Angus Robertson

Quote

Why TIcsIpStrmLog and not TSslWSocket directly?

The magic word was simplest, less code, fewer errors.

Quote

by using a non-blocking socket with select() or (e)poll() for the timeout.

Windows supports none blocking DNS lookups and sockets by using a thread, what is the API to stop those threads early?

Angus

The simplest way is with the TIcsIpStrmLog component, look at the doSocketRemoteClick procedure in the OverbyteIcsSnippets sample, although you can ignore SSL. 

Failing to open a normal TCP connection will timeout after about 30 to 40 seconds, you can not easily make this any shorter, and you can not re-use the socket until the connection attempt fails, even if you abort it earlier.  If you need to check a lot of ports, either use multiple components running in parallel (no threads needed for hundreds) or use the ping feature of TIcsIpStrmLog to see if at least the IP address exists before checking the port.  

Angus

{.$DEFINE OpenSSL_Resource_Files} will stop OpenSSL being linked, {$DEFINE] OpenSSL_ProgramData}  then helps determine where the DLLs are located. 

readme9.txt now has a lengthy section describing all the defines.

Angus

ICS V9.2 has started the beta process, and can be downloaded from https://svn.overbyte.be/svn/icsv9/ or the overnight zip from https://wiki.overbyte.eu/wiki/index.php/ICS_Download or https://www.magsys.co.uk/delphi/magics.asp

This beta version of V9.2 adds a new feature release of OpenSSL 3.3.0 and fixes a number of bugs mostly introduced in V9.1, but also two long term HTTP URL in the client and server software where missing / delimiters could cause problems, and fixing server authentication issues with POST requests. Several others issues discussed on Delphi-Praxis are also fixed, but not all, yet.

This beta also includes a new 'ICS Intermediate Short' SSL certificate to replace the one in V9.0 that has just expired, it is used by ICS to generate temporary server certificates to allow SSL servers to run until a Let's Encrypt or commercial certificate is installed.  

The OverbyteIcsSslMultiWebServ sample has various improvements to test authentication more thoroughly (the DDService version is not done yet).

Only Delphi 10.41 and 10.42 (10.4 with updates 1 or 2) will install correctly with the new install packages, the original RTM version does not support the package LIB suffix: $(Auto) so you must change it manually for each package to 21.0.

OpenSSL 3.3.0 is now the default in the OverbyteIcsDefs.inc file and the ICS-OpenSSL path, ICS does not use any of the new features (nor those in 3.1 or 3.2).

Now that OpenSSL is more closely integrated with ICS, updating for security fixes will become more complicated, needing files in two or more directories to be updated.  When OpenSSL does the next batch of security fix versions (scheduled quarterly), I'll generate a zip with all the new files and directories that can be extracted over an existing ICS installation with all the new files.  

Angus

You are concerned about a one second longer download on a tiny file?   With different SSL protocols and ciphers. 

Angus

In HTTP headers, there is always a space after the colon, seems simple but sufficient to confuse servers.

Angus

TSslHttpRest is an ICS component, and to add a special header field you use the component ExtraHeaders: Strings property to add the full header and value,

ie ExtraHeaders.Add('Store-Token: 22345673301244567896663456789012');

Angus

I believe the authentication POST problem was mainly a simple literal,

    if FOutsideFlag and (not (hoAllowOutsideRoot in FOptions)) then
        Flags := hg403
    else
        Flags := hg404;

where hg404 should be hgSendDoc.  But something else is going on I'm still tracking, RequestDone should be called for a 401 error to reset the state machine, but is not, although it still seems to work. 

The biggest problem is our samples test all the authentication variations for virtual and normal pages, but not for template pages or POST pages, so that all had to be added first. 

I always test server fixes on my public servers for a day or two, so the changes won't be in SVN until later in the week.

Angus

On 3/22/2024 at 9:17 AM, Angus Robertson said:

3.3 has just entered alpha testing and adds QUIC for HTTP/3 servers.

Correction, OpenSSL 3.3 was released last week and does not add QUIC for servers, that is scheduled for OpenSSL 3.4 due in October 2024.

https://github.com/orgs/openssl/projects/11/views/3

OpenSSL 3.3 for Windows will be released later this week with ICS V9.2 beta.  But there are no new features particularly relevant to ICS.

Angus

I use been using the same two news readers for 25 years, Forte Agent and Ameol2 (very specialised for the UK).  

I read a number of uk news groups.  But there are no active Delphi groups, since Embarcadero moved away from a web forum that allowed NNTP access.

I have an account with https://www.astraweb.com/ they sell fixed usage so 25GB for $10 that will last for ever if you don't download binaries. 

One free news server is news.gmane.io that holds several mailing lists, I read OpenSSL mailing lists via it. 

Angus

On 3/27/2024 at 10:42 PM, omnibrain said:

I used the postinfo-Demo, because I think you added that specifically to test POST.

\demos-data\WebAppServerData\Templates\postinfo.htm is missing, but that doesn't matter for the test. 

Took some detective work to work out where that template has gone, it was written last autumn to test a major rejig of web server get/post parameter processing using streams for multi-gig uploads.

But the template never got added to SVN and then got lost when the samples were re-organised. 

So I've had to recreate it from my public web site: https://www.telecom-tariffs.co.uk/testing/postinfo.htm

Not in SVN yet, still looking at your real problem.

Angus

Still got no idea why are distributing openssl.exe and why this is a problem.  The directory your screen shows has the correct DLLs for the EXE. 

We don't need two separate openssl.exe files since we don't use them.

The only problem here is you decided to change the way OpenSSL is distributed for your own reasons.

Angus

No idea how that screen shot error is relevant to ICS, we don't use openssl.exe. 

Our openssl zips have a different versions of openssl.exe in the Win32 and Win64 zips, you have mixed therm up.

Angus

Thanks, so I need to amend our documentation for those that have not kept D10.4 patches up to date. 

Angus

If your Delphi app is built for Win32, you only use Win32 DLLs, even when running in a Win64 OS.  This has been the case for 25 years.

If it is failing, there is another reason. 

Angus

Support for LIB suffix $(Auto) was only added to D10.4, if the 'new' ICS packages using it are installed with older compilers, $(Auto) will appear in the BPL package file names. 

Perhaps it was added in a service version of 10.4 you have not installed. 

Angus

Since $(Auto) was in the fatal error message, it must exist somewhere in your path.  ICS only uses it within a package to define where files are built.

Angus

I guess you have used the $(Auto) macro as part of the path, which is unfortunately not supported (to my knowledge).  You need to replace that with 21.0 for D10.4 for the path.

Angus

IcsLogger is really designed for low level event and message handling development, particularly for SSL, its output is rarely of any benefit for application development, I've not used it for development for many years, and it's not used in any of my ICS applications, nor is it used in any modern ICS samples. 

Most new ICS components and samples have much better embedded logging that is user friendly, the samples use TIcsBuffLogStream to write logs, and supports date/time mask characters in the file name using the FormatDateTime function, so just use that when preparing the file name for IcsLogger.

Angus

What operating system?  Have you extracted all the files from the zip with the correct directories? 

That XCOPY command works for most people, unless you change something.

Angus

I have an old application with several TNextGrid and numerous related Column components, I'm trying to update to Delphi 12 from D11.

It seems TNextGrid v5 does not have any packages for D12, and has been superseded by v6 which has all new component types and unit names.  The FAQ says v6 is 'not delete & replace compatible' but gives no hints as to how to update projects from v5 to v6.  I've tried manually updating type names, but get lots of form errors and a stream error so no form.

So I either have to create 24 D12 packages for v5, or manually try and rebuild all my grid columns in the IDE with all their values, drop downs, etc, very tedious.

Is there a migration tool from v5 to v6 or upgrade instructions?

Angus

It seems Delphi 11 added a new GetIt feature I missed, 'Local GetIt Packag'e, I can not find it mentioned in these forums. 

https://docwiki.embarcadero.com/RADStudio/Alexandria/en/GetIt_Local_Files_Guide_Index

Package developers can create a Json file that is selected from Local GetIt Package at the bottom of the GetIt window, and which then installs packages as if they were downloaded from GetIt. 

This could simplify installs since paths can be added automatically, lots of other commands to avoid manual intervention and instructions. 

Has anyone tried it?

Angus

Any other ICS MacOS users able to help here?

Angus

All I can suggest is trying an older ICS version, if I've broken something in recent versions.  Like https://wiki.overbyte.eu/arch/icsv868.zip 

There is a new Linux version V10 in SVN, but no SSL and only simple sockets at the moment, not tested on MacOS but it's uses a Delphi message pump which I assume works on MacOS, that version will be the long term cross platform version.  But MacOS will only be supported if contributors help, we can not test it, no Apple hardware.

Angus

I've asked if GetIt installs can be improved to remove the old named packages, but this was a one-off with the change in package names.

Angus