AnsiString, now TBytes, not Base64, so you need to decode Base64 first, that might explain the wrong length. I'll put an FMX version of the Jose sample on my list. Angus
  22. Angus Robertson

    ICS V9.3 announced

    Sorry, no idea off hand. I did build V9.3 with D7, D2007, XE7, D10.3, D11 and D12 last week, so it builds OK for the different generations of compiler, but I can not test on every compiler. Not sure my D2010 licence still works. Angus
  23. Angus Robertson

    ICS SSL under Linux x64

    The Ics.Posix.PXMessages unit was written many years ago for 32-bit MacOS, and has never been updated for 64-bit, nor tested properly with Linux. It is now obsolete, so I'll remove it from ICS shortly. No idea why I put it into the Jose unit, no messages there. Angus
  24. Angus Robertson

    ICS SSL under Linux x64

    As I said earlier, ICS has never had a working message pump for Linux, so no functions dependent on messages will work. Some changes were made to TIcsEventQueue to try and support Linux in V9.2 but did not work and were disabled for V9.3 so at least the non-message stuff loaded. So making THttpClient work is not trivial with V9.3. Angus
  25. Angus Robertson

    ICS SSL under Linux x64

    It seems six (or more) EC_Group functions were deprecated in OpenSSL 3, and some builds exclude deprecated functions. In OverbyteIcsLIBEAY.pas, suppress four lines in the table with @@EC_GROUP_set_curve_GF , @@EC_GROUP_new and EC_GROUP_clear_free and change the array size to [0..841], that will stop these four exports loading. If you get new names appearing in the exception, do the same thing. ICS now only uses EC_GROUP_get_curve_name, not the dozens of others we load. I agree only loading those exports we use would be ideal, but working out which of those 842 are not used is not trivial, and many are there for future use, or use by end user applications. Angus
×