Jump to content

Recommended Posts

ICS V8.68 has been released at: http://wiki.overbyte.eu/wiki/index.php/ICS_Download ICS is a free internet component library for Delphi 7, 2006 to 2010, XE to XE8, 10 Seattle, 10.1 Berlin, 10.2 Tokyo, 10.3 Rio, 10.4 Sydney and 11.0 and C++ Builder 2006 to XE3, 10.2 Tokyo, 10.3 Rio, 10.4 Sydney and 11.0. ICS supports VCL and FMX, Win32, Win64 and MacOS 32-bit targets. The distribution zip includes the latest OpenSSL 3.0.1 win32, with other versions of OpenSSL being available from the download page.


Major Changes in ICS V8.68 include:

 

1 - V8.68 is a minor release, mainly HTTP client and server improvements including new request and response headers to assist browser caching and conditional requests, improved error reporting to help diagnose failed HTTP requests, and improvements in the HTTP REST component allowing it to save files including resuming failed downloads and download files of any size.  There are minor fixes in various components, and updates to installing on MacOS and C++ Builder. There is also a new File Clean-Up demo ideal for deleting the old log files that many applications (including some ICS samples) leave on systems.

 

2 -The HTTP client TSslHttpCli now keeps the Etag response header as ResponseEtag, allowing applications to save it with the page content, and when requesting a refresh to add the request method ReqIfNoneMatch or ReqIfMatch to avoid downloading the page again. Improved RequestDoneError to give more information than a simple abort, added httperrOutOfMemory and httperrBgException which happen while receiving and processing data in the OnDocData event and httperrSslHandShake. For range downloads, added the ContentIfRange request header which can send an RFC1123 date or Etag so a partial download only happens if the file is unchanged.

 

3 - Previously, the HTTPS REST client TSslHttpRest always downloaded content to a TMemoryStream with content size being limited to MaxBodySize (default 100 MByte), and generally restricted by memory to less than 250 MByte.  To remove this limitation, added the HttpMemStrategy property with THttpMemStrategy on how to handle downloads: HttpStratMem only TMemoryStream; HttpStratTemp uses a work file in the system temporary directory for sizes larger than MaxBodySize; HttpStratFile always writes a named file HttpDownFileName (with .part extension during download); HttpStratResume is similar to HttpStratFile but supports resume of failed partial downloads (with .http extension for resume information). Property ResumeMinSize defines the minimum sized partial file that should be resumed, rather than start again (default 64K). Added ShowProgress property that causes download information to be sent to the OnHttpRestProg event.

 

4 -The HTTP server TSslHttpServer now supports the If-Range, If-Match and If-None-Match request headers for conditional pages using Etag or last modified date, and sends 304 not modified for  matches, to help with caching.  Added an ETag header to responses in AnswerStream and AnswerPage when we can create one from a file modification date and size (base64 CRC32), or if the EntityTag property is specified in the client onGetDocument event before using hgSendDoc or hgSendStream, perhaps a CRC32 of the entire content from a cache. The 304 not modified response now includes more recommended headers. Also add a Date: header to AnswerStream and AnswerPage responses to help with caching.

 

5 - The Multi HTTPS client TIcsHttpMulti has been updated to a fix a problem that meant large files failed download with only an abort error if too large for TMemoryStream, now downloaded to TFileStream with .part extension and renamed up successful completion.

 

6 - The previous ICS release added support for the OpenSSL 3.0 release. Now it's been available for three months it has been added to the main distribution, the samples SslInternet directory now has both OpenSSL 1.1.1m and 3.0.1. ICS now supports YuOpenSSL 3.0 and 1.1.1 versions as commercial DCUs allowing applications to be used with OpenSSL without needing separate DLLs.

 

7 - In TIcsFileCopy, the DeleteFiles method now supports a new Zipped property so files are zipped with .zip extension before being deleted, useful for cleaning up old logs to save space (requires VCLZip).  The OverbyteIcsXferTst,dpr sample has a new File Clean-Up tab to test the multiple DeleteFiles method, it allow files older than x days or a specific date range to be archived/zipped (to save space) or deleted, ideal for deleting the old log files that many applications (including some ICS samples) leave on systems.

 

8 - In the FTP client TSslFtpClient, using the PORT command to set Active mode now prevents other FTP clients sharing the same port number and address, usually only a problem with a small port pool (which is not recommended).

 

9 - Updated the trusted root certificate bundle files, lots of changes from Microsoft since June, Google is now issuing it's own certificates. Updated the build-in sslRootCACertsBundle, few gone, now total 59 certificates commonly used.

 

10 - ICS should now build with C++ for RAD Studio 10.4 and 11.0, fixed the 11.0 packages and various Windows API related units, including for  Win64.

 

More detailed release notes are at http://wiki.overbyte.eu/wiki/index.php/ICS_V8.68

 

  • Like 2
  • Thanks 3

Share this post


Link to post

image.thumb.png.92cb75e2521d33f7cc661bedb95e3991.png

if GetIcsHosts = Nil then
  Client.SslEnable  := ftpImplicitSsl in Client.FtpSslTypes;

There maybe below?

if GetIcsHosts <> Nil then
  Client.SslEnable  := ftpImplicitSsl in Client.FtpSslTypes;

Otherwise, implicit ftps will not work.

Share this post


Link to post

To clarify, you are reporting a problem in the ICS FTP server relating to SSL port 990 connections relating to changes made in V8.65 a year ago? 

 

What is your actual problem, the code change works fine in my testing with implicit FTP, you can try itself by accessing my public server ics.ftptest.org with anonynous login:

 

Connect/Logon to FTP Server: ics.ftptest.org:990
! SSL Connected OK with TLSv1.3, cipher TLS_AES_256_GCM_SHA384, encryption AESGCM(256), message auth AEAD
ics.ftptest.org SSL Connected OK with TLSv1.3, cipher TLS_AES_256_GCM_SHA384, encryption AESGCM(256), message auth AEAD
ics.ftptest.org SSL Chain Verification Succeeded
ics.ftptest.org 3 SSL Certificates in the verify chain:
#3 Issued to (CN): *.ftptest.co.uk
Alt Domains (SAN): *.ftptest.co.uk, *.ftptest.org, *.ftptest.org.uk, *.ftptest.uk
Issuer (CN): R3, (O): Let's Encrypt
Expires: 2022-03-21T16:06:48, Signature: sha256WithRSAEncryption

< 220-ics.ftptest.org

< 220-ICS TFtpServerW (c) 1998-2021 F. Piette V8.67
< 220 Server: MAGPUB5 at 2022-01-16T13:52:52
FTP Session Connected OK to: [2a00:1940:2:2::142]:990
> HOST ics.ftptest.org
< 220 HOST Ok, FTP Server ready.

 

Angus

 

Share this post


Link to post

Hi, thank you for your reply.

In latest stable version v8.68, the sample ftp-ssl client project "OverbyteIcsSslFtpTst" works fine. I also try accessing server ics.ftptest.org:990, and it also works fine.

The problem is on ftp-ssl server project "OverbyteIcsSslFtpServ", I testing with implicit ftp (delphi 7 and delphi 10.3.3), it's not work fine. Here is the output screenshot:

image.thumb.png.41bb526a573017cdc6c677f95695c6ac.png

I found the code in "OverbyteIcsFtpSrv.pas" after I checked:

if GetIcsHosts = Nil then
  Client.SslEnable  := ftpImplicitSsl in Client.FtpSslTypes;

An I change the code to:

if GetIcsHosts <> Nil then
  Client.SslEnable  := ftpImplicitSsl in Client.FtpSslTypes;

Then the ftp-ssl server project "OverbyteIcsSslFtpServ" works well, below is the output screenshot:

image.thumb.png.30c39dc24933f168a74242ab5077a274.png

 

Is this a bug? Or what I think is wrong? What's your opinion?

Edited by anonymousaccount

Share this post


Link to post

You should be using the OverbyteIcsSslMultiFtpServ.dpr sample which was introduced with V8.65, supporting implicit and explicit connections at the same time using multiple listeners, the FTP server hosting ics.ftptest.org has 10 listeners for various services.  It also orders Let's Encrypt SSL certificates automatically, although not the multi-domain wild card one shown earlier which was done using another sample. 

 

It seems I did not update the old  OverbyteIcsSslFtpServ sample for V8.,65, so perhaps the server changes were not backward compatible (we try to avoid that) and I never tested it.  I'll put it on my list to check, but won't be making your suggested change since that will break new servers.

 

Angus

 

 

 

Share this post


Link to post

@anonymousaccount I've fixed the FTP server bug, you found the correct location of the bug but the fix was slightly different.  Should not matter now since I assume you are using the new FTP server sample with IcsHosts.  Will be in SVN shortly. 

 

Angus

Share this post


Link to post
17 hours ago, Angus Robertson said:

@anonymousaccount I've fixed the FTP server bug, you found the correct location of the bug but the fix was slightly different.  Should not matter now since I assume you are using the new FTP server sample with IcsHosts.  Will be in SVN shortly. 

 

Angus

Thanks for your work👍

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×