-
Content Count
1625 -
Joined
-
Last visited
-
Days Won
30
Everything posted by Angus Robertson
-
ICS V9.1 announced
Angus Robertson replied to Angus Robertson's topic in ICS - Internet Component Suite
There is a clever improvement in the GetIt ICS installation process, thanks Embarcadero. After the packages have been built and installed, the ICS demos-delphi-vcl project group opens in the IDE, allowing all the samples to be viewed and built, recommend saving the group as a favourite so it can be easily found. The group opens with the OverbyteIcsSnippets project, that provides one button examples of HTTP and FTP multiple file downloading and uploading, HTTP REST requests, Websocket client, TCP socket traffic, and sending email using Mail Queue. Angus -
ICS V9.1 has been released at: https://wiki.overbyte.eu/wiki/index.php/ICS_Download ICS is a free internet component library for Delphi 7, 2006 to 2010, XE to XE8, 10, 10.1, 10.2, 10.3, 10.4, 11 and 12 and C++ Builder 10.4, 11 and 12. ICS supports VCL and FMX, Win32, Win64 and MacOS 32-bit targets. Beware Mac OS-X and C++ have not been tested recently due to lack of support from such users. The distribution zip includes the latest OpenSSL 3.0.13. 3.1.5 and 3.2.1, for Win32 and Win64. The highlights of V9.1 were posted in this topic two weeks ago, and are included in the download page. The full release notes for V9.1 are at https://wiki.overbyte.eu/wiki/index.php/ICS_V9.1 There is also a new page https://wiki.overbyte.eu/wiki/index.php/Updating_projects_to_V9.1 to help with migrating existing projects. The main ICS readme9.txt has the installation section rewritten to explain the new common groups and packages used for Delphi 10.4 and later, so you won't find any dedicated ICS packages for Delphi 11 or 12. The readme now also explains all defines in the .\Source\Include\OverbyteIcsDefs.inc file that control how OpenSSL is loaded. All ICS active samples are available as prebuilt executables, to allow ease of testing without needing to install ICS and build them all. There are four separate zip files split into clients, servers, tools and miscellaneous samples which can be downloaded from https://wiki.overbyte.eu/wiki/index.php/ICS_Samples Angus
-
ICS V9.1 announced
Angus Robertson replied to Angus Robertson's topic in ICS - Internet Component Suite
ICS V9.1 is now available to install from GetIt for Delphi 11 and 12, either VCL only or VCL and FMX. Start with the samples at C:\Users\(user)\Documents\Embarcadero\Studio\23.0\CatalogRepository\ Angus -
ICS V9.1 announced
Angus Robertson replied to Angus Robertson's topic in ICS - Internet Component Suite
Thanks, if you retain your old Defs file, ICS should behave as before, although I changed all the samples and my own applications so not sure when I last tested that... Angus -
ICS9 - Help creating procedure to send HTML Emails
Angus Robertson replied to joceravolo's topic in ICS - Internet Component Suite
The TIcsMailQueue component is designed for exactly your requirement, you queue an HTML identically to your existing code, call the QueueMail method, and then let the component worry about delivering the email, in the background. You can queue hundreds of emails. Before queuing anything, you setup one or more SMTP servers, the background thread will then attempt to send queued emails to each of those servers multiple times over many hours until it is sent successfully, remove it from the queue and delete or archive the email. The sample has a window you can steal that shows queued emails, when they will be next attempted, and allows them to be deleted if never going to get delivered. Angus -
AUTH TLS fails every time!
Angus Robertson replied to Graphic Equaliser's topic in ICS - Internet Component Suite
FileZilla Client has very poor certificate validation, it should check the certificate chain and accept it, instead it presents that horrible window. Does the same with my own FTP server. Angus -
AUTH TLS fails every time!
Angus Robertson replied to Graphic Equaliser's topic in ICS - Internet Component Suite
You will find the OverbyteIcsXferTst sample easier to use, I was using the TIcsFtpMulti component for my tests. There is really nothing you can do for these errors, it's down to the server, firewalls and configuration. They need to tell you why connections fail. Or does the server work with FileZilla Client, perhaps there is something clever going on. Angus -
AUTH TLS fails every time!
Angus Robertson replied to Graphic Equaliser's topic in ICS - Internet Component Suite
I've reproduced a 425 FTP error after updating my FileZilla server to the latest on one of my public servers, and updating the Windows Firewall rules which FileZilla ignores (I have Delphi firewall functions that my servers use). I can access FileZilla fine from the public server, but not remotely, although my error is slightly different: 425 Unable to build data connection: EINVAL - Invalid argument passed So this is all done to firewall port ranges, not sure yet if Windows Firewall or the external pfSense firewall, need to investigate. Is your FileZilla server behind a firewall. Update: FileZilla is complaining: [Error] Data peer IP [217.146.115.82] differs from control peer IP [217.146.115.84]: this shouldn't happen, aborting the data connection. I have multiple outgoing IP addresses, and it does not like this. Update 2: After adding a router rule, I've got past the IP address error and the data connection now works. You really need the FileZilla log message for the 425 error to understand it. > PASV < 227 Entering Passive Mode (217,146,102,143,82,34) ! Passive connection requested to: 217.146.102.143:21026, control channel: 217.146.102.143 > MLSD < 150 About to start data transfer. ! SSL Connected OK with TLSv1.3, cipher TLS_AES_256_GCM_SHA384, encryption AESGCM(256), message auth AEAD Connected OK Again < 226 Operation successful ! Data Session closed ! Local File Stream Closed ! 245bytes received/sent in 31 milliseconds Angus -
AUTH TLS fails every time!
Angus Robertson replied to Graphic Equaliser's topic in ICS - Internet Component Suite
The 425 error from the server suggests it does not like the SSL/TLS connection, and yet we think it was okay, and it accepted the AUTH connection earlier. Nothing wrong with the commands being sent. SSL/TLS can be strange like that. BTW, I updated that old compiled demo today with a new version, although unlikely to behave any differently. Angus -
AUTH TLS fails every time!
Angus Robertson replied to Graphic Equaliser's topic in ICS - Internet Component Suite
So now you are using a recent ICS version with OpenSSL 3, since you are connecting with TLSv1.3? But you are probably using the old TSslFtpClient low level component that requires you to send to the correct FTP command in the correct order. As the error message suggests, you have not sent the PROT command with Protlevel=P. If you use the TIcsFtpMulti high level component instead, this is all done for you, see the sample OverbyteIcsXferTst. Or if you want a simpler sample, build OverbyteIcsSnippets and click the FTP Download One File button, the code is in a single function. Angus -
AUTH TLS fails every time!
Angus Robertson replied to Graphic Equaliser's topic in ICS - Internet Component Suite
ICS V9.,1 does not support old versions of OpenSSL and will never attempt to open them, I assume you've modified the source code in an attempt to do so. Did you attempt to connect to our server with your original application that failed with Filezillar server? Angus -
ICS9 - Help creating procedure to send HTML Emails
Angus Robertson replied to joceravolo's topic in ICS - Internet Component Suite
It is much easier and safer to use the TIcsMailQueue component, so email is sent even if the mail server is not immediately available. Look at the OverbyteIcsMailQuTst sample, or one of the server samples like OverbyteIcsSslMultiWebServ that also use mailqueue to call home when in trouble, Angus -
How to convert JWK to PEM format in Delphi?
Angus Robertson replied to steve faleiro's topic in General Help
Look at the OverbyteIcsJoseTst sample which has a button that decodes your JWK using the function I mentioned, and displays it raw, while the OverbyteIcsPemTools sample does certificate and key conversions. ICS V9.1 has a new TX509Base method X509PubKeyTB that returns the public key in DER that can be used to compare with another public key or converted to Base64 which is PEM. Angus -
How to convert JWK to PEM format in Delphi?
Angus Robertson replied to steve faleiro's topic in General Help
ICS has various Jose and PEM functions that will read and create Json Web Keys. IcsJoseJWKGetPKey reads the Json text and saves the key as type TX509Base. TX509Base has methods to save certificates, private and public keys in numerous formats. What do you want to do with the public key? This may be better discussed in the ICS support forum . Angus -
If you are attempting to locate COM ports on Windows, I suggest you use the Magenta Serial Port Detection Component from https://www.magsys.co.uk/delphi/maghardware.asp It has an event that triggers as ports arrive and disappear. It returns an array with information about each port, and whether enabled or hidden: COM1, Enabled=Y, Communications Port (COM1), (Standard port types), Serial0, ACPI\VEN_PNP&DEV_0501, COM2, Enabled=Y, PCIe to High Speed Serial Port (COM2), ASIX Electronics Corporation, StnSerial0, MCS9950MF\STN_CASCADE_COM, COM3, Enabled=Y, PCIe to High Speed Serial Port (COM3), ASIX Electronics Corporation, StnSerial1, MCS9950MF\STN_CASCADE_COM, COM4, Enabled=Y, Prolific USB-to-Serial Comm Port (COM4), Prolific, ProlificSerial0, USB\VID_067B&PID_2303&REV_0400, Port_#0004.Hub_#0007 COM5, Enabled=Y, Prolific USB-to-Serial Comm Port (COM5), Prolific, ProlificSerial1, USB\VID_067B&PID_2303&REV_0400, Port_#0001.Hub_#0007 COM6, Enabled=Y, Conexant USB CX93010 ACF Modem, Conexant, USBSER000, USB\VID_0572&PID_1329&REV_0100, Port_#0007.Hub_#0001 COM7, Enabled=Y, USB Serial Device (COM7), Microsoft, USBSER000, USB\VID_1546&PID_01A8&REV_0201, Port_#0002.Hub_#0007 Angus
-
AUTH TLS fails every time!
Angus Robertson replied to Graphic Equaliser's topic in ICS - Internet Component Suite
Works for me, using OpenSSL v3, also connects with TLSv1.3. Can not test with old versions of OpenSSL, ICS does not work with them any longer. 19:01:16:550 Connect/Logon to FTP Server: ns130.askia.com:5022 19:01:16:591 < 220-FileZilla Server 1.8.1 19:01:16:591 < 220 Please visit https://filezilla-project.org/ 19:01:16:591 FTP Control Session Connected OK to: 85.13.217.130:5022 19:01:16:611 > AUTH SSL 19:01:16:641 < 234 Using authentication type TLS. 19:01:16:722 ! SSL Connected OK with TLSv1.2, cipher ECDHE-RSA-AES256-GCM-SHA384, key auth RSA, key exchange ECDH, encryption AESGCM(256), message auth AEAD 19:01:16:722 Connected OK Again Try connecting to the ICS FTP server on ics.ftptest.org. It may log something useful. Angus -
AUTH TLS fails every time!
Angus Robertson replied to Graphic Equaliser's topic in ICS - Internet Component Suite
ICS checks the OpenSSL version on start-up and fails if it does not support the version found, so he could not use 1.0.2 if ICS did not support it. The 2008 date might be wrong since that comes from a file resource, and ICS does not set any versions or dates in file resources, or if it does I've not updated them in 15 years. Date and versions are important in our applications, but not packages. Angus -
AUTH TLS fails every time!
Angus Robertson replied to Graphic Equaliser's topic in ICS - Internet Component Suite
He is not using 0.9.8 but 1.0.2zg, although is not a version we ever supported (it's a privately supported version). The last public release was 1.0.2u. All versions of 1.0.2 support TLS/1,2 and modern ciphers so should work with all servers today. Angus -
AUTH TLS fails every time!
Angus Robertson replied to Graphic Equaliser's topic in ICS - Internet Component Suite
You've already said all that, but that is not an OpenSSL error message, and the file description of a package file is not an ICS version number. A package created in 2008 would have been ICS V7, long obsolete, numerous SSL/TLS improvements since then. Angus -
AUTH TLS fails every time!
Angus Robertson replied to Graphic Equaliser's topic in ICS - Internet Component Suite
The cipher list is highly unlikely to be causing your connection failure, unless the server is actually reporting cipher errors, such as: version too low, no shared cipher, unsupported protocol, wrong SSL version, bad key share, which are errors from one of my ICS servers this morning, probably hackers. You really need to get the real handshake error, but I can not help since you have not explained what ICS version from what date you are using, from the FTP unit. Angus -
Could not load OpenSSL library.
Angus Robertson replied to JustinCase's topic in Network, Cloud and Web
OpenSSL "1.0.2zi" is not a free public release, it is only available to organisations that pay OpenSSL for premium level support, which costs $50,000 per year. I'd guess there is a support contract involved that prevents such software being distributed outside those organisations. So it should not be published. Angus -
AUTH TLS fails every time!
Angus Robertson replied to Graphic Equaliser's topic in ICS - Internet Component Suite
For clients, it is easier to allow all supported ciphers to be used, and let the server select the best cipher, if you want a connection. Only worry about cipher lists if the server uses poor ciphers by default, which is rare. Angus -
AUTH TLS fails every time!
Angus Robertson replied to Graphic Equaliser's topic in ICS - Internet Component Suite
Sorry, we really can not support very old ICS versions, you don't give the ICS version, but OpenSSL 1.0.2 has not been supported for a few years. If you report a better handshake error, as later ICS versions do, you might get more information about the error. It might simply be an expired SSL certificate. Or 100 other things. Angus -
ICS V9.1 Highlights
Angus Robertson replied to Angus Robertson's topic in ICS - Internet Component Suite
That is an old URL for the same server, it still works but https://svn.overbyte.be/svn/icsv9/ is preferred (or http) and it takes you to the correct repository, there are now several. The strange 8433 port was 15 years ago before I got a dedicated rack server with lots of IPv4 addresses. Angus -
ICS V9.1 is almost ready for release. Although there are no new components, there are many other SSL/TLS changes that will affect existing applications, but make ICS easier to use and support for the future. Before the final release in a week or two, I'd appreciate some feedback from user installing V9.1 using the new packages, and update one or more old SSL/TLS applications, it may help future users if I can improve the documentation. Please read readme9.txt and these note about V9.1 carefully when upgrading existing applications, you may get build errors that need minor code changes. But new applications should need be easier to create. 1 - Delphi 10.4 and later now use the same install groups and packages, IcsInstallFmx, IcsInstallVcl and IcsInstallVclFmx, making support a lot easier. Version specific groups remain for Delphi 10.3 and earlier, with new groups D(X)InstallVcl for VCL only replacing the old OverbyteIcs(X) groups, again to simplify support. 2 - The old samples directory has gone and many of the older and little used samples have been archived to a separate download. The active samples used to test and demonstrate all ICS components are now split into the following paths, in the ICS root directory: demos-delphi-vcl - 45 VCL samples for Windows. demos-delphi-extra - four VCL samples that need third party components to build. demos-delphi-fmx - seven FMX samples for Windows, not yet tested on MacOS. demos-cpp-vcl - all old C++ samples that have not been tested for 10 years, need help. demos-data - data files for samples, such as web pages. All these samples can now be built for Win32 and Win64 platforms. 3 - To ease development, linking and future support, some new units have been added by splitting existing units with multiple components, unfortunately this means many existing projects will need one or more of the new units adding to their uses section. Apologies for the pain, but this should have been done a long time ago. The main change is splitting out much of the SSL/TLS related code from the massive OverbyteIcsWSocket unit to a new unit OverbyteIcsSslBase. 4 - Distribution of the ICS OpenSSL files has changed. Earlier ICS versions required the OpenSSL DLLs to be distributed with applications, and a root CA bundle file to verify SSL/TLS connections, and these needed to be loaded using code. There was little standardisation over where the OpenSSL DLLs were located, applications tended to keep their own copies alongside other executables, leading to multiple DLL copies and needing the public variable GSSL_DLL_DIR set to a specific directory before OpenSSL was loaded. Likewise, root CA bundle directories had to be distributed with applications and loaded with code. ICS V9.1 allows five different ways of loading OpenSSL: 1 - DLLs linked into application as resource files 2 - DLLs loaded from common directory C:\ProgramData\ICS-OpenSSL\ 3 - OpenSSL DCU linked into application using commercial YuOpenSSL 4 - DLLs loaded from location specified in public variable GSSL_DLL_DIR 5 - DLLs loaded according to path, may be found anywhere on PC Which method ICS uses to load OpenSSL depends upon several defines in the .\Source\Include\OverbyteIcsDefs.inc file, please see the readme9.txt file for details. ICS currently includes resource files for three different OpenSSL releases, 3.0`13. 3.1.5 and 3.2.1, which version is linked is controlled by a define. If the OpenSSL DLLs are linked into the application, they are extracted to a version subdirectory, ie C:\ProgramData\ICS-OpenSSL\3012\ so different applications can use different OpenSSL versions. This happens only once if the files have not already been extracted. When updating existing projects without using any new defines, the ICS old behaviour of methods 3, 4 and 5 above remain with no changes needed. 5 - A common IcsSslRootCAStore component is now created at application start-up, to avoid different components needing their own CA stores to verify SSL/TLS certificates, and for applications to load those stores. The three different CA stores included with ICS are now supplied as resource files, with a define determining which is linked into applications. Another define causes OpenSSL and this store to be loaded at application startup, so OpenSSL is available for all components, without it needing to be loaded again, perhaps repeatedly. Without new defines, a CA Store can be loaded manually into IcsSslRootCAStore. The ICS servers use CA Stores now use IcsSslRootCAStore and no longer load any files specified. 6 - All SSL/TLS servers need a certificate and private key to start, even when testing. Previously ICS supplied some self signed certificates for testing, and also created such certificates automatically if they were missing or if the server was about to order a Let's Encrypt certificate. Accessing such servers for testing using browsers raised various warnings. ICS now has it's own SSL root certificate 'ICS Root CA' and two intermediates, 'ICS Intermediate' and 'ICS Intermediate Short', the last of which includes a private key so can be used to automatically sign new certificates by ICS server applications, rather than just self signed certificates as before. If the 'ICS Root CA' certificate is installed in the Window Store and browser stores, it should stop certificate warnings appearing. ICS applications automatically trust the ICS root, so will give no warnings. The short intermediate has a maximum 100 day expiry, so new versions will be issued regularly. There is a single function CreateSelfSignCertEx that created signed certificates, and another IcsInstallIcsRoot that installs the ICS root into the Windows Store, so easy to use. It is possible to replace the ICS root with your own private root certificate and have servers create their own certificates against that root, for internal networks. 7 - The TSslHttpRest component now allows TRestParams to be created as content type 'Form-Data Body' to create MIME multipart/form-data parameters that may include new TParamType of RPTypeFile that specifies a file name whose binary content will be added to the parameters as a file upload, allowing multiple files and extra parameters. TRestParams are now built into a TStream rather than a string to allow larger parameter sizes, tested up to 8GB. The ICS web server samples have improved MIME decoding to accept massive uploads. 8 - Several client and server components have a new property NoSSL which if set will prevent those components using SSL/TLS for HTTPS or FTPS, even if the application is linked with OpenSSL code. Beware the IcsSslRootCAStore component must not be initialised by the application. 9 - Updating projects to V9.1: Applications that have TSslContext on a form will need to be opened so the new unit OverbyteIcsSslBase is automatically added to the users clause. Units that reference TX509Base or TX509List mostly for the OnSslHandshakeDone event, may need OverbyteIcsSslBase adding manually if they don't also have TSslContext. The other new units are OverbyteIcsHtmlUtils (for TextToHtmlText, IcsHtmlValuesToUnicode, IcsFindHtmlCharset, IcsFindHtmlCodepage, IcsContentCodepage and IcsHtmlToStr), OverbyteIcsDnsHttps (for TDnsQueryHttp and IcsDomNameCacheHttps) and OverbyteIcsSslUtils (for TOcspHttp). Applications that use IcsExtractURLEncodedValue, ExtractURLEncodedParamList or GetCookieValue may need OverbyteIcsUrl adding to projects. When updating projects using a TSslContext component, setting the new property UseSharedCAStore to True causes the properties CAFile, CALines and CAPath to be ignored, and the new IcsSslRootCAStore component will be used instead, being automatically initialised if not done at program start-up. Don't use UseSharedCAStore for server components. High level ICS components such as TSslHttpRest that have an internal TSslContext component all set UseSharedCAStore and ignore properties like SslRootFile to load a root CA bundle. If a specific bundle is required, it may be loaded to IcsSslRootCAStore. With V9,1, the global variables GSSLEAY_DLL_IgnoreNew and GSSLEAY_DLL_IgnoreOld are ignored since only different minor versions of OpenSSL 3 are supported. V9.1 can be downloaded from SVN at https://svn.overbyte.be/svn/icsv9/ or the overnight zip at https://wiki.overbyte.eu/wiki/index.php/ICS_Download Angus