-
Content Count
1886 -
Joined
-
Last visited
-
Days Won
33
Posts posted by Angus Robertson
-
-
Just keep the time or tick count before you make the request, and again afterwards. The component can do this internally for sessions, bur not single requests.
Angus
-
I have implemented extended passive (and port) mode for the ICS client for IPv4 connections, however I'm not sure if it will fix the original poster's problem since it will only be used if the server FEAT command advertises availability, so it is unlikely to fail. If it does fail, there is a new option that stops the EPSV and EPRT commands being used. I asked for an FTP log that would have shown the FEAT command and failure response, but can not guess what is happening.
The ICS FTP server already supports EPSV for IPv4, unfortunately the developer that added it missed updating the FEAT command so it's not advertised, and few FTP clients will use it for IPv4, now fixed as well, will be in SVN once more testing is done.
Angus
-
Public property RespDateDT
Angus
-
Packages and programs only have one Win32 option, no idea how you select the tool chain.
In terms of samples, the obvious ones OverbyteIcsHttpsTst.cbproj, OverbyteIcsWebServ.cbproj, OverbyteIcsCliDemo.cbproj, would be a good start to check applications build.
Angus
-
I'll update the types unit with the new include emits shortly.
I can only build C++ packages not use them, since the ICS C++ samples are too old to build with modern compilers, it really needs someone to update two or three C++ samples so I can test that they build with new versions of ICS.
The C++ Win64 packages build with release for me, but not debug, someone will need to look at that.
The common package builds for Win64x, but not the run package which imports conmon, because currently D12.2 can only import Delphi packages and not C++ due to missing symbol files, due to fixed in a future release.
Angus
-
Thanks, fix will be added for the next release shortly.
Angus
-
The concept of certificate revocation is changing due to the slow down it causes and the massive databases needed. OCSP seems to be dead with browsers no longer using it (CRL instead), Let's Encrypt is stopping it's OSCP servers service soon. The industry wants certificate life to be shorter so they are replaced regularly (monthly) rather than being revoked.
But this is not really relevant to code signing, since expired certificates are usually trusted provided they are time stamped signed, Azure issues code signing certificates that expire within two days or something. You can only revoke unexpired certificates, and our signed applications need to run for years or decades, thus the time stamp.
In theory, the OS or scanners could try and check old signing certificates being revoked, but it would not be easy.
Angus
-
It is up to the FTP client to decide whether to start passive mode with a PASV or EPSV command, the former has worked with IPv4 for decades, the latter is required for IPv6 so no check for availability is needed. None of this has changed in ICS in 15 years or more.
I've never seen a server refuse a PASV request, even if it supports EPSV as well.
It would need changes to the FTP client to prioritise EPSV over PASV, and I'm not likely to get to that for a few weeks.
Angus
-
I started a new thread about C++ 21 October, you replied and agreed to test the new version.
All the cbproj packages and some cpp and pas files changed in October, so any comments relating to C++ in V9.3 are irrelevant to building the overnight beta version.
Angus
-
There have been other CVEs in Zlib over the years, and we were slow to update our version, which is why ICS now uses the Delphi version, at least for those using recent Delphi versions.
Angus
-
Extended Passive mode (EPSV) is for IPv6 connections, I'm not aware it has any purpose for IPv4 if that is what you are using.
Never heard of active passive mode, can you please show the ICS FTP log.
Angus
-
ICS V8.70 and later come with Zlib 1.2.12 for old Delphi releases, but automatically users the System.Zlib for Delphi 11.1 which had the same release, and newer releases hae newer Zlibs.
Not planning to update the built-in version for old compilers, unless there is a serious issue.
Angus
-
{$IF Declared(RTLVersion121)}Result := '12.1';{$IFEND}
{$IF Declared(RTLVersion122)}Result := '12.2';{$IFEND}
{$IF Declared(RTLVersion123)}Result := '12.3';{$IFEND} // guessingAngus
-
ICS has a function IcsBuiltWith that uses a lot of defines to get the version, ie 12.2, but not patches. Not much code, but it does need an insert file that does most of the version checking. Several ICS samples report the Delphi version, which is useful.
Angus
-
I mentioned here in October that the beta version of ICS in SVN and the overnight zip now builds (mostly) correctly for C++ and D12.2, V9.3 does not!
But I've had zero feedback from C++ users, despite at least three users agreeing to test it.
So please stop reporting C++ problems with ICS versions known not to work, and help test the official version.
Angus
-
The Code Sign check is probably failing due to Windows 2008 not understanding the cryptography used, specifically the SHA-256 algorithm. You may have the same problem using other modern signed applications.
I don't plan to change anything, we can not support old compilers and operating systems forever.
Angus
-
It is not unusual for applications developed on newer versions of Windows to be used on older versions, Windows 2008 did not even support TLSv12 so using OpenSSL was a way to keep it running, that's what I did for some years.
The original problem here loading OpenSSL DLLs can probably be fixed by the method used by all the samples until this year, disable all the new SSL DEFINES and set GSSL_DLL_DIR to the directory for the DLLs, usually that of the application, then load OpenSSL. This is explained in readme9, search for GSSL_DLL_DIR.
Angus
-
I would recommend you use the TIcsIpStrmLog streaming log component, look at the doSocketRemoteClick function in the Snippets sample which is TCP so needs a one line change for UDP, then data just arrives in an event.
Angus
-
OpenSSL loading was totally rewritten in the last year.
Angus
-
I'll look at the logs later, but ICS is not tested on Windows 2008 which is years beyond end of life.
My first public server was Windows 2008, but I closed it down in 2019. It was based on Vista, which we don't support either. Windows 2008 R2 was much better, based on Windows 7 which I do still test, since I have a VM with all the old compilers.
The problem might be file paths, c:\ProgramFiles did not exist 20 years ago.
Windows 2008 was the last Win32 server OS Microsoft sold, only Win64 onwards, which is why some people still use it, on ancient hardware.
Angus
-
Indeed, the EmbeddedWB component wraps the old Internet Explorer stuff which is long obsoleted by Edge, it still works for Microsoft APIs, but not for Google APIs, you need to use Edge.
Angus
-
False virus alarms are a way of life due to the different ways of attempting to detect malicious files. You could try updating to the latest OpenSSL files to see if the problem goes away.
I believe I have Windows Defender running on my servers, since Sophos now refuses to run on servers, and I've not seen any reports or issues, nor has anyone else reported problems with OpenSSL for many years.
Goggle once decided a five year old OpenSSL DLL on my web site was malicious and immediately flagged my entire web site as malicious when anyone visited it, took a few days to get the block removed, but that is why downloading files from my site now requires a password, to stop Google accessing them with it's flaky detection techniques.
Angus
-
Testing your own client against your own server makes debugging harder.
You should test your client against the ICS multi web server sample, specifically post to https://localhost/postinfo.html which logs all URL or POST parameters passed to it, and returns them as a web page, so you know exactly what the client is sending. The server code is in OverbyteIcsSslMultiWebUploads.pas and illustrates how to untangle parameters.
For the client, you should be using the TSslHttpRest component which requires less code, look at the doHttpSimpleUploadClick function in the snippets sample, you build your parameters and then simply POST them.
SslHttpRest.RestParams.PContent := PContUrlEncoded;
SslHttpRest.RestParams.AddItem('FileTitle', mytitle);StatCode := SslHttpRest.RestRequest(httpPOST, myurl, False, '');
You can test all this against your server using the OverbyteIcsHttpRestTst sample.
Angus
-
You need a data centre hosted server, either a physical machine you rent or own, or a virtual private server running on data centre hardware, you then have complete control over what applications are installed, not sure why you want FMX unless for Linux.
I have a hosted Dell rack server in one data centre, and a secondary VPS in another, running all my Delphi servers. But many companies just order virtual servers from Azure, AWS and others, which have the benefit of scaling, but can be horribly expensive.
Azure seems easy to buy, I've been getting spam emails from 50 or more Azure VPSs in India, USA, Netherlands and the UK, Microsoft seems to sell VPS to anyone.
Angus
- 1
Backward compability
in VCL
Posted
This error often happens with older versions, but usually just means the property is lost for the old version, which only matters if you have been already set it specifically for the newer version. I often open applications in both Delphi 11.3 and 2007, and ignoring properties never causes a problem.
What is more annoying is the IDE inability to cope with a lot of similar errors, insisting on presenting dozens of modal dialogs if you open a large project group, you have to be so careful if what you click to avoid components not being removed from forms if they are not currently installed in the IDE.
Angus