Jump to content

Angus Robertson

Members
 View Profile  See their activity

  • Content Count

    2063

  • Joined

  • Last visited

  • Days Won

    38

Posts posted by Angus Robertson

  1. Posted · Edited by Angus Robertson

    It seems six (or more) EC_Group functions were deprecated in OpenSSL 3, and some builds exclude deprecated functions. 

     

    In OverbyteIcsLIBEAY.pas, suppress four lines in the table with @@EC_GROUP_set_curve_GF , @@EC_GROUP_new and EC_GROUP_clear_free and change the array size to [0..841], that will stop these four exports loading.  If you get new names appearing in the exception, do the same thing.  ICS now only uses EC_GROUP_get_curve_name, not the dozens of others we load.  

     

    I agree only loading those exports we use would be ideal, but working out which of those 842 are not used is not trivial, and many are there for future use, or use by end user applications.  

     

    Angus

     

  2. Posted

    That exception happens when ICS attempts to load all the OpenSSL exports, it would appear the OpenSSL version is missing certain EC_GROUP exports that are available in the standard 3.0 library.   Unfortunately, the screen short truncates the error list, there may be lots more missing.  They may be logged, can not recall if that sample has a log. 

     

    Not sure if ICS uses EC_GROUPs, if not we can simply avoid loading them and the problem goes away.  I've done that before.  

     

    I guess I need to build a Hyper-V RedHat VM to test in my copious spare time, the issue is what other important stuff do I ignore to do that?

     

    Angus

     

  3. Posted

    I fixed all the Linux resource file build issues and wincrypt problems two months ago, and built the Linux test package yesterday with V9.3 without errors, so it sounds like your version is V9.2, try the final release. 

     

    Provided your Linux project does not include TWSocket, it should work.  Try building the new IcsPemTest FMX sample on Red Hat provided it has OpenSSL 3 libraries in the same path as Ubuntu.  I will install Red Hat at some point, but only once most of ICS is working on Ubuntu.  

     

    My testing showed putting TWSocket on a Linux format prevented that form appearing in Linux, some library function it brings in that just stops apps running, which is why I created the new

    IcsPemTest sample so at least something would run.

     

    Angus

     

  4. Posted

    I'm not clear which ICS version you are using, only V9.3 released yesterday builds for Linux with SSL, but only utility functions work, like creating and reading SSL/TLS certificates.  I've only tested against Ubuntu 22.04, not Red Hat. 

     

    ICS does not yet support TWSocket for Linux, so no protocols will work.  A new cross platform message pump supporting Windows and Linus has been written, but has not yet been added to ICS V9, probably within the next six months.  I'm planning to make this conditional, so Windows applications can use the existing or new message pumps. 

     

    Previously ICS had a second message pump that was only supported MacOS, not Windows, which I've just removed ready for the new pump.  Another ICS user tried to make the MacOS pump work under Linux, but I never managed to build ICS with the changes he submitted.     

     

    Angus

     

  5. Posted

    ICS V9.3 has been released at: https://wiki.overbyte.eu/wiki/index.php/ICS_Download

     

    ICS is a free internet component library for Delphi 7, 2006 to 2010, XE to XE8, 10, 10.1, 10.2, 10.3, 10.4, 11 and 12 and C++ Builder 10.4, 11 and 12. ICS supports VCL and FMX, Win32 and Win64 targets. Beware C++ have not been tested recently due to lack of support from such users.

     

    The distribution zip includes the latest OpenSSL 3.0.15, 3.2.3 and 3.3.2, for Win32 and Win64.

     

    Changes in ICS V9.3 include:

     

    1 - V9.3 continues the simplification of use of ICS components by consolidating many types and constants into the OverbyteIcsTypes unit, avoiding projects needing to find and add specific units before they will build.  For XE2 and later, OverbyteIcsTypes and OverbyteIcsSslBase will be added automatically when components needing them are dropped on a form, or that form accessed for existing projects.  One benefit of this change is removing dependence on several units for many components and applications, it should be possible to remove OverbyteIcsWinsock, OverbyteIcsLIBEAY, OverbyteIcsSSLEAY and OverbyteIcsLogger from most applications, and also other units. See https://wiki.overbyte.eu/wiki/index.php?title=Updating_projects_to_V9.3 for more information.

     

    2 - Previously, the Windows Certificate Store was supported on Windows for all components and samples, despite it not always being required.  There are three new defines {$DEFINE MSCRYPT_Clients}, {$DEFINE MSCRYPT_Servers} and {$DEFINE MSCRYPT_Tools) that determine which components can use the store, at least one must be set or applications that need the store will fail. Although these new defines all default to enabled in the OverbyteIcsDefs.inc supplied with V9.3 and later, unless this file is installed, Windows Certificate Store will be unavailable.  These defines are disabled for non-Windows platforms and for C++ Builder which has bugs.

     

    3 - Added new application independent monitoring, comprising a client component and server sample.  The ICS Application Monitor TIcsAppMonCli client component is designed to report to an ICS Application Monitor server, which will ensure the main application remains running.  The ICS Application Monitor server IcsAppMon.exe is designed to monitor ICS applications using the TIcsAppMonCli client component, and ensure they remain running, restarting the application if it stops or becomes non-responsive, or on demand. Primarily to keep ICS server Windows services running non-stop, but may also be used for network wide monitoring of ICS applications. Client and server both use the TIcsIpStrmLog component with a simple TCP protocol.  More information at https://wiki.overbyte.eu/wiki/index.php?title=FAQ_ICS_Application_Monitoring

     

    4 - The HTTP client components TSslHttpCli and TSslHttpRest have new RespMimeType and RespCharset response properties parsed from the Content-Type header to avoid applications needing to parse this headers.  Fixed a problem in V9.2 where a missing / was added to the start of the request path, but was not needed for absolute paths used for proxies.

     

    5 - The TIcsIpStrmLog streaming log component has improvements for TCP Server mode when multiple remote clients connect.  Previously the same data was sent to all remote clients (the original concept being remote logging), but now applications can send data to specific remote clients, and more easily check which remote client is receiving data.  This change means TIcsIpStrmLog can be used as the core of many TCP servers with different protocols, such as the new IcsAppMon sample, see above.

     

    6 - The TSslHttpRest and component has a new way for applications to check SSL certificate chains themselves, ignoring OpenSSL bundle checks, usually for self signed private certificates, maybe checking certificate serials, names or public key. If LogSslVerMethod = logSslVerOwnEvent, a new event OnSslCertVerifyEvent is called so the application can check the chain and change the verify result appropriately.

     

    7 - Improved the ability to customise SSL ciphers if the ICS defaults need to be changed.  TSslContext and TIcsHosts have three properties, SslCipherList for TLSv12 ciphers, SslCipherList13 for TLSv13 ciphers, and SslCryptoGroups sets the cipher curve groups allowed (like P-256 or X25519).  Beware old SslContexts may include group P-512 which must be corrected to T-521.  SSL handshake responses now show the curve group used for OpenSSL 3.2 and later.  The OverbyteIcsHttpsTst client sample may be used to test the new cipher options, and they will be read from IcsHosts INI files for servers.

     

    8 - Added a new web server sample OverbyteIcsBasicWebServer1.dpr which is a simplified version of OverbyteIcsSslMultiWebServ ignoring configuration INI files, security features, session data, most demo pages and most logging, and settings for localhost set in code, search for IcsHosts to change IP addresses, etc. This sample should be easier to use as a basis for new web server applications.  The existing samples OverbyteIcsSslMultiWebServ and OverbyteIcsDDWebService have a new index.html template page, and default to localhost 127.0.0.1 with an internal localhost SSL certificate, so should always response to https://localhost/ without any INI file changes.

     

    9 - Fixed an HTTP web server problem in V9.2 to avoid repeated redirection for virtual default page /, was adding /// etc.

     

    10 - Updated OpenSSL binary and resource files to releases 3.3.2, 3.2.3 and 3.0.15, only one of which will be linked according to defines.

     

    11 - Restored the sample OverbyteIcsConHttp.dpr which is a console example, now supports SSL by replacing THttpCli with TSslHttpRest, no longer needs any events or a message loop for a single sync request, so a less code than without SSL. Now contacts https://wiki.overbyte.eu/wiki.

     

    12 - A lot of changes have been made preparing ICS for Linux.  Corrected loading OpenSSL on Posix, now loads the system supplied OpenSSL 3 DLLs on Ubuntu 22.04.  The Linux package now builds correctly, but beware WSocket is not yet supported on Linux so no protocols will work.  There is a new IcsPemTest FMX sample that works on Ubuntu 22.04 and which will create ICS signed SSL certificates.  Note, MacOS support is disabled pending the new Posix implementation.

     

    The release notes for V9.3 are at https://wiki.overbyte.eu/wiki/index.php/ICS_V9.3


    All ICS active samples are available as prebuilt executables, to allow ease of testing without needing to install ICS and build them all. There are four separate zip files split into clients, servers, tools and miscellaneous samples which can be downloaded from https://wiki.overbyte.eu/wiki/index.php/ICS_Samples

     

     

    • Like 3
    • Thanks 2

  6. Posted

    I've just tested the OverbyteIcsSslMailSnd sample in V9,3 and it's sending content and attached files as expected with the correct encoding headings. 

     

    But it is not attempting to send HTML emails.

     

    BTW, the component expects String content and will convert to whatever encoding is specified, no idea what will happen if you encode UTF8 and it then encodes it again. 

     

    Angus

     

     

    Angus

     

  8. Posted

    There is a new ICS sample OverbyteIcsBasicWebServer.dpr in SVN, will be zipped overnight, which is a simplified version of OverbyteIcsSslMultiWebServ ignoring configuration INI files, security features, session data, most demo pages and most logging, and settings for localhost set in code, search for IcsHosts to change IP addresses, etc.

     

    But this sample will be a much easier starting point for those developing web or Websocket servers with ICS.  I'm going to copy most of the code into another new ICS sample that needs a Websocket server.  

     

    Angus

     

     

  9. Posted

    WMI is about LAN computers with NetBIOS, you don't usually use IP addresses to connect to remote servers, but computer names.   For the local computer, use a blank name and credentials, but you might need admin rights for some WMI classes. 

     

    The ICS component library has a WMI unit that does all this for you, and an EXE sample, it displays the Win32_printer class, but I suspect getting the queue is complicated.

     

    Angus

     

  10. Posted

    Thanks, fixed the erroneous $ifend.  I still have customer applications using D2007, so would have found it soon. 

     

    The ICS distribution only includes OpenSSL DLLs in C:\ProgramData\ICS-OpenSSL\  which are always the latest version, when you build the packages a batch command file runs that copies them from the install directory to ProgramData, so I guess that failed in your case. 

     

    The DLLs in version directories were extracted from the resource files, and need to be version specific since different ICS applications may be using different OpenSSL versions. 

     

    No idea why Windows Security gave you a warning, no-one else has mentioned that in eight months since ICS has used OpenSSL resource files.

     

    Angus

     

     

  11. Posted

    If you really mean the websocket protocol and not HTTP, there are no header or bodies or protocol, once a websocket is open there is simply a two way TCP stream, and you can send what you like. 

     

    That stream arrives at the server in the ClientWSFrameRcvdEvent as a string packet and TWebSocketReceivedFrame to tell what typer of data is arriving (text, binary, or closing), it's up to the developer to decide how to interpret that data.

     

    Angus

     

  17. Posted

    Quote

    I got compilation errors, not in the declaration but when using the TObjectList descendent. 

    I only updated two ICS components derived from TList, not TObjectList with NativeInt, by creating a new {$DEFINE TListNatInt} for 12.2 and later, and then using conditional code, tested in 1.2 and 11.3, TObjectList may need a different approach. 

     

    Angus

     

  19. Posted

    Assuming the warning relates to TList,Items[Index] changing from Integer to NativeInt, I created alternative versions of the SetItem and GetItem functions with NativeInt.

     

    Our library needs to support older versions like 12.1 without warnings so DEFINES for 12.2 and later complicate it, you can probably just change a few Integers to NativeInt.

     

    Angus

    • Like 1

  22. Posted · Edited by Angus Robertson

    The OverbyteIcsSslMultiWebServ sample serves both web and websocket pages, since all websocket requests start with an HTTP request to port 80/443.

     

    But you can remove all the code relating to creating web pages from the sample, the OverbyteIcsSslMultiWebxx units, etc, leaving just the default page and websocket handlers ClientWSxx and WSxx which do the websocket events. 

     

    I will look at a new simple web server sample, similar to the client snippet samples, but unlikely to be ready for the next release. 

     

    Angus

     

    • Thanks 1

  23. Posted

    Quote

    It would be nice to have a benchmark between esegece HTTP/2 vs ICS HTTP 1.1.

    I would expect the difference downloading a 100M file to a tiny percentage difference, likewise making 100 sequential short 1M requests, or 1,000 sequential API JSON requests.

     

    http/2/3 might be faster if you are doing 20 parallel API requests, if the application supports that. 

     

    I added a Websocket API interface to one of my servers recently to allow thousands of requests on the open socket, I tested 50/sec, but my customers were using scripts that only managed two WS requests a second.

     

    What specific application do you need http/3 for?

     

    Angus

     

  24. Posted

    I looked at MSQuic when it came out with a view to supporting it for ICS.  For Linux, MSQuic uses a forked OpenSSL version, but SChannel for Windows.  So MSQuic requires the latest Windows OS. 

     

    From a Delphi perspective, MSQuic does not include HTTP/2 or HTTP/3 protocol support, and I'm not aware of any Delphi native implementations of either, only the nghttp2 DLL solution, and external DLLs are less than ideal for Delphi applications.

     

    I'd like to write a Delphi HTTP/2 implementation for ICS, but it really needs to be sponsored.  I can not justify the time myself, rather work on more useful projects. 

     

    To my knowledge, there are no functional benefits to HTTP/2 except performance with complex web applications with hundreds of elements on a page, and Delphi is not usually used for complex pages. 

     

    The OpenSSL committee declined to accept the complex QUIC fork and instead added QUIC in a different way, the client version is available now, the server version has just started alpha testing.  But without HTTP/2 for client and server, there seems little point in adding QUIC to ICS.

     

    Angus

     

     

    • Like 1
×