Angus Robertson

ICS has various components for SMTP mail, all with the latest SSL/TLS., free from  https://wiki.overbyte.eu/wiki/index.php/ICS_Download

Look at the OverbyteIcsMailQuTst sample which can now be downloaded pre-built.

Angus

ICS V9.0 has been released at: https://wiki.overbyte.eu/wiki/index.php/ICS_Download

ICS is a free internet component library for Delphi 7, 2006 to 2010, XE to XE8, 10 Seattle, 10.1 Berlin, 10.2 Tokyo, 10.3 Rio, 10.4 Sydney and 11 and C++ Builder 2006 to XE3, 10.2 Tokyo, 10.3 Rio, 10.4 Sydney and 11. ICS supports VCL and FMX, Win32, Win64 and MacOS 32-bit targets. The distribution zip includes the latest OpenSSL 3.1.2 win32, with other versions of OpenSSL being available from the download page.

ICS V9 is planned to be a long term support release with no new components or major features added, just bug fixes as needed, major changes will be for V10.  V9.0 has been tested with Delphi 7, but I had to make changes to several new components due to missing language features and TWebBrowser does not exist, so V9.0 will be the last tested with D7.  Delphi 2007 is easier to support for those building ANSI projects and will become the oldest version supported.

An overview of the new samples and components was posted in this group a few days ago, and is included in the download page.  

The full release notes for V9.0 are at https://wiki.overbyte.eu/wiki/index.php/ICS_V9.0

All ICS active samples are available as prebuilt executables, to allow ease of testing without needing to install ICS and build them all. There are four separate zip files split into clients, servers, tools and miscellaneous samples which can be downloaded from https://wiki.overbyte.eu/wiki/index.php/ICS_Samples

The Getting Started page at https://wiki.overbyte.eu/wiki/index.php/ICS_Getting_Started has also been updated with all the new components.

Angus

Thanks, fixed.

Angus

I bought a YubiKey 5 NFC recently to test, not spent much time with it yet, the documentation and tools are clear as mud, not managed to install an SSL certificate on it yet...

Angus

A little research showed Digicert was only supporting Safenet dongles. 

But at least the concept of allowing the end user to load the certificate into the dongle rather than shipping it removes that major obstacles for users outside major countries. 

Also surprised to find K-Software has updated it's web site for the first time in years, thought it was moribund, ignoring emails, etc.   But prices massively higher,  $313 for one year.  I paid $188 for three years which is now $657 for the same thing, some massive profiteering going on here.

Angus

Looking at the Digicert site, they offer:  

My own qualified hardware token - use the Code Signing certificate provisioning application to install your Code Signing certificate on your token.  'Qualified' might be a weasel word...

Also: DigiCert KeyLocker cloud HSM (USD $90.00 / year).  Seems there are more options around.

Angus

17 minutes ago, Kas Ob. said:

was there a UTF8String in Delphi 7

ICS defines Utf8String and Unicode string for old compilers.  We still support Delphi 2007 since I still support my own commercial applications using it, but I stopped using Delphi 7 15 years ago. 

The original poster is making life more complicated for himself by using old ICS components. 

ICS v9 has a new sample Snippets, with several examples of making REST requests, one of which is: 

SslHttpRest := TSslHttpRest.Create (self) ;
    try
        try
            SslHttpRest.RestParams.AddItem('username', myusername);  
            SslHttpRest.RestParams.PContent := PContUrlEncoded;      
            StatCode := SslHttpRest.RestRequest(httpGET, myurl, False, '');  // sync request, no extra parameters
            AddLogText ('HTTP Rest Request Response: ' + IntToStr(StatCode)) ;
            if StatCode = 200 then begin
                AddLogText (SslHttpRest.ResponseRaw);                  
                AddLogText ('Address: ' + SslHttpRest.ResponseJson.AsArray[0].S['address']);    
            end;
        except
            AddLogText ('HTTP Error - ' + IcsGetExceptMess (ExceptObject)) ;
        end ;
    finally
        FreeAndNil (SslHttpRest) ;
    end ;

You completely ignore SslContext, encoding, Json, input and output steams, in most circumstances.

There is a POST snippet, but it uploads a file.

Angus

ICS components could set the MultiThreaded property automatically, but the developer would still need to call IcsWndControl.ProcessMessages somewhere in the thread or the code would just stall, except in the simplest of applications.

Angus

Quote

SSL header always changes by goverment request, so SSL has to be re-re-re-initialized anyway. 

I was talking about loading the OpenSSL DLLs and initialising the environment, not making a request.   The SslContext should be initialised when the thread starts, once, I thought I made that clear before.

Your application is making no attempt to check you are actually communicating with the government servers, no certificate chain checking. 

SSL servers accept hundreds of requests a minute without needing to re-initialise anything. 

Angus

There are two fundamental misuses of ICS in the code snippets supplied.

1  - the code is said to be running in a thread, but the MultiThreaded property of TSslHttpCli is never set, so messages for the thread will be processed using Application.ProcessMessages in a different thread.

2 - More seriously, the ICS components are being created and perhaps destroyed for each HTTPS request made, which is probably the cause of the memory leak, and is also highly inefficient. 

Specifically, OpenSSL is being loaded automatically by the components when the SslContext is automatically iniitialised by the request starting, and perhaps being unloaded when the request ends.  The SslContext is designed as something to be shared by components, initialised once and then reused.  Or OpenSSL can be loaded once when the program starts, to allow use with multiple SslContexts, in servers for instance that use multiple certificates.  Many of the ICS samples show how to load OpenSSL early.

ICS v9 has various improvements relating to freeing and destroying components, particularly when exceptions happen during that process, to ensure that inherited destroys are still called and not skipped which can cause memory leaks.

Having said that, reports of memory leaks using ICS are very rare, and many ICS applications run for weeks or months without a problem.

Angus

Angus

ICS v9 is about to be released, see comments a week ago here,

Part of that release process is building ICS on Delphi 7 and I had to change several new components due to missing language features and components in Delphi 7.  I will not be doing that again, a waste of my time and potentially causing problems for newer compilers if I introduce new errors.

Angus

Current versions of OpenSSL do not work on Windows XP, nor is ICS supported on XP.

I would suggest you remove all the GUI interaction except to a log file, so you know if the problem is ICS or the GUI.

Angus

Delphi 7 is end of life, ICS support has now ceased, I won't be running it up again now ICS v9 has been tested on it.

Also, running TSslHttpRest in a thread is not tested heavily (or atall), being async you can download hundreds of files in parallel in the main thread.  

Angus

OK, seems easy enough, I'll add another TOAOption of OAopAuthBasic and check that in GrantAuthToken to set up basic authentication with the client id and secret.

Perhaps you can confirm the endpoint is content to ignore the client stuff as being part of the parameters, safer not to remove them. 

I'll send you a unit to test next week, but it's missed the next ICS release.

Angus

Unusual, what login data is the required to get the token, something unrelated to OAuth2? 

If you want this incorporated in the component, I'd need an end point and account to test it.  Which grant_type are you using?

Otherwise you could derive your own version of the component and override the method you are using with your own. 

Angus

I always download and install from an ISO image, and mostly write that image to a DVD as well for posterity and repeat installs.  Still got a lot of original CDs from Delphi 1 onwards, and the printed manuals.

Angus

A variation on invite only could be requiring an existing member as sponsor. 

Angus

You can always override the procedure with your own version omitting the MagWait function completely, as some other ICS units do, see TIcsHttpMulti.DoRequestSync in OverbyteIcsHttpMulti.pas,

Angus

Full release notes for V9.0 will follow next week, meanwhile these are the main changes:

New samples

Samples/Delphi/SslInternet/OverbyteIcsSnippets.dpr - Small samples of codes for FTP, HTTP, sockets and email.

Samples/Delphi/OtherDemos/OverbyteIcsNetMon.dpr - Internet Packet Monitoring Components, display packets and traffic using Npcap and raw sockets.

Samples/Delphi/OtherDemos/OverbyteIcsNetTools.dpr - Network Tools Demo, uses all the main IP Helper functions, also TTIcsNeighbDevices, TIcsDomainNameCache, IcsDnsQueuy, TDnsQueryHttps, TIcsWhoisCli, TIcsIpChanges, TPing and TPingThread.

Samples/Delphi/PlatformDemos/IcsHttpRestTstFmx.dproj - FMX HTTPS REST and OAuth, Send SMS and DNS over HTTPS functions demo.

Samples/Delphi/PlatformDemos/IcsSslMultiWebServ.dproj - FMX Advanced multi host web server demo.

Samples/Delphi/SslInternet/OverbyteIcsMQTTst.dpr - MQ Telemetry Transport message queuing service. Note this sample needs the VirtualTree component to be installed.

Major sample updates for new components

Samples/Delphi/SslInternet/OverbyteIcsHttpRestTst1.dpr - Uses TSslWebSocketCli for WebSocket Client, New embedded TOAuthLoginForm window using TOAuthBrowser for OAuth2 logins. Select client SSL certificate from the Windows Certificate Store.

Samples/Delphi/SslInternet/OverbyteIcsSslMultiWebServ.dpr, OverbyteIcsDDWebService.dpr - Uses THttpWSSrvConn for WebSocket Server. IcsHosts can use server SSL certificate from the Windows Certificate Store. IcsHosts can now request a SSL certificate from the remote client. WebSocket server support. Uses TIcsDomainNameCache for multiple reverse DNS lookups.

Samples/Delphi/SslInternet/OverbyteIcsPemTool.dpr - Can now export an SSL certificate from the Windows Certificate Store with its private key.

Samples/delphi/OtherDemos/OverbyteIcsBatchDnsLookup.dpr - Uses TIcsDomainNameCache for multiple lookups.

Samples/Delphi/SslInternet/OverbyteIcsSslMailSnd.dpr, OverbyteIcsSslMailRcv.dpr, OverbyteIcsMailQuTst.dpr - New embedded TOAuthLoginForm window using TOAuthBrowser for OAuth2 logins.

Samples/delphi/OtherDemos/OverbyteIcsNsLookup.dpr - Uses single or multiple DNS servers, including built-in list of public servers, also sync requests.

New Components

TIcsDomainNameCache and TIcsDomNameCacheHttps - Cache forward and reverse DNS lookup requests, using several methods.

TIcsMonSocket - Internet monitoring using raw sockets.

TIcsMonPcap - Internet monitoring using Npcap NDIS driver.

TIcsIpChanges - Monitors IP address changes dynamically.

TIcsNeighbDevices - Builds historic LAN MAC device and IPv4 and IPv6 address table using ARP, neighbourhood and IP range scanning with reverse host lookup.

TOAuthBrowser - OAuth authentication browser window VCL/FMX form.

TSslWebSocketCli - WebSocket client protocol.

TIcsMQTTServer and TIcsMQTTClient - MQ Telemetry Transport message queuing service, client and server.

Major Component Upgrades

TDnsQuery - Add synchronous methods and more response properties. Check multiple DNS server hosts including public DNS lists.

TSslWSocketServer - IcsHosts can use server SSL certificate from the Windows Certificate Store. IcsHosts can now request a SSL certificate from the remote client.

TIcsFtpMulti - Send NOOP command periodically during multi hour transfers so connections are not closed accidentally.

New classes and Functions

THttpWSSrvConn - WebSocket server protocol.

Internet Helper Functions - Unit OverbyteIcsIpHlpApi.pas includes IpHlpConnsTable, IpHlpAdaptersInfo, IpHlpAdaptersAddr, IpHlpIpAddrTable, IpHlpIpNeighbTable, IpHlpIPForwardTable, IpHlpIpPathTable, IpHlpGetDnsServers, IpHlpIfTable2, IpHlpIPStatistics, IpHlpUDPStatistics and many other functions.

TIcsMonFilterClass - Filter network traffic on protocols or IP addresses.

TIcsTrafficClass - Maintains network traffic statistics by protocols and IP addresses.

Angus

Due to the large number of new components and changes, ICS V8.71 has been renamed to ICS V9.0 for final release.

All the source units have updated versions and copyrights, some unused units have gone. All the active samples (per readme9.txt) have also been updated with new versions and copyrights and there is a new ActiveDemos.groupproj group that allows them all to be built together.

ICS v9 is available from a new SVN repository https://svn.overbyte.be/svn/icsv9/ and also from the Zipped Daily Snapshot section of https://wiki.overbyte.eu/wiki/index.php/ICS_Download

The snapshot download URL is: https://wiki.overbyte.eu/arch/icsv9w.zip

The final release notes and updated wiki pages are still being written and will be available next week.

Meanwhile, I'd appreciate it if some active ICS users could download V9 now and test for installation and backward compatibility with existing applications, particularly with Delphi 7 and XE compilers.  I updated literally hundreds of package files manually, for the last time, and it would be good to know they actually install before the final V9 version is released.

There is also a new ICS V10 SVN repository for the next major version with Linux support, but this is many months away from being complete, so please ignore it for now.

ICS V9 is planned to be a long term support release with no new components or major features added, just bug fixes as needed, major changes will be for V10.  V9.0 has been tested with Delphi 7, but I had to make changes to several new components due to missing language features and TWebBrowser does not exist, so V9.0 will be the last tested with D7.  Delphi 2007 is easier to support for those building ANSI projects and will become the oldest version supported.

Angus

My invoices from Worldpay in the UK break down the handling fees into two parts, VAT exempt which includes the percentage transactions charges (up to 4%), and VAT standard rate for fixed transaction costs which include approval and declined fees (4.5p each) and the monthly cost for card facilities.   So no need for end users to be charged tax for bank fees.   These are for VISA and Mastercard.

No idea how taxation works in any other country.

Angus

Quote

Other way is to replicate the arp discovery for IPV4 (RFC826) scanning the whole net and do it more "fast". Of course one must implemented the NDP for IPV6 (RFC4861).

Both of which are done by the new ICS component TIcsNeighbDevices which gives a similar display to the two Nirsoft scanner tools. 

Angus

Quote

Another solution could be to create a simple UDP server with Indy on port x and use the UDP broadcast to send a packet

That is what the ARP protocol does, except your version requires software running on every device and for those devices to be running.

Angus

If you don't want to raise an exception for response errors, you simply set the property ResponseNoException true, you don't need to comment out any code. 

No idea why an exception would kill a DLL, that must be your design, not handling exceptions correctly.

Never heard of memorymodule, not sure what relevance it has here.

Your main issue, unless I've read this wrong, would appear to connecting to alternate servers on failure.  If an ICS socket fails to connect, or you time out a connection attempt early, it takes a few moments for the socket to close and be ready for another connection, just because the Close event is called does not mean the socket is ready after errors, TCP has various timeouts when making connections. 

So where you need to contact sequential servers after failure, you should use alternate THttpCli components.  I usually have an array of components, all using the same events, with Tag set, so you know which component caused the event.    I did this recent in a new ICS component TIcsDomainNameCache which uses an array of components derived from THttpCli. 

Angus

If you mean all the local IP addresses on your LAN, ICS has a new component TIcsNeighbDevices that builds a historic LAN neighbourhood MAC device and IPv4 and IPv6 address table using ARP, neighbourhood discovery and network scanning.  There is a new sample OverbyteIcsNetTools.dpr that illustrates its use. 

Angus