Angus Robertson

Some of these old samples do illustrate programming techniques or features that the SSL samples don't, and it takes effort to remove old things...

Angus

That is a very old sample that does not support SSL/TLS. 

The current active HTTPS client samples are OverbyteIcsHttpsTst.dpr  and OverbyteIcsHttpRestTst.dpr in the sslinternet directory.

Angus

The proxy setters changes are now in SVN, with an updated OverbyteIcsSocksTst sample that now also tests HTTP Tunnelling, which we did not seem to do. Will be zipped overnight.

I tested the HTTP Tunnelling changes against the ICS proxy server, which currently deliberately only tunnels HTTP, need to fix that, but have not tested socks since 7Proxy failed my 10 minutes to find out how to configure it limit, sure it works fine once you find some non-empty help files.

Angus

I added OverbyteIcsDefs.inc last week, not in SVN yet, other stuff pending. 

But OverbyteIcsTicks64 has always compiled okay, it is in the IcsCommonDxx package which is built weekly, so your problem must be something else.

Angus

I've added  SetSocks and SetHTTPTunnel to TCustomSocksWSocket, with a new ProxyURL property.  Not in SVN yet.

I can test HTTP Tunnelling through the ICS Proxy Server I have running on my public servers, but can not find any samples that use it.  We do have OverbyteIcsSocksTst, but I don't currently have a SOCKS server running. 

Less sure about SetURL() which only sets the wsocket host and port, is that really worthwhile?

Angus

You need a message handler in the thread execute loop, to handle all the events, these lines are from  TMailQuThread.Execute; in OverbyteIcsMailQueue.pas. 

 FIcsWndControl.ProcessMessages ;
if FIcsWndControl.Terminated then break ;
if NOT FActive then break ; // component
if Terminated then break ;  // thread
if (errorcounter > 10000) then break ;  // sanity check

Angus

Thanks, seems my local version of the D2007 package with VCLZip has slipped into SVN, will fix that shortly.   Always hate updating ICS packages, over 100 units to modify.

Angus

Next week...

Angus

Quote

I was unsure if adding OverbyteIcsUrl to OverbyteIcsWSocket is an option.

Url is not a large unit and probably linked into most applications anyway, except the simplest, so it can happen.  I've also just saved a lot of space by removing a lot of legacy OpenSSL support code.

Angus

Thanks, will have a look next week.  BTW, your last proxy fix is in SVN now, seems I broke it adding international domain name support.

Angus

ICS is maintained using Delphi 2007, so is the best tested platform, provided I put the correct files in SVN. 

VCLZlip is controlled by OverbyteVclZip.inc, and the version in my SVN has {.DEFINE Zipping}. 

TIcsTwitter, etc were added six months ago to OverbyteIcsSslHttpRest.pas, so you probably have an old version somewhere.

Angus

That unit does not have the definitions include, but does not use any of them either, and seems to compile fine in all the packages

Angus

Thanks, will apply shortly.  Don't often look at socks or tunnels.

Angus

I have a component that checks signing certificates: https://www.magsys.co.uk/delphi/magtrustchk.asp

Angus

Also ensure the ICS source directory is in the path, and the path is set for the correct language and target.

Angus

Don't read French, so no idea what error.  But quite common to get a false error saying can not install, but they are installed okay next time you start RAD Studio.

Angus

Agreed. annoying when creating SSL certificates as literals to embed in an application.

Angus

Sockets stream single bytes, so each end needs to agree on whether single or double byte characters are being sent,  and handle them the same way. 

It is relatively unusual to send two byte characters over the internet, due to most western languages having a lot of one byte Unicode characters.  So generally conversion to UTF-8 is more efficient.  To avoid Delphi doing it's own code page conversions it is better to use TBytes to send and receive data, then functions IcsMoveStrinngToTbytes and IcsMoveTBytesToString with your desired CodePage. 

Angus

No, TSslWSocket still needs an TSslContext, although you don't usually need to change any defaults unless you want to restrict protocols. 

However, you can use the high level component TIcsIpStrmLog in client mode to send and receive simple data, and that does not need an TSslContext.  It's sample OverbyteIcsIpStmLogTst.dpr can be set to client or server mode, or local when it does both and send lines of data to itself.  In server mode it is configured using IcsHosts so it might be a quick swap.

Angus

The TIcsWhoisCli component already parses the response in the AutoQueryResponse function, looking for a secondary Whois server using several different phrases.  Extracting more information is trivial, although tedious having to research lots of responses to know the different whois response formats.

Angus

Two new zips for Win32 and Win64 versions of OpenSSL 1.1.1j can now be downloadable from the Wiki at: http://wiki.overbyte.eu/wiki/index.php/ICS_Download or https://www.magsys.co.uk/delphi/magics.asp . The latest 1.1.1 DLLs are also included in the ICS distribution SVN and overnight zip.

Beware SVN and the overnight zip for forthcoming V8.66 include is a major clean-up of OpenSSL functions, and may require end user application changes if low level OpenSSL functions have been used,
hopefully very rarely.   All OpenSSL functions have been renamed to their original names removing ICS f_ prefix so they now have the original OpenSSL names for commonality with other Delphi
applications.

OpenSSL 1.0.2 and 1.1.0 ceased security fix support over 12 months ago, so ICS now only supports 1.1.1, with 3.0 support due in the next few months. This removes a lot of legacy code and functions, and several old ICS functions needed for backward compatibility.  Two components only used for 1.0.2 have been removed, TSslStaticLock and TSslDynamicLock which may give an error loading forms, until they are removed.  SslContext SslOptions is now ignored, use SslOptions2 instead which has more modern options.  Can not remove SslOptions because it's saved on too many DFMs. Most modern
applications should not be using SslConext, but IcsHosts for servers or high level client components like TSslHttpRest.

If your application needs to use 1.0.2, you must keep using V8.65 or earlier.

Angus

Found the integer overflow in WSocketIsDottedIP, not sure why it was called, but fixed anyway. 

Had to write a little application to create fake web requests, should really improve it for server testing.

Angus

Yes, that logging line is built from the host header, RequestHost and Path properties.  I'll need to test this under the debuggger to see if the overflow was in my logging code or the server component.

Angus

The Whois result is always free text, and varies between registrars.  But usually you'll see something like:

One example:

   Updated Date: 2020-10-30T06:00:11Z
   Creation Date: 2020-10-30T06:00:08Z
   Registry Expiry Date: 2021-10-30T06:00:08Z
   Registrar: NameCheap, Inc.
  

My own domain (very old): 

    Relevant dates:
        Registered on: before Aug-1996
        Expiry date:  02-Sep-2022
        Last updated:  03-Aug-2020

so you just search for that expiry line and get the date, allowing for various formats.  You need to check several domains for different formats. 

If you manage to collerct all this information and parse it sensibly, we could add it to the component for others.  I'd particular like domain registered date, because most spam comes from newly registered domains.

Angus

So I guess a hacker testing IPv4 addresses sequentially, and too lazy to convert his numbers to a dotted IP address, except the server is http://3650250390/ which does work from Firefox, but may have been converted by the browser.

One of my hacking tests is for numeric IPs since no real visitor would use them, they go on an immediate 24 hour block list.

Angus