Angus Robertson

I'm trying to update the new C++ packages for all the units added in V8.60, I thought successfully, except I'm unable to add DCR and PAS units with the same name to IcsVclBCB, I can add or the other, but get duplicate dialogs when added both together or one subsequently.  Yet the package already correctly contains PAS/DCRs for lots of other units.  Editing the XML manually is a pain due to the BuildOrder tag.

Amazingly, without the DCRs I have managed to build the C++ packages, after removing all Delphi packages. 

Angus

EmptyStr will not compile in Delphi 2007, needs a constant not a string in declarations.  Could be done with dozens of conditional lines since this effects several units.

Angus

Don't worry about the EmptyStr change, I'm doing it for several units at the moment. 

Angus

OK, I see that default, it is not important and can be changed. 

But numerous other functions and procedures in ICS have default parameters, they are very useful.  Surely C++ is not objecting to all of them?

Angus

Sorry, I can not find any lines in that unit that match your comments. the word unknown does exist in the unit. 

If you need to make changes to keep an old compiler happy,  please change the SVN version of the unit and email it to me.   And those changes must be backward compatible.

Angus

Sorry, as discussed elsewhere in this forum, we don't support those old C++ packages at the moment, due to lack of C++ knowledge.  I want to remove, them, but other users manage to get them to build.

Angus

Many thanks, uploaded to SVN, will be zipped overnight about 11pm.  The readme will be updated soon.

Angus

Sorry no idea, I don't do C++ and the C++ packages are unsupported.

Angus

6 hours ago, Sherlock said:

And spell checking should be a browser feature... at least my Firefox does it for me.

I'm using Firefox, but no spelling.  I have 'check your spelling as you type' checked. 

Later, installed a British dictionary and Spelling now appears on the right click menu. 

I thought better web applications used Ajax for spelling nowadays.

Angus

I added a new OnSelectDns event to THttpCli six months ago, to allow the application to handle alternate addresses.  The latest version has THttpCli handling this internally provided the event is not set. 

I'd prefer DNS round robin to be handled in WSocket to make it easier to use, but most components have handled the OnDnsLookupDone event themselves.  It only a year ago that WSocket got the ability to handle OnDnsLookupDone internally to simplify higher level components.

Angus

Ah, a white box on a white background with a light grey caption.  Thanks,

Angus

How do I spell check a post?

How do I search for old posts?

Angus

Increasingly, DNS look-ups are offering more than one IP address, sometimes for load sharing, sometimes both an IPv4 and IPv6 address., like Google and many major sites. 

By default, ICS components ignore IPv6 addresses, and always use the first IPv4 address offered, when there is more than one.  This is usually implemented in the OnDnsLookupDone event in the application or high level component.  So if that first address does not respond, the application never tries any other addresses. 

This has become more of a problem when enabling applications for IPv6, by setting SocketFamily to sfAny or sfAnyIPv6.  It is not uncommon for the IPv4 or IPv6 address to be unavailable, perhaps due to routing or firewall issues or simply IPv6 not being available.  Currently, it's necessary to restrict the SocketFamily so only the working family is attempted. 

So I'm adding round robin DNS look-ups to some of the high level protocols, this has been on my wish list for several years.  This is already done for the new TIcsTimeClient SNTP time client component in V8.60 which is particularly easy to test since pool.ntp.org returns four IPv4 and four IPv6 addresses, changing every few minutes, one of which is usually dead.  

The DNS round robin implementation relies on keeping the last successful connected IP address, so it can be re-used for subsequent connections, but looping through any alternative addresses if the last connection failed, for subsequent connection attempts. 

I've just added a similar implementation to the HTTP and FTP clients, not yet in SVN, which works fine, but only when you call the components multiple times, without destroying the component so the internal variables remain. Currently the application is unaware of how many different IP addresses are available. 

So I'm wondering if the DNS round robin implementation should be extended, either by letting the application know further attempts are worthwhile or perhaps by optionally making those attempts internally in the components?

Or does anyone have suggestions for a better DNS round robin implementation?

Angus

The X509 certificates are just files, in PEM, PCS12, or PCS7 single or bundle files, and can be copied to a UNC directory, where any server can pick them up.  They can be manually installed in the Windows store, but not automatically, yet.  The server is responsible for ordering new certificates, but the component includes a database with most of the information required.

Angus

ICS V8.58 added a new TSslX509Certs component allowing ICS servers to automatically order, download and install SSL/TLS certificates from various suppliers, including free certificates from Let's Encrypt, and commercial certificates for DigiCert, Comodo, Thawte and GeoTrust from CertCentre AG. It also acts as a private CA to issue local certificates.  

The TSslWSocketServer, TSslHttpServer, TSslHttpAppSrv, TIcsProxy and TIcsHttpProxy components can assign a TSslX509Certs component to support automatic certificate ordering of domain validated certificates with very little extra code. 

There is a new sample project OverbyteIcsX509CertsTst to demonstrate the TSslX509Certs component, which may be used as a standalone application to order X509 certificates from Let's Encrypt and CertCentre AG, and monitor the certificate orders database, and to issue own CA certificates.

http://wiki.overbyte.eu/wiki/index.php/FAQ_Order_SSL_Certificates

I'm about to revisit the TSslX509Certs component to support some Let's Encrypt changes like the new SSL challenge, so am interested in any feedback or suggestions from those that have used it,  Even just the sample application which can be used to order certificates for other web servers or applications.

Angus

OK, I'll do that since this is simple, but I won't test so won't know if it breaks modern compilers, I assume you can do that?

Listing a few canges is acceptable, any more and I need emailed complete units, particularly anything C++ related which I can not test.

Angus

Sorry no idea, that line is there for historic reasons for reasons I don't understand since I don't use C++, but I nearly always get caught out when I remove stuff I believe is unwanted.

But I've commented it out here.

Angus

ICS implemented OpenSSL 1.1.1 last year, initially for draft versions of TLSv1.3, then the final version. 

There are comments in the ICS SSL units about the major changes needed to support 1.1.0 and 1.1.1, and ICS applications support for three major OpenSSL versions, one of which is chosen during initiatisation.  

Now looking at OpenSSL 3 (or maybe 4) due out later this year, they say before support ceases for OpenSSL 1.0.2 at the end of the year. 

Angus

13 hours ago, Remy Lebeau said:

we created an internal project that has a database of active units and flags to dictate their behavior, and it can generate the various package files, resource files, etc for each compiler version we support.

Every time I do a set of updates, I think it's time to automate the process, but at that moment I'm not usually planning any more major changes, so leave it for another day. Fortunately ther RAD Studio release cycle has slowed from twice a year, so less urgent now. 

Angus

Generally no, TIcsLogger is a framework to implement diagnostic logging in ICS components, what is logged depends on the implementation in each different component.  But rarely is rfeceived or sent data logged, due to the sheer volume.  

But logging actual data is generally easy, most components have events that can be used.

Angus

I know that people still use Delphi 7 onwards, because they tell me when I make changes that are not Delphi 7 compatible, I use Delphi 2007 for most of my applications so I don't add language features from newer versions. 

But I can not recall anyone asking about old C++ versions for years, only the most recent versions, and they used to be told to lry the last XE3 package.  So unless you can test at least the OverbyteIcsCBXe3Run package, I don't see any point in pretending it's worthwhile.  I'll archive the old C++ files somewhere, so they are not lost.  

Angus

What use are the old C++ package files if they do not contain all the units necessary to build the package, as required by the registration unit?

Angus 

Sorry, been busy doing too many other things this week.

When I add new units to ICS, I have to update literally hundreds of package files for all the old Delphi versions we support.  A few I might fire up that version of that Delphi, but it takes days to do that for all old versions so mostly it's a text editor job. 

But currently the old C++ packages are untouched, and I suspect they will no longer build anyway, at least not without lots of errors.  So I'll remove all old C++ files from the distribution, and going forward we'll just support 10.2 and later.  If someone needs support for C++ XEx, they will be better working from a newer version than an older version.

My email address is in the readme8.txt file.

Angus

You need to make your application SSL aware to use https, and that means using an SslContext, at least for older components.

I suggest you look at the new  OverbyteIcsHttpRestTst sample that uses the new OverbyteIcsSslHttpRest component, this hides the complexity of the SslContext from the application.

Angus

Four new zips for Win32 and Win64 versions of OpenSSL 1.1.1b and 1..0.2r can now be downloadable from the Wiki at: http://wiki.overbyte.eu/wiki/index.php/ICS_Download . The DLLs are also included in the ICS distribution SVN and overnight zip.  1.0.2r includes a moderate severity security issue, but I don't think it can impact ICS applications. 

Changes in 1.1.1b may be found at https://www.openssl.org/news/openssl-1.1.1-notes.html and 1.0.2r at  https://www.openssl.org/news/openssl-1.0.2-notes.html

Beware 1.1.1b fixes a problem relating to multiple handshake done messages with TLSv1.3 that I reported to OpenSSL almost a year ago, and provided a workaround in ICS to fix meanwhile.  Others meanwhile reported the same problem updating old applications for TLSv1.3 so OpenSSL finally changed the handshake done behaviour.  My original fix still seems to work OK, but need to do more debug traces to ensure nothing unexpected has also changed with TLSv1.3.

Angus