Angus Robertson

Your partial code looks okay. TCP Send and related functions simply stuff data in a buffer with no real error, SendTo sends UDP immediately with a Windows API but unfortunately does not get the real error (which Send already does for TCP). 

If you get back -1 from SendTo, use LastError := WSocket_Synchronized_WSAGetLastError;  then WSocketErrorDesc to get a message, I'll correct this in SVN for V8.67, not sure how it got missed for 20 years, but UDP rarely fails, or at least rarely gives errors, you have no idea if packets are received anywhere.

Angus

UDP is connectionless protocol, connect does nothing, you use SendTo and SendTo6 to send UDP packets setting the address and port in a TSockAddrIn or TSockAddrIn6 structure.  When receiving, in onDataAvailable you use ReceiveFrom or ReceiveFrom6 which fills the same structure with the remote address, conveniently so you can reply.

Angus

Your application should already be logging sufficient information to debug errors of this sort. 

If you are using the TSslHttpRest component, set debug level to DebugHdr. if not look at that component to see how it logs activities. Or try connecting to the proxy with the OverbyteIcsHttpRestTst sample. 

Angus

Sorry, you will need to diagnose the problem, I'm not guessing.

Angus

That comment is ancient, written by another developer, not really looked at that code.

Angus

The Delphi-MQTT project seems well written, but does not use TLS/SSL, easy to add that.  I published a wish list here 18 months suggesting this could be added to ICS, the main issue is testing. 

This telemetry stuff really needs to be tested with non-Delphi applications and appliances, ideally in a real world environment, and I don't knowingly have any such things.  Do have lots of Alexa capable devices on my LAN, no idea if they run MQTT.

Angus

Are you aware of this ICS project: https://github.com/pjde/delphi-mqtt

Angus

Would not recommend using httpAuthBasic unless you are setting credentials, there is usually a check for blanks, but that is a fail safe.

Angus

Sorry, never looked at Squid.  But ICS will not use TLS to a proxy irrespective of the port specified  You really need some logging to see what is happening.

Angus

That comment only relates to setting the various component proxy properties using a single URL, for convenience.  

The THttpCli component always connects to forward web proxies without HTTPS, but will make HTTPS requests through those proxies using the CONNECT method.  Not sure if forward web proxies exist that use HTTPS. 

Angus

Thanks, just tidying up a few units, will be done today - not the SSL support...

Angus

I offer zip and exe downloads of my application installers, Firefox is happy with both, Edge moans about the exe which is signed with a Sectigo certificate, but the Keep option allows it to be downloaded OK.  Windows 10 itself allows exe files signed by Sectigo to be opened and run without any warning dialogs. 

I thought most Windows users were aware that Nanny Microsoft is overly cautious about download warnings and know how to ignore them. 

The only download problem I've had was when Google scanned some Delphi component downloads on my site and decided one was malicious, never told me which but possibly an OpenSSL DLL, that caused my domain to be blocked by all browsers including Firefox, only solution was to hide all such files with a password. 

Angus

Agree HTTP POST is the safest upload method, but I'd make sure the client can have a proxy server specified for cases where default internet access is blocked.  And maybe offer your clients that proxy server as being easier to monitor than the factory floor systems.  

Angus

Just installed the overnight zip on Delphi 7, worked the second time after I deleted all the old units and packages and started fresh.  A number of old units were removed in V8.,66 which will no longer build.  Having trouble building samples due to them having D2007 properties, long time since I tried to downgrade forms.

Angus

There are 80 lines of documentation in the OverbyteIcsIpStreamLog.pas unit.

Angus

HandshakeDone error=0 means the session connected OK, but does not tell you anything about the certificates received, you need to code that yourself, or use a better component as I suggested last week like TIcsIpStrmLog which does this for you.

Angus

In your first project, onConnect error=0 is OK, but you are not logging the error for HandshakeDone which quite often fails.  It is also where your component should be checking whether you really reached the secure server you requested. 

Can not help on the C++ missing external, you'll need to resolve that yourself.

Angus

Start with the OverbyteIcsSslMultiFtpServ.dpr and OverbyteIcsXferTst.dpr samples, they are designed for secure FTP,  and use special FTP commands to speed up synchronising file directories including sub-directories.  I've been using these FTP components for 15 years for backup to and from my public servers.   The FTP server includes automatic SSL certificate ordering.

Angus

So your web server is accepting connections again?

Not many people still use Delphi 7 so don't test it very often, but I will fix V8.67 to work on it again next week.

Angus

There is a SslAlpnProtocols property in TSslWSocket, stringlist of protocols the client accepts.  

The  OverbyteIcsHttpRestTst.dpr sample uses it. 

Angus

You should really be configuring your server using IcsHosts so you can ignore the SslContext.  But try these settings:

SslCtx.SslMinVersion := sslVerTLS1_2;
SslCtx.SslMaxVersion := sslVerTLS1_2;
SslCtx.SslCipherList := sslCiphersMozillaSrvTLS12;   { V8.66 was sslCiphersMozillaSrvInterFS }
SslCtx.SslSecLevel := sslSecLevel112bits;

Angus

I tried connecting to your Amazon server with the IcsIpStrmLog sample, it works without SSL, but not with SSL on that port.  Ports are always configured for one or the other, unless the protocol accepts a command like STARTTLS after a non-SSL connection. 

Angus

I can connect to your test server with the host name you sent, using the ICS browser component, get a 404 error no index page, uses a RapidSSL certificate:

SSL Connected OK with TLSv1.1, cipher ECDHE-RSA-AES256-SHA, key auth RSA, key exchange ECDH, encryption AES(256), message auth SHA1

TLSv1.1 and SHA1 are now obsolete and not supported by most browsers.  Somehow you have configured the server not to support TLSv1.2, either by using very old OpenSSL DLLs or with options.

Angus

ICS only create a self signed certificate if there is no real certificate available, without which the server will not start. 

As I said elsewhere today, the ICS logger is designed for internal component debugging, not application errors, nor SSL debugging. 

What is your URL, email if necessary.

Angus

Some component properties are reset when the socket closes, and need to be set each time it is opened, SslEnable is one of them since the next connection may not be SSL. 

OverbyteIcsIpStmLogTst.dpr is the sample for TIcsIpStrmLog, it has both client and server modes, you only need the client part, I wrote a simple app to test something::

    IcsIpStrmLog1.LogProtocol := logprotTcpClient;
    IcsIpStrmLog1.RemoteHost := SendHost.Text;
    IcsIpStrmLog1.RemoteIpPort := SendPort.Text;

    IcsIpStrmLog1.ForceSsl := True;
    IcsIpStrmLog1.StartLogging;

Log onLogProgEvent and onLogRecvEvent. 

Angus