Jump to content

Angus Robertson

Members
 View Profile  See their activity

  • Content Count

    1702

  • Joined

  • Last visited

  • Days Won

    32

Posts posted by Angus Robertson

  1. Posted

    401 error is usually authentication failure, but since no proper headers are posted in this thread we can not comment on what authentication is being attempted.  Perhaps the server is sufficiently clever to realise the requests have been intercepted and perhaps corrupted by a proxy, thus 401.

     

    The newish TSslHttpRest component has header and response logging built-in, and can be used instead of TSslHttpCli, just add the OnHttpRestProg event. 

     

    Angus

     

  8. Posted

    Windows applications are dependent on dozens of DLLs.  We don't change stuff that works unless new functionality is needed or newer versions of Windows make something obsolete, which is fortunately very, very rare.  But we have to change OpenSSL every couple of years because it's evolving with new standards and older versions are no longer supported. 

     

    Angus

  10. Posted

    This all came from the Mustangpeak SVN at svn://www.soft-gems.net/mustangpeak eight years ago, but that is all gone now. 
     

    Dual license:

    // The contents of this file are subject to the Mozilla Public License
    // Version 1.1 (the "License"); you maynot use this file except in compliance
    // with the License. You may obtain a copy of the License at http://www.mozilla.org/MPL/
    //
    // Alternatively, you may redistribute this library, use and/or modify it under the terms of the
    // GNU Lesser General Public License as published by the Free Software Foundation;
    // either version 2.1 of the License, or (at your option) any later version.
    // You may obtain a copy of the LGPL at http://www.gnu.org/copyleft/.
     

    I don't really understand git, would be easier to upload all the Mustangpeak projects to my own public SVN server. 

     

    Angus

  11. Posted

    Six new zips for Win32 and Win64 versions of OpenSSL 1.1.1c, 1.1.0k and 1.0.2s can now be downloadable from the Wiki at: http://wiki.overbyte.eu/wiki/index.php/ICS_Download or https://www.magsys.co.uk/delphi/magics.asp . The DLLs are also included in the ICS distribution SVN and overnight zip.  These releases are the six monthly updates of minor bug fixes, with no major security improvements.

     

    ICS applications require V8.57 or later to support OpenSSL 1.1.1c.

     

    Changes in 1.1.1c may be found at https://www.openssl.org/news/openssl-1.1.1-notes.html , 1.1.0k may be found at https://www.openssl.org/news/openssl-1.1.0-notes.html and 1.0.2s at  https://www.openssl.org/news/openssl-1.0.2-notes.html

     

      Angus

    • Like 1
    • Thanks 1

  12. Posted

    > Now I'm at the step to improve the speed for the data transfer. I have tried to increase the ESP32 buffer size

    The ESP32 microcontroller is a small, very cheap device not designed for speed (it's used in mains smart plugs controlled by Alexa).  From an ICS perspective do not mess with MTU or TCP settings, just make sure you have a static receive buffer of 64K or something from which you write to a file in chunks of that size. Memory files are not always a good idea, since they may come from paged memory. 

     

    > I'm now wondering how to work at the BinCliDemo to receive the two clients simultaneously.

    Most ICS servers derive from TWSocketServer, where you put all your code into a client class and can handle hundreds of clients on the same port.  If you really want clients on different ports, generally you need one server per port, although TWSocketServer will also listen on multiple ports such as 80 and 443 for HTTP and HTTPS.  Look at the OverbyteIcsTcpSrvIPv6 sample which is the multi-client  binary file transfer version that will work with your client. 

     

    Angus

  13. Posted

    Sorry the limit of our FMX support is ensuring the components build and install as FMX libraries, and even that takes a lot of my precious unpaid time. 

    The FMX samples have not been updated for several years.  I personally only use VCL so am unable to devote any more time to FMX support,  The developer that did all the cross platform and FMX work passed some years ago, and no-one has replaced him.

     

    Angus

     

    • Sad 1

  14. Posted

    Sorry, TWSocketThrdServer has never been supported by FMX, nor has it really been updated for a decade or more.  It is probably little effort to add FMX support, but it is not often used since most ICS servers work fine without threads,  It's only when you need several hundred simultaneous clients that threads become necessary, and then perhaps not one per client.

     

    Angus

    • Thanks 1

  15. Posted · Edited by Angus Robertson

    For public servers, the best SSL test is https://www.ssllabs.com/ssltest/ which gives a long report on which protocols and ciphers are supported and recommends changes.  With the ICS V8.60 and later, ICS servers should get an A+ rating providing you also have certain HTTP headers to block exploits. 

     

    For private servers, you can use the latest ICS HTTPS client samples that allow disabling certain protocols and you can then try and connect to your server.  The quickest way is to download the pre-build Browser demo application from http://wiki.overbyte.eu/arch/FrameBrowserIcs.zip which is a simple browser (no scripting) with extensive HTTP, HTML and SSL logging that allows you to set SSL Security to one of:

     

    SSLv3 Only
    TLSv1 Only
    TLSv1.1 Only
    TLSv1.2 Only
    TLSv1.3 Only
    TLSv1 or Better
    TLSv1.1 or Better
    TLSv1.2 or Better
    Backward Ciphers
    Intermediate Ciphers
    High Ciphers, 2048 keys
    High Ciphers, 3072 keys
    High Ciphers, 7680 keys
     

    In fact all ICS clients now have the same options in SslContext. 

     

    Servers are more complicated, but again with V8.60 and later, you can set:

     

    SSLv3 Only
    Backward Ciphers, TLS1 or Later
    Intermediate Ciphers, TLS1.1 or Later
    Intermediate Ciphers FS, TLS1.1 or Later
    High 112 bit Ciphers, TLS1.2 or Later
    High 128 bit Ciphers, TLS1.2 or Later
    High 192 bit Ciphers, TLS1.2 or Later
    TLSv1.2 or Earlier
    TLSv1.3 Only
     

    provided your server is using IcsHosts.  If not, V8.27 (two years ago) added SslContext properties SslMinVersion and SslMaxVersion which is what you should be using, not the old options.

     

    Angus

     

     

    • Like 1

  17. Posted

    Does anyone else still use UltraExplorer, an excellent replacement for Windows File Explorer, written in Delphi by Mustangpeak using VirtualShellTools and numerous other Delphi components?

    It was last updated about 10 years ago and the source was on Google SVN, now closed down. 

     

    On one of my Windows 10 installs, UltraExplorer stopped working after a Windows Update, so I'd like to try and rebuild it. Some of the Mistangpeak components are being maintained as Github projects, but can not find UltraExplorer.  I still have the SVN source from 2010. 

     

    Angus

     

  20. Posted

    No other way to get the remote UDP address, since there is no connection.  All UDP applications use ReceiveFrom, it has always worked. 

    Suggest you upgrade to a modern supported version of ICS, but you will need to change your application, all the unit names changed 10 years ago.

     

    Angus

  21. Posted

    ICS V8.61 has been released at:

    http://wiki.overbyte.eu/wiki/index.php/ICS_Download

    ICS is a free internet component library for Delphi 7, 2006 to 2010, XE to XE8, 10 Seattle, 10.1 Berlin, 10.2 Tokyo and 10.3 Rio, and C++Builder 2006 to XE3, 10.2 Tokyo and 10.3 Rio. ICS supports VCL and FMX, Win32,
    Win64 and MacOS targets.

    The distribution zip includes the latest OpenSSL 1.1.1 win32, with other versions of OpenSSL being available from the download page.

    Changes in ICS V8.61 include:

    1 - Added two new components using the new HTTPS REST component, which are both useful and illustrate how simply they can created, TIcsSms and TDnsQueryHttps, both in the OverbyteIcsSslHttpRest.pas unit with demos
    in OverbyteIcsHttpRestTst.

    2 - The new TIcsSms component sends SMS text messages via an HTTP bureau, you will need an account. Initially supporting     https://www.kapow.co.uk/ from where you set-up an account for £6.50 (about $9) which gives 100 message credits. Other similar bureaus can be added, provided there is an account for testing. The component has three methods, SendSMS sends an SMS to a mobile number and returns an ID, CheckSMS checks if the SMS with a specific ID has been delivered, pending or failed and CheckCredit returns remaining credit for the account.  Messages longer than 140 characters should be sent as multiple messages, if supported by the network.

    3 - The new TDnsQueryHttps component makes DNS queries over HTTPS (DOH), to ensure integrity and privacy from interception by ISPs or proxies. It includes a list of public DOH servers from Cloudfare, Google, Quad9 and others, and will make all common DNS queries, including all which does the seven most common queries together.  The original TDnsQuery component has also been updated to support all the common queries and return them in using a single AnswerRecord array, rather than an array per query type, but remains backward compatible for existing queries. It now also returns alternate responses. Supports IPv6.  The OverbyteIcsNsLookup sample uses TDnsQuery while the OverbyteIcsHttpRestTst sample uses TDnsQueryHttps. The latter sample also illustrates DNS over HTTPS using Json as a REST demo.

    4 - Improved HTTP client and server NTLM authentication by adding Single Sign On with NTLM Session on Windows Domain to get credentials without needing them specified in code.

    5 - Improvements in the HTTPS REST  component to prevent TSslHttpCli events being overwritten by TSslHttpRest events. ResponseXX properties are now available in both OnRequestDone and OnRestRequestDone event handler. IcsHtmlToStr returns javascript content as well as XML and Json and does not ignore very short content.

    6 - Improvements in the HTTP client, added more header response properties: RespDateDT, RespLastModDT, RespExpires and RespCacheControl. NoCache now sends Cache-Control: no-cache for HTTP/1.1.

    7 - Fixed SSL certificate ValidateCertChain to check certificate start and expiry dates in UTC time instead of local time.  Previously certificates issued in North America with UTC/GMT time stamps may have been seen as not
    yet valid.

    8 - The FTP client now accepts badly formatted FEAT PROT responses.

    9 - The Browser Demo sample using HtmlViewer now correctly supports authentication methods where a site requires a login, and has an improved log window that no longer slows down display of complex pages.
     

    Angus

    • Like 1
    • Thanks 1

  24. Posted

    TWSocket 5.31 goes back 11 years, but ReceiveFrom is essentially the same today.  However it is no longer supported. 

     

    ReceiveFrom is async and returns immediately, it is normally used for UDP only so you know where the data has come from. it is widely used today and does not cause applications to lock up.  It sound like you have a continuous loop reading data without any error handling. 

     

    Angus

     

  25. Posted

    Yes, I see the word video in very small letters buried in a line at the top of the screen, but I read these groups backwards from Unread Content, and you never mentioned you were posting a link to a video in the root post.  That would have be sufficient for me to skip this thread, even less time to watch beginners how to program videos . My apologies for wasting your time by posting something useful for other developers.

     

    Angus

     

    • Like 1
×