Jump to content

Angus Robertson

Members
  • Content Count

    1886
  • Joined

  • Last visited

  • Days Won

    33

Posts posted by Angus Robertson


  1. This error often happens with older versions, but usually just means the property is lost for the old version, which only matters if you have been already set it specifically for the newer version.  I often open applications in both Delphi 11.3 and 2007, and ignoring properties never causes a problem.

     

    What is more annoying is the IDE inability to cope with a lot of similar errors, insisting on presenting dozens of modal dialogs if you open a large project group, you have to be so careful if what you click to avoid components not being removed from forms if they are not currently installed in the IDE.

     

    Angus

     


  2. I have implemented extended passive (and port) mode for the ICS client for IPv4 connections, however I'm not sure if it will fix the original poster's problem since it will only be used if the server FEAT command advertises availability, so it is unlikely to fail.  If it does fail, there is a new option that stops the EPSV and EPRT commands being used.  I asked for an FTP log that would have shown the FEAT command and failure response, but can not guess what is happening.

     

    The ICS FTP server already supports EPSV for IPv4, unfortunately the developer that added it missed updating the FEAT command so it's not advertised, and few FTP clients will use it for IPv4, now fixed as well, will be in SVN once more testing is done.

     

    Angus


  3. Packages and programs only have one Win32 option, no idea how you select the tool chain. 

     

    In terms of samples, the obvious ones OverbyteIcsHttpsTst.cbproj, OverbyteIcsWebServ.cbproj, OverbyteIcsCliDemo.cbproj, would be a good start to check applications build.

     

    Angus

     


  4. I'll update the types unit with the new include emits shortly. 

     

    I can only build C++ packages not use them, since the ICS C++ samples are too old to build with modern compilers, it really needs someone to update two or three C++ samples so I can test that they build with new versions of ICS. 

     

    The C++ Win64 packages build with release for me, but not debug, someone will need to look at that. 

     

    The common package builds for Win64x, but not the run package which imports conmon, because currently D12.2 can only import Delphi packages and not C++ due to missing symbol files, due to fixed in a future release.  

     

    Angus

     

     


  5. The concept of certificate revocation is changing due to the slow down it causes and the massive databases needed.  OCSP seems to be dead with browsers no longer using it (CRL instead), Let's Encrypt is stopping it's OSCP servers service soon.  The industry wants certificate life to be shorter so they are replaced regularly (monthly) rather than being revoked.  

     

    But this is not really relevant to code signing, since expired certificates are usually trusted provided they are time stamped signed, Azure issues code signing certificates that expire within two days or something.  You can only revoke unexpired certificates, and our signed applications need to run for years or decades, thus the time stamp.  

     

    In theory, the OS or scanners could try and check old signing certificates being revoked, but it would not be easy.

     

    Angus

     


  6. It is up to the FTP client to decide whether to start passive mode with a PASV or EPSV command, the former has worked with IPv4 for decades, the latter is required for IPv6 so no check for availability is needed.  None of this has changed in ICS in 15 years or more. 

     

    I've never seen a server refuse a PASV request, even if it supports EPSV as well.

     

    It would need changes to the FTP client to prioritise EPSV over PASV, and I'm not likely to get to that for a few weeks.

     

    Angus

     


  7. I mentioned here in October that the beta version of ICS in SVN and the overnight zip now builds (mostly) correctly for C++ and D12.2, V9.3 does not! 

     

    But I've had zero feedback from C++ users, despite at least three users agreeing to test it. 

     

    So please stop reporting C++ problems with ICS versions known not to work, and help test the official version.

     

    Angus

     


  8. It is not unusual for applications developed on newer versions of Windows to be used on older versions, Windows 2008 did not even support TLSv12 so using OpenSSL was a way to keep it running, that's what I did for some years. 

     

    The original problem here loading OpenSSL DLLs can probably be fixed by the method used by all the samples until this year, disable all the new SSL DEFINES and set GSSL_DLL_DIR to the directory for the DLLs, usually that of the application, then load OpenSSL.  This is explained in readme9, search for GSSL_DLL_DIR.

     

    Angus

     

     


  9. I'll look at the logs later, but ICS is not tested on Windows 2008 which is years beyond end of life. 

     

    My first public server was Windows 2008, but I closed it down in 2019.  It was based on Vista, which we don't support either.  Windows 2008 R2 was much better, based on Windows 7 which I do still test, since I have a VM with all the old compilers. 

     

    The problem might be file paths, c:\ProgramFiles did not exist 20 years ago. 

     

    Windows 2008 was the last Win32 server OS Microsoft sold, only Win64 onwards, which is why some people still use it, on ancient hardware.

     

    Angus

     

     


  10. False virus alarms are a way of life due to the different ways of attempting to detect malicious files.  You could try updating to the latest OpenSSL files to see if the problem goes away. 

     

    I believe I have Windows Defender running on my servers, since Sophos now refuses to run on servers, and I've not seen any reports or issues, nor has anyone else reported problems with OpenSSL for many years. 

     

    Goggle once decided a five year old OpenSSL DLL on my web site was malicious and immediately flagged my entire web site as malicious when anyone visited it, took a few days to get the block removed, but that is why downloading files from my site now requires a password, to stop Google accessing them with it's flaky detection techniques.  

     

    Angus

     


  11. Testing your own client against your own server makes debugging harder. 

     

    You should test your client against the ICS multi web server sample, specifically post to https://localhost/postinfo.html which logs all URL or POST parameters passed to it, and returns them as a web page, so you know exactly what the client is sending.  The server code is in OverbyteIcsSslMultiWebUploads.pas and illustrates how to untangle parameters. 

     

    For the client, you should be using the TSslHttpRest component which requires less code, look at the doHttpSimpleUploadClick function in the snippets sample, you build your parameters and then simply POST them.

     

    SslHttpRest.RestParams.PContent := PContUrlEncoded;
    SslHttpRest.RestParams.AddItem('FileTitle', mytitle);

    StatCode := SslHttpRest.RestRequest(httpPOST, myurl, False, '');

     

    You can test all this against your server using the OverbyteIcsHttpRestTst sample. 

     

    Angus

     


  12. You need a data centre hosted server, either a physical machine you rent or own, or a virtual private server running on data centre hardware, you then have complete control over what applications are installed, not sure why you want FMX unless for Linux. 

     

    I have a hosted Dell rack server in one data centre, and a secondary VPS in another, running all my Delphi servers.  But many companies just order virtual servers from Azure, AWS and others, which have the benefit of scaling, but can be horribly expensive.  

     

    Azure seems easy to buy, I've been getting spam emails from 50 or more Azure VPSs in India, USA, Netherlands and the UK, Microsoft seems to sell VPS to anyone. 

     

    Angus

     

    • Thanks 1
×