Jump to content

Angus Robertson

Members
  • Content Count

    807
  • Joined

  • Last visited

  • Days Won

    9

Everything posted by Angus Robertson

  1. Angus Robertson

    What is the correct approach to "phone home"?

    Agree HTTP POST is the safest upload method, but I'd make sure the client can have a proxy server specified for cases where default internet access is blocked. And maybe offer your clients that proxy server as being easier to monitor than the factory floor systems. Angus
  2. Just installed the overnight zip on Delphi 7, worked the second time after I deleted all the old units and packages and started fresh. A number of old units were removed in V8.,66 which will no longer build. Having trouble building samples due to them having D2007 properties, long time since I tried to downgrade forms. Angus
  3. Angus Robertson

    Installing ICS v8.58 on CBuilder 10.1

    There are 80 lines of documentation in the OverbyteIcsIpStreamLog.pas unit. Angus
  4. Angus Robertson

    Installing ICS v8.58 on CBuilder 10.1

    HandshakeDone error=0 means the session connected OK, but does not tell you anything about the certificates received, you need to code that yourself, or use a better component as I suggested last week like TIcsIpStrmLog which does this for you. Angus
  5. Angus Robertson

    Installing ICS v8.58 on CBuilder 10.1

    In your first project, onConnect error=0 is OK, but you are not logging the error for HandshakeDone which quite often fails. It is also where your component should be checking whether you really reached the secure server you requested. Can not help on the C++ missing external, you'll need to resolve that yourself. Angus
  6. Start with the OverbyteIcsSslMultiFtpServ.dpr and OverbyteIcsXferTst.dpr samples, they are designed for secure FTP, and use special FTP commands to speed up synchronising file directories including sub-directories. I've been using these FTP components for 15 years for backup to and from my public servers. The FTP server includes automatic SSL certificate ordering. Angus
  7. So your web server is accepting connections again? Not many people still use Delphi 7 so don't test it very often, but I will fix V8.67 to work on it again next week. Angus
  8. Angus Robertson

    Installing ICS v8.58 on CBuilder 10.1

    There is a SslAlpnProtocols property in TSslWSocket, stringlist of protocols the client accepts. The OverbyteIcsHttpRestTst.dpr sample uses it. Angus
  9. You should really be configuring your server using IcsHosts so you can ignore the SslContext. But try these settings: SslCtx.SslMinVersion := sslVerTLS1_2; SslCtx.SslMaxVersion := sslVerTLS1_2; SslCtx.SslCipherList := sslCiphersMozillaSrvTLS12; { V8.66 was sslCiphersMozillaSrvInterFS } SslCtx.SslSecLevel := sslSecLevel112bits; Angus
  10. Angus Robertson

    Installing ICS v8.58 on CBuilder 10.1

    I tried connecting to your Amazon server with the IcsIpStrmLog sample, it works without SSL, but not with SSL on that port. Ports are always configured for one or the other, unless the protocol accepts a command like STARTTLS after a non-SSL connection. Angus
  11. I can connect to your test server with the host name you sent, using the ICS browser component, get a 404 error no index page, uses a RapidSSL certificate: SSL Connected OK with TLSv1.1, cipher ECDHE-RSA-AES256-SHA, key auth RSA, key exchange ECDH, encryption AES(256), message auth SHA1 TLSv1.1 and SHA1 are now obsolete and not supported by most browsers. Somehow you have configured the server not to support TLSv1.2, either by using very old OpenSSL DLLs or with options. Angus
  12. ICS only create a self signed certificate if there is no real certificate available, without which the server will not start. As I said elsewhere today, the ICS logger is designed for internal component debugging, not application errors, nor SSL debugging. What is your URL, email if necessary. Angus
  13. Angus Robertson

    Installing ICS v8.58 on CBuilder 10.1

    Some component properties are reset when the socket closes, and need to be set each time it is opened, SslEnable is one of them since the next connection may not be SSL. OverbyteIcsIpStmLogTst.dpr is the sample for TIcsIpStrmLog, it has both client and server modes, you only need the client part, I wrote a simple app to test something:: IcsIpStrmLog1.LogProtocol := logprotTcpClient; IcsIpStrmLog1.RemoteHost := SendHost.Text; IcsIpStrmLog1.RemoteIpPort := SendPort.Text; IcsIpStrmLog1.ForceSsl := True; IcsIpStrmLog1.StartLogging; Log onLogProgEvent and onLogRecvEvent. Angus
  14. Angus Robertson

    Installing ICS v8.58 on CBuilder 10.1

    After you call Connect, the onConnect event will always be called, maybe not for a minute if the connection fails. You also don't seem to set SslEnable or SslMode anywhere. All this is done for you in TIcsIpStrmLog, but I appreciate there is no C++ sample. Angus
  15. Angus Robertson

    Installing ICS v8.58 on CBuilder 10.1

    ICS is an event driven component, you don't appear to have any events, so you have no idea what happens after you start the connection attempt. The logger is designed for debugging the internals of the components, not end user applications. You should be reporting the onConnect event which tells you whether connection worked or failed, also onHandshakeDone. If you are using HTTPS, you should be using the TSslHttpRest which does not require an SslContext. If this is a custom protocol, use TIcsIpStrmLog which doesn't need SslConrext either. Both components are detailed in the Getting Started with ICS in readme8.txt, which explains the best components to use for new applications., also http://wiki.overbyte.eu/wiki/index.php/ICS_Getting_Started Unless your application is using an SSL client certificate (which is rare) you don't need a private key or certfile. Angus
  16. Sorry, insufficient information to make any real diagnosis, you don't say what OpenSSL you are using, or which protocols, or what errors the client sees. The client may have closed the connection and the problem is not server related. SslHandshakeDone is called for both success and failure, you are not logging what happened. I suggest you try configuring the OverbyteIcsSslMultiFtpServ.dpr sample with your certificate and IP address and try to connect to that, it has better logging. Maybe use V8.66 as well. The latest versions of ICS will start without SSL certificate, it creates a self signed certificate to start-up, and will then order a free certificate from Let';s Encrypt so you don't need to buy manually from RapidSSL. Angus
  17. Angus Robertson

    Installing ICS v8.58 on CBuilder 10.1

    Sorry, no ideas, I don't use C++. A start would be to change the existing packages to actually target your old compiler, there are different packages for each compiler for a reason. Angus
  18. Angus Robertson

    Installing ICS v8.58 on CBuilder 10.1

    V8.66 was announced in this forum in April with a link to the main ICS wiki download page. Angus
  19. Angus Robertson

    Installing ICS v8.58 on CBuilder 10.1

    Why are you trying to install a two year old version, why not use the latest V8.66 version? Note ICS was never tested on D10.1 only D10.2 and later, which is why there are no packages. Angus
  20. You don't say what response Gmail is providing when you send email Google Gmail accounts have two levels of security, historically they worked with clear authentication under SSL, and one of mine still does. But if you choose a Google prompt to set 'higher' security on your account that means they will only support OAuth2 so the account password is not stored locally or sent in SMTP commands. Instead the password is entered through a browser window. So for the ICS mail queue component, specify authentication as XOAuth2 and the password field will be greyed. When you start the mail queue, a browser window will appear in which you login with the same account as the user name here. Google returns two tokens, one is used to access Gmail and remains valid for a short time, the second refresh token is saved by the sample as the password and can be used in the background to get a new access token without a browser window. The refresh token usually remains valid for months, unless the account details are changed, but if you are sending unattended emails you need some scheme to allow interaction to login again if new tokens are needed. Before OAuth2 will work, you need a Google application account which is explained in notes at the top of OverbyteIcsSslHttpRest.pas. Angus
  21. Angus Robertson

    ICS for Linux?

    I'm attempting to build ICS for Linux, to help with the MacOS support. I used Hyper-V Quick Create to create an Ubuntu 18 VM, took about 10 minutes and a few key clicks, except xRDP no longer works on that build and without it you can not connect to install the fixed packages. Started again with Ubuntu 20 which works fine and displays a Gnome desktop with full connectivity. Installed PAServer and running it in a terminal window, expected port and IP address. But when I create a profile in 10.4 with those details, just get connection failed. There is no Windows firewall, maybe Ubuntu 20 has one? Or am I missing something obvious? Thought I'd try and setup Apache web server, but can not find it. Angus
  22. Angus Robertson

    ICS for Linux?

    I thought I fixed all the incompatibilities with Linux, I was certainly able to build packages for V8.65. But I am not planning any further work to actually test it or make ICS work in Linux, unless someone pays me, I have no plans to write any Linux applications myself. So it's up to those that actually want to use ICS with Linux to make it work, I will then update SVN (with complete source files, not patches). Angus
  23. You reported this rare bug by email, and it was fixed in SVN and the overnight zip last week. The counter was only used as a simple flag so was changed to boolean. Angus
  24. Angus Robertson

    SVN server updated

    Apologies if anyone has been having trouble accessing the ICS SVN over the last week, I've retired the 12 year old VM it was running on and now installed SVN on a new hosted Windows Server 2019, not trivial since I'd forgotten how we set it up all those years ago and I've avoided messing with it so as not to break it. But SVN is now running on a modern version of Apache supporting SSL and running on ports 80, 443 and 8443 (the old one), so you can access http://svn.overbyte.be/svn/ or https://svn.overbyte.be/svn/ as well as the old URL, or svn://svn.overbyte.be/ which is unchanged. That last server took a long time to set-up because I thought it was part of Apache but turns out to be a little SvnServe program that had been running for 12 years without me noticing. SVN is now also available on IPv6, but that is transparent and handled by DNS. I believe the Apache SSL configuration is correct, but it also serves svn.magsys.co.uk with a separate certificate and sometimes gets confused about which to send. Please shout if SVN does not behave as expected. Angus
  25. Angus Robertson

    SVN server updated

    Sorry, the internet hosting centre has been suffering a series of DDOS attacks since the weekend, usually only half an hour at a time before they block it, please just keep trying. The servers themselves are fine, I can access them using my internet connection directly to the hosting centre. Angus
×