Angus Robertson

Thanks, on my list to investigate, might be a couple of weeks. 

Angus

Basic Authentication has always worked with GET, my own websites have used it for over 15 years, hundreds of logins each day.  

If you can reproduce a problem using the multi web server sample, with logs, I'll look into it. 

Angus

Technically, https://test.com?test is an invalid URL, since there is no path included in the URL,

Without the query parameter, ICS would add path / automatically, so probably should do so for the query parameter as well, that is what my Firefox browser seems to do.

Will fix it next week. 

If you want to do it yourself, in THttpCli.DoRequestAsync change:

if FPath = '' then FPath := '/';    to 

if Pos('/', FPath) <> 1 then FPath := '/' + FPath;

Angus

As François says, you need to open that port using TWSocket, but it might take a long is you have to try 65,000 IP addresses. 

Build the OverbyteIcsNetTools sample, click the LAN Devices tab, then Start, That uses the IcsNeighbDevices component to build a historic LAN neighbourhood MAC device and IP address table includes ARP and IP range scanning, and reverse host lookup, shows MAC vendor name to help identify devices.  Runs in a thread continually checking for new devices.

The OverbyteIcsPemTools sample has a Test Host Certificates function that uses the TIcsIpStrmLog to connect to a long list of hosts, that could be adapted to ignore the SSL stuff and just open a port for your IP address list.

Angus

Async components are certainly better for servers and applications making parallel requests, but sync are easier to write not needing to keep track of state, and where only one request is made at a time.  

The main issue here is knowing when RequestDone is called, what published component properties need to be checked and for what, and what other requests need to be made, a sync request hides all that from you so is easier to use.  

Your original use of the async component was actually sync since you had a wait loop afterwards, which is exactly how the sync component works,

Angus

The OpenSSL_ProgramData define is ignored if OpenSSL resource files are linked, it's an alternative option.

You can not use OpenSSL_AutoLoad_CA_Bundle if you want to change where OpenSSL is loaded, it's too late to change anything in code. 

You can set GSSL_PUBLIC_DIR to your own directory before OpenSSL is loaded (instead of c:\programdata) but sub-directorties will still be created in your new directory, each OpenSSL release needs a unique directory.  Note I've not tested this! 

Use of the existing GSSL_SignTest_Check public variable is unchanged, if set true before loading OpenSSL, ICS checks the DLLs are digitally signed, which includes corruption checks.  It does not check the signing certificate at the moment, too much extra code.  This does not work yet for OpenSSL_AutoLoad_CA_Bundle, too late, need to think about that.

Angus

Although the snippets sample was added after your release, you should be able to built it with V8.70 after removing some new units added with later releases.  Or you download a compiled version of snippets and httpresttst from https://wiki.overbyte.eu/arch/icsdemos-clients.zip to test them.

As I said, for sync mode you don't RequestDone event, just check the status code returned by the RestRequest method, the error code in the event is irrelevant. 

The one event you should use is OnHttpRestProg and set DebugLevel := DebugHdr, that is the logging event that shows exactly what the component is doing with commands, hesders and error messages, you will see that running either of the samples I mentioned.

Angus

Because you no longer need to distribute the DLLs separately, the increase EXE size should mostly cancel out.  Or change the defs file and leave the DLLs alone, this change was really intended for new applications. I have tried to explain all this.  You also don't need to distribute a root bundle file, but many people probably ignored that. 

https://wiki.overbyte.eu/wiki/index.php/Updating_projects_to_V9.1

Angus

. 

Thanks, as the readme9 says, we no longer test Delphi 7, too old, but I'll add Types soon, all due to increasing use of TBytes that Delphi 7 does not understand.

Angus

Thanks for the comments, but what I need are modified and tested package files I can release to others, no point my trying to make changes I can not test.

Angus

To get started with the ICS REST component, I suggest you build and run the OverbyteIcsSnippets sample, click the 'HTTP REST Json Request' button and see what it does.  You can then copy the doHttpRestReqClick function which is heavily documented for all the hard coded properties.

In your code, you say you are using the TSslHttpRest component, but you are not using the RestRequest method which is how all requests are started, you've not looked at our REST samples.

BTW, one of the arguments in RestRequest specifies if the component makes sync or async requests, so make a sync request and your processmessages loop is no longer required, nor the RequestDone method.

Angus

Quote

What is the main difference between OpenSSL 3.0.x / 3.1.x / 3.2.x / 3.3.x

Short answer, no difference as far as ICS is concerned.  ICS does not use any of the new features in 3.1, 3.2 or 3.3, yet.

Long answer, OpenSSL is adding new features for each release, 3,1 was minor stuff, 3.2 was QUIC for HTTP/3 clients, 3.3 has just entered alpha testing and adds QUIC for HTTP/3 servers.   

Not sure if ICS needs to support QUIC and HTTP/3 (or HTTP/2), the only benefit is performance primarily when displaying complex web pages with hundreds of elements, and ICS is primarily used for APIs, not creating web browsers. 

HTTP/2 is half way to HTTP/3 (compressed headers) and there is an Indy implementation using a DLL, but hear very little about it, not sure if Delphi users need it?

I've vaguely thought about a proper Delphi HTTP/2 implementation, but it's a lot of work for no visible benefit, just small performance improvement.

There is are some OpenSSL 3.2 features I may look at, but no rush. 

My own servers are still using 3.0. 

But ICS offers all the currently supported versions.  3.1 and 3.2 will disappear before 3.0, once the next long term support release comes out.

Angus

I don't do C++ so it is totally untested for V9.1, I removed hundreds of old files and some of those might have been needed for C++.  Once you get it working, please email any changes for the next release.   We can then restore it for GetIt.

Due to OpenSSL being more integrated now, there will probably be quarterly releases to match OpenSSL.

Angus

Back to my reply yesterday, you are still not requesting a secure connection, just from a different demo. 

Beware SSL connections to IP addresses will always give certificate errors, and won't connect unless you ignore those errors, as will happen since you've left the default Verify Certificate Mode. 

Your server should have a domain host name, that name should be set in DNS and the IcsHosts.Hosts setting and the SSL certificate should be for that host name, and the client connects to that host name, that is what SSL/TLS is all about.  ICS V9.1 will create that certificate locally if it does not exist, although for the public internet it will order a certificate from Let's Encrypt.

Can not tell if the server is running correctly, the client is connecting to non-SSL port 21, you have not shown the logging for the SSL certificates chain.  You get that error message because you've left the IcsHosts setting AuthForceSsl=True so it refuses to connect without SSL, FTP is very insecure without SSL sending plain text passwords.  

Angus

Can you please first update ICS to V9.1, all those files and jobs were obsolete years ago and have been removed from the distribution.   

You will find documentation for IcsHosts at https://wiki.overbyte.eu/wiki/index.php/TWSocketServer.IcsHosts

Angus

You are trying to connect to port 990 which is SSL only, but your client says 'sslTypeNone'. 

That server sample does not create any PEM files. 

You would be better using the latest V9.,1 release, and the OverbyteIcsSslMultiFtpServ and  OverbyteIcsXferTst samples.

Angus

There is a clever improvement in the GetIt ICS installation process, thanks Embarcadero.

After the packages have been built and installed, the ICS demos-delphi-vcl project group opens in the IDE, allowing all the samples to be viewed and built, recommend saving the group as a favourite so it can be easily found.

The group opens with the OverbyteIcsSnippets project, that provides one button examples of HTTP and FTP multiple file downloading and uploading, HTTP REST requests, Websocket client, TCP socket traffic, and sending email using Mail Queue. 

Angus

ICS V9.1 is now available to install from GetIt for Delphi 11 and 12, either VCL only or VCL and FMX.

Start with the samples at C:\Users\(user)\Documents\Embarcadero\Studio\23.0\CatalogRepository\

Angus

Thanks, if you retain your old Defs file, ICS should behave as before, although I changed all the samples and my own applications so not sure when I last tested that...

Angus

The TIcsMailQueue component is designed for exactly your requirement, you queue an HTML identically to your existing code, call the QueueMail method, and then let the component worry about delivering the email, in the background.  You can queue hundreds of emails. 

Before queuing anything, you setup one or more SMTP servers, the background thread will then attempt to send queued emails to each of those servers multiple times over many hours until it is sent successfully, remove it from the queue and delete or archive the email.  The sample has a window you can steal that shows queued emails, when they will be next attempted, and allows them to be deleted if never going to get delivered. 

Angus

FileZilla Client has very poor certificate validation, it should check the certificate chain and accept it, instead it presents that horrible window.  Does the same with my own FTP server. 

Angus

You will find the OverbyteIcsXferTst sample easier to use, I was using the TIcsFtpMulti component for my tests. 

There is really nothing you can do for these errors, it's down to the server, firewalls and configuration.  They need to tell you why connections fail. 

Or does the server work with FileZilla Client, perhaps there is something clever going on.

Angus

I've reproduced a 425 FTP error after updating my FileZilla server to the latest on one of my public servers, and updating the Windows Firewall rules which FileZilla ignores (I have Delphi firewall functions that my servers use).  

I can access FileZilla fine from the public server, but not remotely, although my error is slightly different: 425 Unable to build data connection: EINVAL - Invalid argument passed

So this is all done to firewall port ranges, not sure yet if Windows Firewall or the external pfSense firewall, need to investigate.  Is your FileZilla server behind a firewall. 

Update: FileZilla is complaining:  [Error] Data peer IP [217.146.115.82] differs from control peer IP [217.146.115.84]: this shouldn't happen, aborting the data connection.

I have multiple outgoing IP addresses, and it does not like this. 

Update 2: After adding a router rule, I've got past the IP address error and the data connection now works.  You really need the FileZilla log message for the 425 error to understand it. 

> PASV
< 227 Entering Passive Mode (217,146,102,143,82,34)
! Passive connection requested to: 217.146.102.143:21026, control channel: 217.146.102.143
> MLSD
< 150 About to start data transfer.
! SSL Connected OK with TLSv1.3, cipher TLS_AES_256_GCM_SHA384, encryption AESGCM(256), message auth AEAD
 Connected OK Again
< 226 Operation successful
! Data Session closed
! Local File Stream Closed
! 245bytes received/sent in 31 milliseconds

Angus

ICS V9.1 has been released at: https://wiki.overbyte.eu/wiki/index.php/ICS_Download

ICS is a free internet component library for Delphi 7, 2006 to 2010, XE to XE8, 10, 10.1, 10.2, 10.3, 10.4, 11 and 12 and C++ Builder 10.4, 11 and 12. ICS supports VCL and FMX, Win32, Win64 and MacOS 32-bit targets. Beware Mac OS-X and C++ have not been tested recently due to lack of support from such users.

The distribution zip includes the latest OpenSSL 3.0.13. 3.1.5 and 3.2.1, for Win32 and Win64.

The highlights of V9.1 were posted in this topic two weeks ago, and are included in the download page.

The full release notes for V9.1 are at https://wiki.overbyte.eu/wiki/index.php/ICS_V9.1

There is also a new page https://wiki.overbyte.eu/wiki/index.php/Updating_projects_to_V9.1 to help with migrating existing projects.

The main ICS readme9.txt has the installation section rewritten to explain the new common groups and packages used for Delphi 10.4 and later, so you won't find any dedicated ICS packages for Delphi 11 or 12.  The readme now also explains all defines in the .\Source\Include\OverbyteIcsDefs.inc file that control how OpenSSL is loaded.

All ICS active samples are available as prebuilt executables, to allow ease of testing without needing to install ICS and build them all. There are four separate zip files split into clients, servers, tools and miscellaneous samples which can be downloaded from https://wiki.overbyte.eu/wiki/index.php/ICS_Samples

Angus

The 425 error from the server suggests it does not like the SSL/TLS connection, and yet we think it was okay, and it accepted the AUTH connection earlier. Nothing wrong with the commands being sent. SSL/TLS can be strange like that. 

BTW, I updated that old compiled demo today with a new version, although unlikely to behave any differently. 

Angus