Jump to content

Angus Robertson

Members
  • Content Count

    1721
  • Joined

  • Last visited

  • Days Won

    32

Posts posted by Angus Robertson


  1. All the common subject and issuer fields are available as properties, ie SubjectCName, SubjectOName, IssuerCName, SubjectCOName, SubAltNameDNS, etc, or you can use GetNameEntryByNid with the NID literal for obscure ones like STREET, not even sure that exists...

     

    Look at the function ListCertDetail in OverbyteIcsPemtool1.pas which creates a string detailing most certificate fields.

     

    Angus

     


  2. Only concerned about internal DER ASN_ENCODING format which ICS already supports, not file formats. 

     

    OverbyteIcsPemtool1.pas already has code for opening a store, getting certificate contexts and converting them to X509 and PEM, need to move that into one of the library units, create a PCCERT_CONTEXT and add it to the correct store. 

     

    Angus

     


  3. All Windows services run in their own thread already, TWSocketServer often runs in Windows services without needing extra threads.  Using a thread for some client responses and not for others is exactly what the FTP servers does, it is no difficult, just make sure the response is sent in the main thread once SQL is done.  

     

    Bringing TWSocketThrdServer up to date and creating TsslHttpThrdSrv is a major project and needs someone to sponsor it.  My company effectively sponsors most ICS development since I create features mostly that are needed for our applications but which are then used by others without any cost.  But so far I've not needed TsslHttpThrdSrv.  It has been disscused in the past, it was going to be designed to handle x clients in a single thread before using another thread for x more, typically x would be 100 or more for a simple web server but could be one so each client gets a thread. 

     

    Angus

     

     


  4. Not sure why you want to run the server in a thread, that just listens on one or more ports and creates clients.  Running the client in a thread can be done, ICS has TWSocketThrdServer that does exactly that, but it  is rarely used, has not been updated for 10 years, lacks newer multi-listen and SSL stuff and there is no web server derived from it, lack of demand from end users.

     

    My own TSslHttpAppSrv SQL driven web server runs happily in a single thread,  the SQL stored procedures rarely take very long so are not blocking others users significantly, obviously this depends on volume, I'm only handling couple of thousand SQL requests a day, from the logging, SQL proc took 16ms, 31ms, 141ms, 63ms, 390ms, 16ms.  So I never bothered with threads.

     

    As Francois says, using a thread just for the database lookup and returning the page in the main thread is the safest solution, look at class TClientProcessingThread in the ICS FTP server which uses a thread to calculate MD5sums and directory listing,

     

    Angus

     

     


  5. Quote

    That's apparently an evil conspiracy of Google against Delphi!

    Or the automated Google scan tools were finding something in one of the components or OpenSSL binaries that has been used in a malicious application somewhere, unfortunately they don't tell you anything specific, just that your site is banned in all browsers until you remove your malicious file, so it's trial and error. 

     

    Angus


  6. Not sure when Default() was added, but it gave an error in Delphi 2007.   The keep-alive issue was not in the ICS server, but in my application. 

     

    But you still need to fix data being received correctly, if you remove the close line for your google example, it takes four minutes for the window to become responsive and display the received data, which is the Google timeout.

     

    The Microsoft page actually shows how poor the ciphers are in older Windows versions, it says there are none for TLS/1,2 in Windows 7, although a couple have now been added. but not nearly as good as OpenSSL supports on Windows 7. 

     

    Angus

     


  7. I started fixing errors with Delphi 2007 to get it to build, but there were too many.  Simple things like type LONG missing.  Does not matter for personal projects, but is important if the code is ever to incorporated into libraries.

     

    The issue with async requests seems to relate to most of the content not being returned until the connection is closed.  This URL works fine:

     

    www.magsys.co.uk

    GET /delphi/ddservice.asp HTTP/1.1
    Connection: close
    Host: www.magsys.co.uk
     

    While this does not, the end of the page only appears after the server closes the connection on a 60 second timeout:

     

    www.telecom-tariffs.co.uk
    GET /serverinfo.htm HTTP/1.1
    Connection: close
     

    The first server is IIS. the second the ICS web server, so it seems we have aggressive Keep-Alive that is ignoring the Close command, another ICS bug for me to fix.  But it shows up a bug in your code as well. 

     

    I chose that page because it shows the SSL/TLS connection parameters selected by the server, useful to check browser capabilities, and the poor range of ciphers supported by SChannel on older versions of Windows. 

     

    Angus

     

     

     


  8. I've completed a new release of DDService Application Framework from the late Arno Garrels, it now supports Delphi 5, 7 and 2006 to XE8, 10 Seattle, 10.1 Berlin, 10.2 Tokyo and 10.3 Rio, as well as C++ Builder 2006 to XE5. Note that bugs fixed in these new releases had already been done in DDService.  Also added new unit to control, install and remove Windows Service applications.

     

    The new and old versions may be downloaded from https://www.magsys.co.uk/delphi/ddservice.asp or from an SVN repository at: http://svn.magsys.co.uk:8443/svn/ddservice/ , use username = ics and password = ics for read access.

     

    Angus

     

    • Like 7

  9. Interesting, it does work with modern compilers, not with Delphi 2007, too many new language features. 

     

    At least the sync request returns a full page, the async request only returns one buffer load of data. 

     

    While SChannel avoids the need for OpenSSL DLLs, it does mean encryption protocols and ciphers are determined by Microsoft, and they don't really care about keeping up to date, particularly with older operation systems, it took years for Windows Vista and 7 to get TLS/1,2 and probably only because anything older is becoming obsolete soon.  TLS/1,3 is still not supported by Windows 10/2019 a year after everyone else started using it, including ICS. 

     

    If you take this further, ICS already has soon functions to interact with the Windows certificate store for checking certificate chains, it's one of our options, using them will save you a lot of effort.

     

    Angus

     

     


  10. Look at the new sample OverbyteIcsSslMultiWebServ.dpr in \Samples\delphi\sslinternet\, this is effectively a commercial web server using THTTPAppServer and lots of AddGetHandler, with a minimal interface designed to be used as a Windows service. 

     

    I will be adding another ICS sample shortly using the DDService environment once I've brought it up to date for new compilers, but the ICS code will be identical. 

     

    Your exception must relate to code you've written in the handler, add some error handling.

     

    Angus

     


  11. I'm attempting a new release of DDService adding support for XE7 and later. 

     

    Collected original SvcMgr.pas files from all versions if Delphi, think I have to update each new one to DDSvMrg,pas and then create DIFF files using WinMerge.  Not too hard, since there is only a single service bug fix (quoting image path) in 15 years and Arno fixed that in 2008. 

     

    But are there any other service handler bugs in DDService that should be fixed for a new release?

     

    I also want to add an example of how to use DDService for dual GUI/service , there is a demo CombiService on my system but not tried it and not sure where it came from  Has anyone done this with DDService?

     

    Angus

     

    • Like 1
    • Thanks 1

  12. Quote

    Judging from the provided link alone a webhook is a server running on the client side.

    That was where I was getting confused, a server running on the client is simple but unlikely to work in 99% of cases unless the client has a unique public IP address, most of us block incoming connections, use NAT., dynamic IP addresses, firewalls, etc.  But leaving a connection open to a remote server is even worse once you have more than a few hundred clients, servers can only handle a few thousand simultaneous connections at best.  Still no idea what a data consumer means. 

     

    If it is a local web server and only needs to handle simple notifications to update pages, then the new TSimpleWebSrv added recently is lightweight and easier to implement than the full web server, ICS uses it for Let's Encrypt authentication requests and OAuth2. 

     

    Angus


  13. I've looked at a couple of pages on webhooks and still have no idea which end is listening and which is sending, or what.  Someone will need to explain this as simple HTTP concepts. 

     

    The ICS HTTP client has keep-alive that leave connections open potentially for days or weeks, the HTTP server has a timeout to stop that happening.

     

    Angus

     


  14.  

    2 hours ago, timfrost said:

    I am using DDService successfully in Delphi 10.3;

    The latest files in my DDService version are 20 April 2014, mostly XE6 units.  I'm not sure how the DIFF files that patch a copy of the installed SvcMgr.pas file are created, or whether the zip includes the tools to create new DIFF files.  Suspect the patched XE6 file could be distributed and used in more recent versions without a problem, which might be what you doing.

     

    Angus

×