Re: [twsocket] Nagios like communication
> The linchpin of all this is, that the program itself is up and > running, doesn't hang and that it can > still response. Otherwise, days can go by and no data is recorded. I hope your application is already a Windows service, you can then make use of the various service restart options if it stops. These options do not handle lock-ups, so you really need a second Windows service sending messages to the first, and using various methods to crash and restart it if there is no response, maybe also checking a shared file or registry key to make sure the first program is working. > So my idea was to have a little watchdog (to be programmed) running > on a server which regularly connects to all of the clients to get a > response that all is well. Several years ago I had a large project with PCs running on road vehicles, which is a horrible environment, power surges, heat and vibration. I had three 'vehicle activity servers' using TWSocketServer which the remote vehicles contacted via wifi (and later 3G) every five minutes, which updated a SQL database, reported on web pages. I designed a simple TCP/IP ASCII protocol that ended up with about 50 different commands each way, returning status information like fan speeds and CPU temperatures so we knew when the PCs were about to die (50% of CPU fans died within a year). Some of this you can do with off the shelf software, I sell an application ComCap that accepts UDP and TCP messages, and will email based on content or when they stop, and I use it myself so I know when my remote hosted servers goes off-line. Nagios is probably similar, but much more specialised than ComCap, but I've no idea what sort of input streams it expects. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] Openssl-1.0.1g
> Is it possible to get ICS working with 1.0.1h? Yes, but maybe not immediately, it needs someone to compile the DLLs so they don't need any external run time libraries, any volunteers (I don't understand C)? Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
[twsocket] Future improvements for HTTP components?
This message is intended to start a dialog about future improvements to ICS components for Windows, in particular the HTTP client and server components where the world is moving ahead of us. Currently, new features tend to get added as needed by the main ICS developers for specific projects, for instance I've added cookie and better MIME support recently for my own projects. Other users have customised ICS components for their own purposes, sometimes submitting them as 'usermade' back to ICS, sometimes making them public in other ways. So the first question here is are new features needed for future Delphi projects using ICS, and if so what, in which order of priority? The next question is has someone done this work already, and are they prepared to donate the work to ICS for others to share? Finally, all this new stuff has to integrated and tested with the existing ICS code, which can be time consuming on it's own, so who can help? Usually that is those benefiting from the improvements? Specifically, for the HTTP client and server components: 1 - Support all the current requests, PUT, DELETE, PATCH, TRACE, OPTIONS and CONNECT, optionally. 2 - Support OAuth and/or OpenID authentication. 3 - Support Web sockets (not really HTTP), already done by Stan Korotky at http://ics-websockets.googlecode.com/svn/trunk Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] Nagios like communication
> which component can be used as client to talk to the above server > component. > Building an http server into my program sounds good but is way too > much for what I need. Look at free Magenta Systems IP Log Streaming Component at: http://www.magsys.co.uk/delphi/magics.asp which is a high level TCP/IP and UDP/IP, server and client, all in a single component, that can be dropped on a form and only needs a couple of events to send and receive lines of data. There is an EXE demo in the zip. It handles all the boring error handling, connection and disconnection events, retries on failure, etc, so you just program your own protocol. I've just finished a new version supporting SSL and IPv6, not on the web site yet. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] Future improvements for HTTP components?
> basic http server that handles requests but process them on > different and configurable number of threads. Anyone? Have you looked at the existing threaded components and demos: OverbyteIcsWSocketTS.pas - Winsock component for building multithreaded servers OverbyteIcsThrdSrv.dpr - Basic multithreaded TCP server, banner sent in main thread OverbyteIcsThrdSrvV2.dpr - Basic multithreaded TCP server, banner sent in worker thread OverbyteIcsThrdSrvV3.dpr - Basic TCP server showing how to use TWSocketThrdServer Effectively, the existing HTTP server component needs OverbyteIcsWSocketS.pas replacing with OverbyteIcsWSocketTS.pas. I might look at this in a few months, since my own web server is currently blocking for a few milliseconds while SQL requests complete, but no-one has ever complained. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] Nagios like communication
> So, if I want to make the conversation back and forth like asking > for a status and waiting for a > reply, I would need two instances of the component to handle both > directions of the communication? No, once a connection is made you have two-way communication, use the SendLogLine method to send a line and anything received arrives in the LogRecvEvent. But you can have as many instances of the component as you need, using different IP addresses and ports. Note this is really designed for line based protocols, it buffers a line at a time. I may add streaming in the future, but don't need it for any of my own applications, yet. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] file size in tftpclient server
> how to get the size of the file will be downloaded from the ftp > server to make a progressbar in onProgress event? There are several ways of finding the size of a file, depending on which commands the FTP server supports. The easiest is MLST which gets size and time stamp for a single file, if not try MDTM which is similar, next LIST with a file name argument may return a single file, but not on all servers, so finally you LIST the whole directory and find the single file you care about, after parsing the directory listing, that maybe in several different formats. The much faster way is download the free Magenta Systems File Transfer Components: http://www.magsys.co.uk/delphi/magxfer.asp and use the TMagFtp component which is a high level FTP component hiding all the differences between FTP servers from you, and allowing you to download or uploaded hundreds of files, including sub-directories, with a single command. There is a single function that does exactly what you need: function TMagFtp.FtpCheckFile (const RemDir, RemFile: string ; var FSize: Int64; var FileUDT: TDateTime): boolean; and another that will download a single file, providing a progress event with percentage done and estimating time left to complete. function TMagFtp.FtpDownOneFile (const FdirSrc, Fnamesrc, Fnametar: string ; Replopt: TFileCopyRepl) : TTaskResult ; When downloading multiple files, the progress event gives details for both the current file and the whole job. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] file size in tftpclient server
> I could not install more in Delphi XE6, seem to only have to XE4 > version It only takes a few seconds to update the XE4 package to XE5 or XE6. I only have time to update my free components about once a year. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] Openssl-1.0.1g
> Is it possible to get ICS working with 1.0.1h? The overnight ICS v8 zip has been updated to allow OpenSSL 1.0.1h to be used. However, we still don't have our own compiled OpenSSL DLLs, instead I have tested it briefly with the Win32 DLLs from: http://slproweb.com/products/Win32OpenSSL.html Note these come with a Windows installer, and need Microsoft Visual C++ 2008 restributables installed before the installer will run. If you distribute these new OpenSSL DLLs with your own applications, you need to ensure the Microsoft runtimes are installed as well. That is why Arno has previously compiled our own versions that have no dependencies, but he's unable to work on ICS at the moment. Maybe such DLLs are available elsewhere, not really looked. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
[twsocket] Magenta Systems IP Log Streaming Component
Version 2.0 of the Magenta Systems IP Log Streaming Component may now be freely downloaded from: http://www.magsys.co.uk/delphi/magics.asp Version 2.0 adds IPv6 and SSL support including certificate checking using a PEM bundle file or Windows Certificate Store, adds host name support for clients and adds sending a stream of unlimited length. The component needs ICS v8 dated April 2014 or later installed. Overview TMagIpLog is designed for IP stream logging, using TCP Client, TCP Server, UDP Client or UDP Server protocols, sending simple text lines across a network so they may be displayed or written to disk remotely. The component allows two way communication with TCP and UDP, so may also be used for simple protocols such as communication between two applications. The component supports multiple client sockets so may be used to send data to two or more different remote servers at the same time. For TCP and UDP clients, the component will optionally ping the remote computer first before opening an IP connection to allow faster failure retries and some confirmation that UDP may work. TCP client provides repeated connection retry attempts, including re-establishing a lost connection. UDP client will optionally keep pinging the remote during a connection to ensure it's still there. UDP server sends data to the IP address and port from which it last received data. TCP server supports multiple remote clients connecting. Received data is parsed for various line endings optionally removing control characters and triggering an event for a received line. The only other two events are optional, one for state changed when starting and stopping, the second offering progress information and errors. The component supports both IPv4 and IPv6, host name lookup for TCP and UDP Client, and SSL connections for TCP Client and TCP Server, including remote server certificate checking using either a local PEM bundle root file or the Windows Certificate Store. -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] THTTPCli and 307 or 308 redirects with non GET methods
> Not easy to get it from the RFCs or from the online discussions, Can we please make a final decision if further redirect changes are needed now, just doing other updates. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
[twsocket] OpenSSL 1.0.1h binaries available
Thanks to RTT for recompiling the OpenSSL 1.0.1h binaries so there are no external dependencies with Microsoft runtime libraries. 1.0.1h contains more security fixes, but none as urgent as 1.0.1g. These need to be used with the latest ICS v8 from the SVN, which has been updated to support both 1.0.1g and 1.0.1h. I've rebuilt all my ICS client and server SSL applications for 1.0.1h and all have been running OK since last week, also I've tested the 64-bit binaries with the ICS sample web client and server demos. Unfortunately, the DNS records for overbyte.be seem to have been temporarily lost so neither of the ICS web sites has been available since last Friday, and I've been unable to upload the new SSL files. Meanwhile, the ICS nightly zips and SSL binaries can be downloaded from the ICS component page at my web site: http://www.magsys.co.uk/delphi/magics.asp and the SVN repository is available at: svn://svn.magsys.co.uk/ics or http://svn.magsys.co.uk:8443/svn/ics Note this is a permanent URL for the SVN repository. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
[twsocket] ICS web client and server new features
I've updated SVN with improvements to the ICS web client and server to support all current HTTP methods, specifically for support of RESTful servers. The overbtye.be DNS records are still broken, so downloads are from: http://www.magsys.co.uk/delphi/magics.asp OverbyteIcsHttpProt.pas Jul 16, 2014 V8.09 Angus Added new methods: OPTIONS and TRACE Published RequestType for events OverbyteIcsHttpSrv.pas Jul 17 2014 V8.08 Angus Added HTTP/1.1 methods OPTIONS, PUT, DELETE, TRACE, PATCH and CONNECT, all need to be optionally enabled OPTIONS and TRACE are handled by this component PUT and POST need to be handled similarly to POST with an upload DELETE is handled similarly to GET CONNECT is really for Proxy Servers and ignored here for now Added ServerHeader property optionally sent if hoSendServerHdr Added RequestMethod property for client of THttpMethod Added RequestUpgrade property for client, websoocket is protocol should be changed The web client changes are minor, the main RESTful methods were there already, added two missing diagnostic methods. The sample however was missing some methods and is now complete. The web server needed many more methods adding, none are enabled by default. The Options property defines which new methods are allowed. It would be nice for add a REST demo page to web server demo, if anyone has any ideas please comment here. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] ICS web client and server new features
The nightly zips at: http://www.magsys.co.uk/delphi/magics.asp have now been correctly updated with the latest ICS v8 changes. Due to the overbyte.be DNS failure the nightly job was not checking out the latest version from the repository so the older version was being zipped nightly instead. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] OpenSSL 1.0.1h binaries available
> loaded the ICS site today and saw it empty.. thought maybe it had > been hacked, then rushed here to check the mailing list. I run a > small hosting server since around a decade with a few local > clients and my own sites, if you need a temporary account > with some space Thanks, hosting is not an issue, I have hosted Windows servers where the SVN has always resided. I also host test ICS FTP and HTTP servers. The hosting company for overbyte.be has become non-responsive, not answering any support queries, and they control the domain. François is trying to get control of it again, but it may take some weeks. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] OpenSSL 1.0.1h binaries available
> Back to topic, some people have been reporting issues with these > new DLLs (1.0.1h), they get a message like libeay32 was not > created to run on Windows or something of that sort. You need to report exactly what error message on which operating system. Then get them to try 1.0.1g and see if that works any better. You could also ask then to try the Win32 binaries from the OpenSSL web site that use Microsoft runtimes. I've got 32-bit SSL applications running with them on all the major supported OSs, but did only test 64-bit briefly. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] Handle Leak
> I'm using the Version 8 'Gold' build of the ICS components with > Delphi XE2 and I'm seeing some strange handle leaks. Note that I'm > not using SSL. > > I've run the application for 48 hours, and have confirmed there are > absolutely no memory leaks (memory usage is stable), but the > working set keeps growing. After running Process Explorer and > logging handle counts I've managed to narrow down the leak to > Access Token handles. I run several ICS applications for up to a month at time on multiple PCs and servers, often only restarting for Windows Updates, and I've not seen any handle or memory leaks. There is a major handle leak in some releases of Microsoft ADO using asynchronous calls to access databases, fixed a couple of years ago, one of my applications ending up using 500,000 handles. Which specific ICS components are you using, and how many handles are leaked per hour? Or is it per connection or something? My understanding is access token handles relate to the security context of a process or thread, and ICS essentially does not use threads or create any processes. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] Set Connection Header with HttpAppServer
> is it possible to set the returning header from an HttpAppServer to > close (instead of Keep-Alive)? How can I do this? You can add any headers you like when calling AnswerPage for TUrlHandler class. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] Set Connection Header with HttpAppServer
> yes I know, but if I set the Header manual to close it is set > twice?! > > > > is it possible to set the returning header from an > > HttpAppServer to > > > close (instead of Keep-Alive)? How can I do this? So you are already adding the correct header to close the connection, and your problem is not how to set headers, but how to stop duplicate headers? Example headers might help to explain your real problem. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] Set Connection Header with HttpAppServer
> yes the Header Connection is set twice. Here is my code: Well yes, but it's not set the same twice. The HttpConnection (and UrlHandler) class has a KeepAlive property, if you set it false before sending the answer, then 'Connection: Close' will be sent automatically. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] OpenSSL 1.0.1h binaries available
The Overbyte web sites have finally returned to life, so the new OpenSSL binaries are also available on the wiki download page: http://wiki.overbyte.be/wiki/index.php/ICS_Download Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] HttpAppServer IP
> how can I find out the local IP Adress that is used by the > HttpAppServer? In event BeforeProcessRequest: var SocketServer: TWSocketServer; ListenItem: TWSocketMultiListenItem; begin xx SocketServer := TWSocketServer ((Sender as THttpServer).WSocketServer); if SocketServer.MultiListenIndex = -1 then begin RemoteClient.CServerAddr := SocketServer.GetXAddr ; RemoteClient.CServerPort := SocketServer.Port ; end else begin ListenItem := SocketServer.MultiListenSockets [SocketServer.MultiListenIndex] ; RemoteClient.CServerAddr := ListenItem.Addr ; RemoteClient.CServerPort := ListenItem.Port ; end ; If you are not using Multilisten, ignore that code. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] HttpAppServer IP
> is it possible to get these information before a client connect - > on server startup? Conceptual problem here, you specify the IP addresses the web server listens on, so you must know what address the server is using. The only exception in 0.0.0.0 which means any IP address, when you need to use the client code to find which address the client choose, which could have been any of those allocated to the PC. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
[twsocket] OpenSSL 1.0.1i binaries available
Thanks to RTT for recompiling the OpenSSL 1.0.1i binaries so there are no external dependencies with Microsoft runtime libraries. 1.0.1i contains even more security fixes, but none as urgent as 1.0.1g. These need to be used with the latest ICS v8 from the SVN, which has been updated to support both 1.0.1g, 1.0.1h and 1.0.1i. The nightly ICS v8 and OpenSSL binaries may be downloaded from: http://wiki.overbyte.be/wiki/index.php/ICS_Download Note most users only need to download the 32-bit DLLs, the 64-bit DLLs are only for use with Delphi applications compiled for the 64-bit platform. The 32-bit DLLs work on both 32-bit and 64-bit Windows with 32-bit applications. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] Handle Leak
> Where can I upload the source code for these two apps so you can > compile an run them? Before we even think about review or testing your code, you need to answer some of the questions in my last reply, since you've yet to explain what components you are using. It is very rare for us to review code, since ICS is so widely used, tested and stable. We simply don't have the time. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] Handle Leak
> There are no memory leaks, and no other handle leaks, other than > security-context tokens. To the best of my knowledge, ICS does not use security-context tokens in any components, except perhaps for NTLM Authentication where I think the security context gets switched or something, but never looked at that code or used NTLM. > The Client Sample creates an instance of the THttpCli component for > each message sent to the Server Sample, which uses a single > THttpServer component. So you have handles leaking in two separate ICS applications, one using HTTP client, one using HTTP server? Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] Handle Leak
> The problem occurs in both server and client or just in one of them? He's said the leak occurs in both server and client. However he has not stated what version of Windows is being used. Server versions are designed to handle more connections than client versions, and 40 connections a second is not realistic for a client OS. This problem could also be related to other software on the PC, a firewall for instance. There is a rare handle problem in ICS: !!! Application Exception Big - Unable to create TIcsWndControl hidden window. Error #8. which happens about once a month on my public web server, really impossible to reproduce without a few hundred thousand hits after three or four weeks, but this is nothing to do with memory leaks or handle leaks, I track those. So my solution is simply to restart the service when it happens and send a warning email, downtime about two minutes. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] SSL
> Will ICS support SChannel native Windows SSL? Then we could no > longer need OpenSSL. No, ICS can not use native Windows SSL, only OpenSSL. Windows does have something called Secure Channel, aka SChannel, that supports SSL/TLS, but I can only find some general descriptions about it in MSDN, nothing specific at an API level. It would be a major job of many weeks work to change the SSL support in ICS, and would needing funding from somewhere. All that work would be wasted for cross platform development, OSX, Linux, mobile, etc, If you really want to use Microsoft SSL, use the WinInet HTTP components that MSIE uses, there are Delphi implementations around. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
[twsocket] OT: Buffer Overflow in VCL Bitmap Processing Code
Because Embarcadero is still trying to get it's forums and newsgroups running after two weeks downtime, some may have missed a security vulnerability in the VCL graphics unit processing bitmaps: http://blog.marcocantu.com/blog/2014_august_buffer_overflow_bitmap.html The bug needs a two line fix in graphics.pas, in all versions of Delphi. http://support.embarcadero.com/article/44015 Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
[twsocket] ICS available for Delphi XE7
SVN and the nightly ICS snapshot have been updated with new install projects and packages for Delphi XE7, which was released this week. http://wiki.overbyte.be/wiki/index.php/ICS_Download There were no source changes needed to support XE7, just new packages and the include file. Only ICS V8 supports XE4 and later, and only for Delphi Win32, Win64 and OSX projects, no mobile platforms and no C++. Embarcadero forums came back online about a week ago, but old messages for about four weeks from late July were lost during the restore process. If you read forums using an NNTP news reader, you may not be getting any new messages, due to the latest message numbers having gone backwards. Depending on your news reader, you may need to redownload all messages in each group/topic, or resign and rejoin them. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] issues with POSTing data to ICS HTTP server (reproducible with ICS HTTP server demo)
> For a current project I need to build an HTTP server to which data > can be POSTed, so I build one using OverbyteIcsWebServ.dpr as an > example. > I ran into stability problems, and starting slimming my code down > to isolate the problem. Please try uploading your file to one of my public servers, which uses the ICS webapp server component, and see if you get the same problem. http://www1.telecom-tariffs.co.uk/testing/uploadfile.htm Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] issues with POSTing data to ICS HTTP server (reproducible with ICS HTTP server demo)
> Thanks for the idea, can I upload files from software instead of > using the webpage? This is explained when you read the web page. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] issues with POSTing data to ICS HTTP server (reproducible with ICS HTTP server demo)
> No, I can't reproduce using that URL, I'm not really sure what > triggers the situation I have seen cases where a bug that shows up during testing on a fast LAN is never reproduced on real world servers and networks. Try adding bandwidth limiting to your client to slow down the speed on the LAN. Set BandwidthLimit to bps, and add HttpoBandwidthControl to Options. This is an alternate to adding extra delays which is effectively what you are doing by updating the screen. There is probably a race condition somewhere, that has yet to be found. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] issues with POSTing data to ICS HTTP server (reproducible with ICS HTTP server demo)
> No, I can't reproduce using that URL You did not succeed in saving any files on the server, because my application ignores all upload file names with file path delimiters. It will be a better test if you strip off the path and just leave the XML file name. 12:42:59 Request: 192.168.1.162:80[id=5398] from 80.100.37.247 (bosma.xs4all.nl): http://www1.telecom-tariffs.co.uk/testing/uploadfile.htm?FileName=merijn.test/cg i-bin/FileUpload/books.xml POST 12:42:59 Received Post Data File, Size 4,550, Content Type: application/binary 12:42:59 Illegal Upload File Name: merijn.test/cgi-bin/FileUpload/books.xml FileName: merijn.test/cgi-bin/FileUpload/books.xml FileTitle: Post URL: http://www1.telecom-tariffs.co.uk/testing/uploadfile.htm >From IP Address: 80.100.37.247 12:42:59 Request Completed: 192.168.1.162:80[id=5398] 80.100.37.247 (bosma.xs4all.nl), Result 200, took 0ms, CurRead 4.97 Kbytes, CurWrite 2.35 Kbytes Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] issues with POSTing data to ICS HTTP server (reproducible with ICS HTTP server demo)
> I've tried a number of times with this url > http://www1.telecom-tariffs.co.uk/testing/uploadfile.htm?FileName=me > rijn.test > Can you please confirm if the upload went ok? > Received Post Data File, Size 4,550, Content Type: application/binary > FileName: merijn.test/cgi-bin/FileUpload/books.xml No, my application decodes the received POST data with TFormDataAnalyser, and that has the longer CGI file name. It ignores the URL argument if the HTTP content says multipart/form-data. It's a couple of years since I worked with this stuff and I don't POST files in any of my active applications, so I'm a little hazy on why it's there - possibly to test the form decoding components when someone in this mailing list was having a problem. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] Simple Example to receive POST Data with THttpAppServer?
> is there a simple example how to receive and manage POST Data with > THttpAppServer? The normal web server sample has all the POST data examples, it's exactly the same for the application web server which is a descendent with the same events. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] Simple Example to receive POST Data with THttpAppServer?
> yes, I've looked at the example. But if I try to implement this to > my application the OnPostedData-Event is never raised. I don't know > why :-(. > Is there a Handler for POST-Data, that I have to register first? You do need an AddPostHandler page handler for each POST page you need, maybe as well as a AddGetHandler, and you check Client.Method to see which called it. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] Simple Example to receive POST Data with THttpAppServer?
> I've added an AddPostHandler, but I don't know how to grab the POST > values. Is it the same like get?: > > ExtractURLEncodedValue(Params, 'user', user); > ExtractURLEncodedValue(Params, 'password', password); For form data, I save the posted data into a stream and then use the form analyser decoder. MemoryStream.WriteBuffer (Client.PostedData^, Client.PostedDataLen); MemoryStream.Seek(0, 0); Decoder := TFormDataAnalyser.Create(nil); Decoder.OnDisplay := DecoderDisplay; Decoder.DecodeStream (MemoryStream); For a simple string, use at Client.PostedData directly. Look at the mailer code I added to OverbyteIcsWebAppServerMailer.pas which is where I should have directed you first. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] TWSocketServer in depdicated thread
> I'm trying to make TWSocketServer pworking in a separate thread Why not start with TWSocketThrdServer? Look at the sample OverbyteIcsThrdSrvV3.dpr which uses it. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] TWSocketServer in depdicated thread
> However the question is: why events > are not raised in case of moving TWSocketServer out of main > application thread? Because you need a message handler in the thread. There are lots of samples that show how to use threads. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
[twsocket] Testing mailing list
Not seen a new message here for two weeks, and had a report posts are not working, see if this message appears. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] (no subject)
> Download the "traceroute samples" from > PINGTHRD.ZIP, TRACEROUTE, TRACEROUTE II Those usermade samples are all outdated. The ICS V8 ping component now has threaded ping, and the OverbyteIcsPingTst sample has a trace route demo. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] Problem with Webserver Session
> I try to implement a Session to my Webserver like in the Wiki, but > ValidateSession always returns a wrong value. The application is > implemented as a Service. What could be wrong? Sessions needs cookies, are sure the server is sending a session cookie for a new session and the client is returning it correctly? I use ValidateSession (true or false), don't know what value you expect, to create a new session or re-use an old session. But I also pass session ID in the URLs, so maybe it's not working. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] Problem with Webserver Session
> I think there is something wrong with setting/recognizing the > session cookie because every time I execute the function above a new > session will be generated. I got another ICS web server app running > and there a cookie is set correctly. In this app the cookie is not > set and I don't know why: I don't have logging in my web application at that point, so don't know if it works correctly, just know the application itself does what I expect. Never looked at the web session code, you'll need try debug it to see where things go wrong, although checking where the cookie gets lost is much quicker. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] HTTP server not receiving data from PUT requests - bug report & fix
> I've noticed that HTTP server (OverbyteIcsHttpSrv) is not > processing PUT requests correctly. PUT requests can have data > attached (just like POST) but this data never makes it to the > program because OnPostedData is never called. Thanks, will update SVN, but not this week. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] Problem with Webserver Session
> is there example code where I can see the Session handling via URL > and SessionID? The only sample code using web sessions is the web application server, OverbyteIcsWebAppServer.dpr Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] Help with sending mail through gmail please
> I am playing with the OverbyteIcsSslMailSend project (from Ver 7) > to see if I can send a message from gmail. > Unfortunately I get an error 11004 every time I click 'connect' The V8 demo works fine for me with Gmail, although it defaults to no SSL so you must change 'SSL Type' to Explicit (StartTLS) using port 25, or Implicit using port 465. Gmail does not work without SSL. If you want to save yourself a lot of effort, use my free Mail Queue Component from: http://www.magsys.co.uk/delphi/magics.asp which hides most of the complexity, and runs a disk queue to mail retries if the server is unavailable, or uses multiple servers. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] Help with sending mail through gmail please
> However I am now getting the error > RequestDone Rq=12 Error=EIcsLibeayException Unsupported OpenSSL > version (0x0090600F) ! > Supported versions are 0x0090805F - 0x10AF > FileName: C:\Windows\system32\LIBEAY32.DLL The general rule with ICS SSL applications is always put the two OpenSSL DLLs that match the version your application expects in your application directory. Then you know these will be used independently of other applications using OpenSSL that may install different versions. During development, the DLLs need to be in the debug and release directories unless you change target destinations. Before you use SSL, you should initialise the SSL Context component, which will load certificates (servers only) and the DLLs and giver an exception if there are any problems. SslContext.InitContext; Afterwards, you can use call OpenSslVersion and GLIBEAY_DLL_FileName to get the actual version and DLL location you are using, which is useful for diagnostics. Since version 7 is so old I don't know the latest OpenSLL version it supported, you should be using the overnight version of version 8 that we try to keep up to date supporting the latest OpenSSL. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] Help with sending mail through gmail please
> Ok, thank you for the advice. To be honest I downloaded CIS ver 7 > because I couldn't really understand how to get ver 8. You just download the ICSV8 snapshot zip from: http://wiki.overbyte.be/wiki/index.php/ICS_Download The main ICS web site is updated once or twice a year, the download page is daily update. > "Before you use SSL, you should initialise the SSL Context > component," > Doesn't the demo do that for us then? So I shouldn't expect it to > work 'as is' It does work as is, but these are simple sample programmes, not commercial bullet proof applications with extensive error handling and recovery. Initialising the context first allows you to trap errors earlier like OpenSSL missing, and stop use of SSL when it won't work. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] Help with sending mail through gmail please
> see how much I can remove to get just the > core functionality and minimum property seting needed to simply > automatically send a emailed newletter. Please do look at the Mail Queue Component I mentioned, the demo is actually a cut down version of a mailing list application I wrote 15 years ago and use regularly. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] Help with sending mail through gmail please
> OK, will do, that sounds like just what I need as each month the > system will have to send about 6 emails, each with about 90 bcc in > order to send an email with a 1 Mb attachment to around 550 people > max without falling foul of gmails limits. One reason I wrote the mailer in the first place was so I could send individually addressed emails in bulk, rather than using BCC mailing lists. Takes longer if the body is large, but our bandwidths are now vast. Not sure if Gmail is happier with single or multiple addresses, I have my own public mail server so can do what I like. Your application only requires the addition of domain lookup code to find the MX host, and you can send directly to their mail server avoiding Gmail. I intend to add that to the Mail Queue component, but have not got around to it yet. When combined with the SMTP server I wrote last year, that would give us a forwarding email server. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] Help with sending mail through gmail please
> The .exe in the zip runs ok but no matter which host and
> corresponding user/password I use it always reports
> Can Not Open Mail Server: :25 - 426 Timeout
Without SSL, you won't be able to connect to Gmail, see below.
Just tested the original binary, all I did was changed To: my own email address
and clicked Send Mail, that will also work for you since it will send to my
account through mail.magsys.co.uk, but obviously not to email addresses hosted
by my server.
These EXE does need the old OpenSSL files included in the zip, it's not been
updated for two years.
> And the .proj file I can't get to compile because of loads of
> errors based around not being able to find types eg
> [Pascal Error] MagentaMailQueue.pas(125): E2003 Undeclared
> identifier: 'TSmtpSslType'
SSL is optional for ICS applications, these are the errors you get when don't
specify USE_SSL in the project file or don't change:
{.$DEFINE USE_SSL} to {$DEFINE USE_SSL} in OverbyteIcsDefs.inc
After either change, rebuild the project so all conditional SSL code is built.
Angus
--
To unsubscribe or change your settings for TWSocket mailing list
please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be
Re: [twsocket] Help with sending mail through gmail please
> I agree with Angus, you would be better off to send the e-mails > individually to the recipients' mail servers. My main point was it's better to send individually addressed emails, than bulk BCC, they are less likely to be intercepted as spam, even if it takes longer to do so. I did mention sending directly to recipients' mail servers, but this was mainly if the mail levels are higher than a Gmail account allows. There is a spam detection risk when sending from known dynamic IP ranges, and without reverse DNS for that address, ideally you need DNS MX records and a mail server to receive bounces. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] Help with sending mail through gmail please
> one freshly built from the source code still gives Can Not Open > Mail Server: :25 - 426 Timeout Can you please email the entire content of the progress window showing a message being queued and sent, and the diag window (that may be hidden under the form) if anything, that's only SMTP protocol. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] TWSocketServer listen connections
> I do not want to close the connection, and not destroy it, must > leave all connected clients and access them when needed to send > data and information, > I do not need to use Cliente.Free? it will not overload the memory? No, your Cliente is simply a pointer to the real client in the component, there is no memory used and free closes the real client, which reduces ClientCount, so your loop goes mad. Note that clients are totally dynamic, each time a client closes or another one connects, the client total goes up and down, and the index of each client changes. Maybe this does not matter for your display, but otherwise you need to keep track of where a connection from, if you wish to respond to it. CliId is unique, incremented for each new connection. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] What is the correct format for friendly FROM address in TSslSmtpCli?
> I've tried several combinations (Using delphi with TSslSmtpCli) > sending both through gmail and through my own ISP's server to both > hotmail and a pop3 address. I can't seem to get the right 'from' > email to show up when going through gmail. It keeps showing the > real gmail account email instead. That's a Gmail anti-spamming feature. So you can not forge the From address. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] HTTP server not receiving data from PUT requests - bug report & fix
> I've noticed that HTTP server (OverbyteIcsHttpSrv) is not > processing PUT requests correctly. > The patch below fixes the problem. Don't know which version you were using, but the patch refers to obsolete code, PUT handling was added in July. Jul 17 2014 V8.08 Angus Added HTTP/1.1 methods OPTIONS, PUT, DELETE, TRACE, PATCH and CONNECT, all need to be optionally enabled OPTIONS and TRACE are handled by this component PUT and POST need to be handled similarly to POST with an upload Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] Use of TSslContext in sending SSL email (quick question)n)
> Is it necessary for me to create a separate TSslContext each time I > create a new TSslSmtpCliWithFEhloCount No, an SslContext set-up for SSL client or a single SSL server certificate can be shared by multiple socket components. The only issue is in SSL servers using MultiListen, where different IP addresses will need different certificates and all will share the same context so will fail. Just got caught on this with a project. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
[twsocket] OpenSSL and Poodle exploit
There has been recent press about an SSL server exploit called Poodle, which only effect SSLv3, not the more recent TLS 1.x protocols. Disabling SSLv3 in servers can be done by setting: SslContext.SslVersionMethod := sslV23_SERVER; SslContext.SslOptions := [sslOpt_NO_SSLv2, sslOpt_NO_SSLv3, sslOpt_CIPHER_SERVER_PREFERENCE]; v2 was obsolete long ago. You should also change the cipher suite, Mozilla now suggests three levels of ciphers, which are all now added to the latest overnight ICS v8 SVN. The minimum browsers these ciphers support are: sslCiphersMozillaSrvHigh - Firefox 27, Chrome 22, IE 11, Opera 14, Safari 7, Android 4.4, Java 8 sslCiphersMozillaSrvInter - Firefox 1, Chrome 1, IE 7, Opera 5, Safari 1, Windows XP IE8, Android 2.3, Java 7 sslCiphersMozillaSrvBack - Windows XP IE6, Java 6 so since IE6 is long obsolete I suggest: SslContext.SslCipherList := sslCiphersMozillaSrvInter; Once you have your ICS SSL web server updated and installed on a public server, there is an excellent SSL testing web site at: https://www.ssllabs.com/ssltest/index.html It takes a few minutes to test all the ciphers, but generates a detailed security report giving your web site a letter rating. Making the changes above raised my ICS SSL site from C to A-. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] missing WPARAM casts
> In some cases, FHSocket is not cast into WPARAM in > OverbyteIcsWSocket which can cause an exception. Attached patch > fixes this problem and also adds missing WSocket_setsockopt > overload accepting integer 'optval'. Attachments to the list are stripped. Please email me privately the complete unit, not a patch. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] OpenSSL and Poodle exploit
> I see you speak of fixing web servers in regard to the poodle > exploit. Is there any problem with clients? I see mine are set to > sslv23. I believe that was the default. Should I change this and if > so, to what? The issue with clients is they usually need to access a wide range of servers, some of which may not be using TLS. Not everyone keeps their servers up to date. You can try disabling v2 and v3, but then check your common sites are still available. SslContext.SslOptions := [sslOpt_NO_SSLv2, sslOpt_NO_SSLv3]; > Also, I was wondering if it's possible to get a snapshot of your > openssl 1.0.1i or 1.0.1j? 1.0.1i has been available since August at the downloads page: http://wiki.overbyte.be/wiki/index.php/ICS_Download We've not yet done an ICS 1.0.1j version, it's a minor release with mitigation for poodle, but setting options works just as well. There is quite a lot of effort in updating and testing new OpenSSL releases, and they are getting too regular. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] Patch to include RTL namespaces support
> I created a patch to add namespaces to RTL units. Thanks, patch applied successfully to my local SVN, now need to test with a few compilers and make sure all FMX and Windows packages can be rebuilt, will take a few days. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
[twsocket] OT: Let's Encrypt free SSL/TLS certificates
>From next summer, it will be possible for applications to automatically request and install free SSL/TLS web domain certificates, using infrastructure from Let's Encrypt certificate authority: https://www.letsencrypt.org/ Essentially, the client runs an application that creates the SSL private keys and certificate request, and sends it automatically to Let's Encrypt. There are then challenges to prove the domain is owned by client, either by creating a DNS record or a specific file on a web server, which the CA checks before automatically sending a new certificate back, which can be installed automatically. Revocation is automated in a similar manner. https://www.letsencrypt.org/howitworks/technology/ The specifications are at: https://github.com/letsencrypt/acme-spec Automated Certificate Management Environment (ACME) ACME is a protocol for automating the management of domain-validation certificates, based on a simple JSON-over-HTTPS interface. This repository contains the specification for ACME. Effectively these are domain verified SSL certificates, which currently cost about $16 per year from automated CAs like RapidSSL, not a certificate that shows a business name which still costs $200 per year or more. Not sure when testing starts, but I'll certainly create an ICS component to get these SSL certificates, I need it for my own applications. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] IcsLogger
> I'm trying to use the IcsLogger to trace down an SSL problem, but > I'm only getting this one line in the log file: > 15:21:49:633 InitCtx> OpenSSL version: OpenSSL 1.0.1i 6 Aug 2014 You also need to attach the logger to any socket or other components you are using, they should all have an IcsLogger property (so that is also an ambiguous name for a component). But generally you are unlikely to learn more about any SSL errors from the logger than from properly reporting errors after SSL requests complete. The logger is primarily for internal ICS development purposes. Few people understand the actual OpenSSL calls, I certainly don't. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] IcsLogger
> I have been unable to establish if ICS supports > TLSv1.1 and TLSv1.2. I expect it does, but would appreciate your > confirming this. Yes, OpenSSL supports TLSv1.1 and TLSv1.2, you should see this reported in the handshake completed event like: Secure connection with TLSv1.2, cipher AES128-SHA, But OpenSSL settings may disable some features for backward compatibility, so you do need to check carefully. > Thank you so much for your reply. I'm taking your advice and > forgetting the IcsLogger and pursuing SSL errors via SSL events. I've been debugging a handshake problem and it turns out that currently the IcsLogger uses some OpenSSL error handling routines that are not currently public in twsocket.pas so can not be accessed by applications. so you may get more detailed errors using IcsLogger for SSL errors at present. I'm going to try and improve the SSL error reporting next month. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] TR: OverbyteIcsFtpCli.pas error ?
> J'ai détecté une anomalie dans l'unité OverbyteIcsFtpCli.pas > procedure TSslFtpClient.PBSZAsync; > begin > FFctPrv := ftpFctPbsz; > ExecAsync(ftpPbszAsync, 'PBSZ ' + IntToStr(FPBSZSize), [200], > nil); end; Thanks, fixed, don't think it actually stopped the SSL Protection Buffer Size being set. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] Webserver problem
> Am trying to make a basic webserver I got the basic pages showing > up but am having trouble with tables and css how do I setup the > webserver to support css and basic html like tables and div? The ICS web server simply sends HTML pages you create to the remote browser, it has no knowledge of the content of those pages, although there are helpers to assist in creating pages. So you simply create your own HTML pages with CSS content, tables and DIV, as you would for any web server. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] Webserver problem
> I did but seam to not like my code as page is not correct layout > things are out of place Correct your HTML code or use an HTML authoring tool that creates the code for you. > also is it possible to add php to webserver? Not easily. If you want PHP you should use a standard web server like Apache. The ICS web server is designed for applications that create their own pages using the Delphi language, not other scripting languages. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] Sending font styles and colors over network
> so am wondering what would be best way to send the information over > network so it would be stable and reliable. TCP/IP is a reliable network protocol, if data is being corrupted it must be your implementation of your private protocol. I would recommend you use the Magenta Systems IP Log Streaming Component for your chat system, it will hide all the TCP/IP stuff so you simply send a string and receive a string, that string being your own designed private protocol. http://www.magsys.co.uk/delphi/magics.asp There is an executable demo in the zip, you can run two copies, one as client, one as server, to see it all working. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
[twsocket] OpenSSL 1.0.1j binaries available
Thanks to RTT for recompiling the OpenSSL 1.0.1j binaries so there are no external dependencies with Microsoft runtime libraries. 1.0.1j contains even more security fixes, including one for the Poodle exploit. These need to be used with the latest ICS v8 from the SVN, which has been updated to support 1.0.1j and earlier. The nightly ICS v8 and OpenSSL binaries may be downloaded from: http://wiki.overbyte.be/wiki/index.php/ICS_Download Note most users only need to download the 32-bit DLLs, the 64-bit DLLs are only for use with Delphi applications compiled for the 64-bit platform. The 32-bit DLLs work on both 32-bit and 64-bit Windows with 32-bit applications. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
[twsocket] SSL handshake reporting improvement
In earlier ICS versions, it was difficult to report the reason for SSL handshake failures, which could lead to frustration for users. In the OnSslHandshakeDone event, ErrCode was effectively true or false for success, and you had to enable the IcsLogger to get any OpenSSL error messages, even then there were also errors reported that were non-fatal and often the detailed OpenSSL error message was missing. With the latest ICS V8 snapshot, ErrCode still returns 0 for successful handshake, but now an OpenSSL reason code for a handshaking error (literals in OverbyteIcsLIBEAY.pas), except 1 means connection closed unexpectedly without an OpenSSL error being reported (which usually happens with clients, where the server reports the real error). For better reporting, the new SslHandshakeErr property returns the last full OpenSSL error which is a DWORD with library, function and reason packed as bits, new functions Ics_Ssl_ERR_GET_LIB, Ics_Ssl_ERR_GET_FUNC and Ics_Ssl_ERR_GET_REASON will extract each part. But most applications should use the new property SslHandshakeRespMsg which contains either the last error or a successfully connected message including the ciphers and methods negotiated, both of which can be reported in end user applications. Example of SslHandshakeRespMsg responses from my public web server include: SSL Connected OK with TLSv1, cipher AES128-SHA, key exchange RSA, encryption AES(128), message authentication SHA1 SSL Connected OK with TLSv1.1, cipher AES128-SHA, key exchange RSA, encryption AES(128), message authentication SHA1 SSL Connected OK with TLSv1.2, cipher AES128-GCM-SHA256, key exchange RSA, encryption AESGCM(128), message authentication AEAD SSL Connected OK with TLSv1, cipher DES-CBC3-SHA, key exchange RSA, encryption 3DES(168), message authentication SHA1 Error, connection closed unexpectedly Error, HTTP request, no SSL handshake Error, HTTPS proxy request, no SSL handshake Error, wrong SSL version Error, unknown SSL protocol error:1409F07F:SSL routines:SSL3_WRITE_PENDING:bad write retry error:1407609B:SSL routines:SSL23_GET_CLIENT_HELLO:https proxy request error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request error:1408A10B:SSL routines:SSL3_GET_CLIENT_HELLO:wrong version number The HTTP and HTTPS proxy errors means that a non-SSL request was made to the SSL server which saw an HTTP command instead of the handshake request, otherwise the errors appear to be mismatches of SSL versions such as attempted use of SSLv2 or SSLv3 protocols instead of TLS, or maybe unsupported ciphers. Note OpenSSL has hundreds of reason codes and the component only translates the four most common (as seen on my web server) to simple messages, otherwise the full OpenSSL error is returned which includes error code, library, function and reason as mentioned above. Also, there is a new property SslCipherDesc with OpenSSL long cipher description after a handshake, an example being: AES128-GCM-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(128) Mac=AEAD The first two arguments are already available in ICS, there are three new properties SslEncryption, SslKeyExchange and SslMessAuth which are extracted from SslCipherDesc, and use to create the SSL Connected responses shown above. The FTP and mail components and the web client and server samples have been updated to use SslHandshakeRespMsg. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] FTP Error
> I have one client that is always getting problems with the FTP > transfers we are performing. > Any clues as to what could cause the error at 18:10:37.544 It looks like you are opening a second FTP control connection to a different IP address before closing the first connection. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] UNICODE Issue with OverByte ICS SSL SMTP Client
> I believe there is an issue with UNICODE messages and the SSL SMTP > Client component. I have not been able to create and send a UNICODE > message with the SSL SMTP Client component in which the message > encodes and decodes properly. Attached are 8 sample messages. Attachments are not allowed in the mail list since few of the hundreds of people here will be interested in them. Please make sure you are using the latest V8.04 of OverbyteIcsSmtpProt.pas, no point in testing old versions. Will you please send your eight sample messages to icstes...@ftptest.org with the subject set with the parameters and protocol used to send each message, with SMTP server set to mail.ftptest.org which supports SSL connections. This is one of my mail servers so I have all the protocol logs to see what you sending. However, the SSL and non-SSL components are identical, the SSL version is a superset of the non-SSL version, SSL only effects low level stuff in the component, difficult to understand how message formatting can be effected. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] Quick way to get users MS ping?
> Am looking for a quick dirty way to get users MS ping from main > chat server to client I seen a ping demo in src but seams over > complex is there a easier way to get users ping speed? No easier way, ping does not require much code, this is a cut down example from the IP Logger component I asked you to look at last week: with TPingThread.Create (True) do // create suspended begin FreeOnTerminate := True; PingId := Socnr ; OnTerminate := PingThreadDone ; PingHostName := RemHost ; PingSocketFamily := BindFamily ; PingSrcAddress := ICS_ANY_HOST_V4 ; PingSrcAddress6 := ICS_ANY_HOST_V6 ; PingTimeout := FPingWaitSecs * 1000 ; PingTTL := 40 ; // hops PingLookupReply := false ; // reverse DNS Resume ; // start it now, with Delphi XE should use Start result := true ; end ; procedure TMagIpLog.PingThreadDone (Sender: TObject); begin with Sender as TPingThread do // this event is thread safe begin if ErrCode = 0 then begin RemIp := DnsHostIP ; BindFamily := PingSocketFamily ; if DnsHostIP <> ReplyIPAddr then FLastErrorStr := FCurTitle + ' Ping Did Not Reach Host'; end else FLastErrorStr := FCurTitle + ' Failed Ping' ; end; Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] FTP Error
> Well that may be a further problem. When the error occurs the FTP > is shut down and a reconnection is made to a backup server. I don't see any FTP errors until the second connection attempt starts before the first has issued a QUIT. For FTP, the IcsLogger does not usually show anything useful for protocol issues, it just confuses the logging. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] UNICODE Issue with OverByte ICS SSL SMTP Client
> Will you please send your eight sample messages to > icstes...@ftptest.org I received several MIME emails: Content-Type: application/octet-stream; Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="SSL SMTP Component Message 01.eml" I was expecting emails composed and sent by the component, not emails prepared a few weeks ago sent as email attachments. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] TWSocket Digest, Vol 592, Issue 3
> I have resent the UNICODE message again to the mail.ftptest.org > server. > I've looked over the SMTP and SSLSMTP example and have no idea what > I'm missing but I cannot get the SSLSMTP client to change message > character encoding. OK, I see four messages with Korean displaying correctly, and four not displaying. I'll see if I can reproduce the problem, but it won't be until the new year. Meanwhile you could try the Mail Queue Component from: http://www.magsys.co.uk/delphi/magics.asp This prepares messages using the non-SSL component as EML files, but then sends them using the SSL component, because originally the SSL component did not support HTML email. It also retries messages over many hours if they fail initially, and supports multiple SMTP servers. I use it in all my applications that need to reliably send email. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] UNICODE Issue with OverByte ICS SSL SMTP
> 3. I received numerous errors concerning "TSmtpSslType" and > "TSslSmtpCli." Most likely you don't have ICS SSL installed, remove the dot from the $DEFINE USE_SSL line in OverbyteIcsDefs.inc. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] UNICODE Issue with OverByte ICS SSL SMTP
> > 3. I received numerous errors concerning "TSmtpSslType" and > > "TSslSmtpCli." > > Most likely you don't have ICS SSL installed, remove the dot from > the $DEFINE USE_SSL line in OverbyteIcsDefs.inc. Once the define is changed, rebuild and install all the ICS packages. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] HTTP and proxy
> 1. The weblink to the ICS FAQ in the support section of the ICS > website is broken! The FAQ moved to the Wiki a while ago, this link needs to be updated to: http://wiki.overbyte.be/wiki/index.php/FAQ > For instance IE allows the proxy to be determined by a script, so > the admin can implement load balancing etc. > How to find out such things? Is there some API for this? Probably, but I've never done it myself and I'm not aware of any code in ICS to help, maybe someone here can contribute some helpers? > 3. If I'm doing HTTP/HTTPS downloads will I be able to implement > some progress display on how far the file download has progressed > already? And is there a way to handle resumes in case of > unreliable connections? To save time, you should look at my File Transfer Components, which are high level versions of the low level ICS FTP and HTTP, which are much easier to use and mean a lot less code: http://www.magsys.co.uk/delphi/magxfer.asp The FTP component does handle retries, resume of partial downloads and a progress bar with time estimates for the session. I'm afraid the HTTP version is less complex and progress information is more limited, it was mainly designed to parse an HTML page, find file links and download them. There is a compiled demo program so you can try all this without coding anything. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
[twsocket] OpenSSL 1.0.1k binaries available
Thanks to RTT for recompiling the OpenSSL 1.0.1k binaries so there are no external dependencies with Microsoft runtime libraries. 1.0.1k contains eight security fixes. These need to be used with the latest ICS v8 from the SVN, which has been updated to support 1.0.1k and earlier. The nightly ICS v8 and OpenSSL binaries may be downloaded from: http://wiki.overbyte.be/wiki/index.php/ICS_Download Note most users only need to download the 32-bit DLLs, the 64-bit DLLs are only for use with Delphi applications compiled for the 64-bit platform. The 32-bit DLLs work on both 32-bit and 64-bit Windows with 32-bit applications. There was another OpenSSL version the day after these DLLs were built, 1.0.1l, but the only changes were for building the DLLs, so don't think we need it. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] SSLHttpServer...
> I am testing with the OverbyteIcsSslWebServ1 demo using version > 7.51. > If I test with HTTP it fails with: [12:33:26 127.0.0.1] > SslHandshake failed. No other error, nothing else logged. Most likely you don't have valid SSL certificates set-up, that always causes SSL to fail. But you are also using an ancient version of ICS, specifically there were improvements to the reporting of SSL handshaking errors last month, so you should update to the v8 from the overnight zip at: http://wiki.overbyte.be/wiki/index.php/ICS_Download Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] C++ Builder 6: Compiling ICSv8
> Is there a reason why C++ Builder 6 doesn't/can't support the > building of ICSv8? Sorry, we don't currently support C++ Builder for new ICS versions, none of us have the sufficient C++ knowledge to do so. The earliest Delphi we still support is 7 due to new language features in that release, I don't know which C++ version matched that. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] FTP Client - Port Number
> I have a user who wants to change the FTP Port number to something > like 14581. Component wise there is no problem using strange ports, I use 2100 for testing stuff. But NAT routers may be less forgiving, they need to modify IP addresses in the control channel to forward packets and know which port to open for the data connection, and expect port 21. This is mainly a server issue, the client can use passive mode. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] ICS - TWSocketThrdServer & Client
> looked at the Wiki (when that was working The SVN over night zips last successfully uploaded to the wiki server a week ago, I've asked François to chase his ISP. The SVN zips can also be downloaded from: http://www.magsys.co.uk/delphi/magics.asp but have not changed in the last week. > I can connect and stream to approximately 3500 clients (500 per > thread) simultaneously on an I7 machine What OS is this? Windows desktop systems are performance crippled to make you buy proper Windows Servers. There is only restricted non-paged memory in Windows, and I suspect you are hitting that limit. This has been discussed years here ago, but is not specifically an ICS issue, Googling for socket based applications using thousands of connections may bring some suggestions. I've personally only tested several hundred connections, never any more. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] looking for a image or a video stream demo
> Title says it basically am in need of a demo showing how to use > Overbyte to stream a image over network There are no such samples with ICS. The concept of 'streaming' is inherent in networking, but there are numerous ways of doing it with either TCP or UDP. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] Overbyte ICS FTP upload with progress bar
> procedure TForm2.FtpProgress(Sender: TObject; Count: Int64; > var Abort: Boolean); > begin >ProgressBar.Position := Count; > end; Correct concept, but you also need to set the ProgressBar Min and Max properties to indicate how much progress has been made. The FTP event simply returns a count of the number of bytes transferred, which might be zero to several billion, so Min should be set to zero and Max to the size of the file being uploaded, before the upload starts. Harder for downloads where you need to know the size of the file first. Also, this event will typically be called dozens of times per second on a fast internet connection, and updating the screen is time consuming so can slow down the transfer speed, and the change may be invisible. So you generally put more intelligence in the progress function to update no more than once every one or more seconds or when there is a substantial change, like 1 to 5%. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] Overbyte ICS FTP upload with progress bar
> I'm using the ICS Overbyte FTP for uploading a file. I want to > display a progressbar and a speed indicator I've commented on the progress bar in a separate reply, calculating speed simply involves timing how long it takes to transfer so many bytes (using GetTickCount) and doing the sums on the remaining bytes, which you can only do after the first 5 or 10 seconds when you have some data. > after the upload is completed i want to delete the file You have no error handling here so you don't know the upload completed successfully, it may fail because the file already exists on the FTP server or fails part way through. Windows has a DeleteFile function. If you want to do this properly, use the free Magenta Systems File Transfer Components, and TMagFtp which is a high level version of Tftpclient that handles multiple file, and includes a progress for single and multiple files. http://www.magsys.co.uk/delphi/magxfer.asp Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] Overbyte ICS FTP upload with progress bar
> Client class derived from ICS FTPClient, with an added timer which > is turned on at the start of the transfer, and off at the end of > the transfer, and every time the timer is fired (at intervals of > say, 1000 ms), it updates the progress bar. A timer itself is high overhead, another hidden window and is not necessary where an event is already being called regularly. Much easier to use GetTickCount which returns milliseconds since Windows booted, store a value and then check against until a duration as passed, there is an ICS function IcsCalcTickDiff that does this, TMagFtp updates progress every 2,000 ticks, two seconds. TWsocket has a Counter property that includes ConnectTick when a connection started so you can easily check how long it's been going. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] ICS - TWSocketThrdServer & Client
> - What OS - I am using Win7 Ultimate and a Win Server 2008 for > testing. Both 64-bit with at least 8GB? Windows Server 2008 (aka Vista) is getting old now, from 2008 R2 onwards 32-bit was abandoned. > Local testing is however representative of both operation > on a Win Server installation and using completely asynchronous > clients. Maybe, maybe not. A fairer test would be several clients each running a few hundred sessions against the server, more real world. Better to test this now rather than when the project is live. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] XE7 support
> I want to ask if there will be a new version of ICS for Delphi XE7? ICS V8 was updated for XE7 on 3rd September 2014 and announced in this mailing list. Just download the overnight SVN V8 version, normally from the Wiki site but the ISP is still trying to fix it, also from: http://www.magsys.co.uk/delphi/magics.asp ICS is always immediately available for new releases of Delphi, it used to be on the companion DVD before that disappeared. With the six monthly release cycle of Delphi, XE8 must be just around the corner. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] SSL Problem
> I have a high security email program that I'm trying to correct for > POODLE in. It also uses https. Which version of ICS TWSocket are you using, and which OpenSSL version? 1.0.1j fixed Poodle. Is this a client or server? A client has much less control over ciphers than a server, the latest ICS V8 provides several levels of Ciphers used by Mozilla with sslCiphersMozillaSrvHigh being the best. This was all discussed when I explained how to stop Poodle in a mailing list post on 20 October 2014. Connecting to Gmail, I get excellent ciphers: SSL Connected OK with TLSv1.2, cipher ECDHE-RSA-AES128-GCM-SHA256, key exchange ECDH, encryption AESGCM(128), message authentication AEAD Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] SSL Problem
> My ICS has revised date: Sept 3, 2014. It's a nightly snapshot. I > have OpenSSL 1.0.1k (compiled by you). You may have have them, but it's unlikely you are using them together since 1.0.1k was only released on 19th January 2015 and needs a nightly snapshot dated then or later to install it. ICS does not load newer versions of OpenSSL that have not been tested. > I have an SMTP client and an HTTP client. SSL client have much less control over ciphers than servers, essentially only flags like sslOpt_NO_TLSv1, sslOpt_NO_SSLv2, sslOpt_NO_SSLv3 to refuse old ciphers. SslVersionMethod is very crude and does not support TLS 1.2, so you have to leave it as sslV23_CLIENT. If you use a specific CipherList with a client, you risk being unable to access a server that does not match it, maybe not today, but probably tomorrow when the server is hardened. SSL servers need to be updated frequently to counter new threats. > Can you tell me why I get the 'SSL3_CLIENT_HELLO:no ciphers > available' fatal error I have a USENET news > reader program that uses an indy nntp client and the suite works > fine with it. Ciphers are primarily chosen by the server, so unless you are using the ICS SMTP and HTTP client to talk to an NTTP news server, what Indy supports is irrelevant. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
[twsocket] Old versions of OpenSSL
Can anyone think of a good reason for ICS to continue support for old versions of OpenSSL, prior to 1.0.1 when support for TLS 1.1 and 1.2 was introduced? OpenSSL 1.0.1 (three years ago) added some new API calls relating to these new versions of TLS, and keeping support for older versions would add a little complexity. I'd assume most users what to keep up to date with the latest encryption standards and ciphers and try to use the latest OpenSSL versions. OpenSSL does maintain support for the 0.9.8 and 1.0.0 with security fixes, not sure why. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] ICS - TWSocketThrdServer & Client
> Update on extended stress testing: After four days of testing with > 7200 clients everything is still looking good with 29 million > connect/disconnect cycles There is one bug you should be aware of, although I assume you've yet to see it in your testing, perhaps it only effects the non-threaded web server component or is related to some thing else in my web application. Basically, about once a month on my public SSL web server with about 100,000 requests a month and 50,000 SQL lookups, I see: !!! Application Exception Big - Unable to create TIcsWndControl hidden window. Error #8. I have various memory and handle diagnostics in the application but they have never shown anything obvious. So my solution is simply to email a warning and stop the Windows service, it's set to restart if it stops, so the server is up again in about 10 seconds and the problem goes away for a few weeks. Not ideal, but workable. The problem persisted after I upgraded from a Windows 2008 server to a faster 2012 server at Xmas, but never happens on my lower usage back up servers. You can see the main server status page at: http://www.telecom-tariffs.co.uk/serverinfo.htm The server uses my Mail Queue Component to send status emails when it starts, stops and has errors, they are queued and retried so never lost if they can not sent immediately: http://www.magsys.co.uk/delphi/magics.asp These are two of the little things that really help with long term support. I've previously done contract work with ICS client server applications, similar in concept to yours, but only 500 clients (British buses) and up time for the servers was sometimes several months (my customers rarely did Windows Updates since this was a private WAN). Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] ICS - TWSocketThrdServer & Client
> I am currently using 300 clients per thread on the multithreaded > server component... not sure if I am already past you 100K limit, I'm only using one thread for ICS. 100K was not really a limit as such, just to give you idea of the server work load. > Thanks for the info re the restarting the service (I was thinking > along the lines of a monitoring app to monitor My solution works because ICS handles this error sensibly and the application remains responsive, it simply will not accept any new client connections (I think). My old custom client/server applications did used to lockup and stop processing messages, albeit on Windows 2000/2003 server, so I did have a separate service sending regular Windows messages to the main service and restarting if there was no response, and rebooting the server if all else failed. It also handled remote software updating. Many of these servers were unattended sites (bus garages), the application also had to reboot the ADSL modems which locked up but that's another story. I keep meaning to update this old monitoring application as a more generic server monitor, but my newer applications don't seem to lock up so never had the inclination. Also Windows service controller is better than it used to be at keeping services running. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] Lazarus and free pascal?
> Are there any ICS versions that will work with Lazarus and FPC? > Windows only would be fine. ICS has been used with FPC in the past and still contains some conditions relating to FPC. But I've never used FPC myself so I've no idea if changes have been made that are FPC incompatible. You'll just have to test it. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] ICS - TWSocketThrdServer & Client
> due to the BannerTooBusy string that is sent These banners do cause trouble, I might clear them, I got caught a long time ago with a new server. > It is therefore necessary to change the 'Client.Close;' line to > 'Client.CloseDelayed;' in 'OverbyteIcsWSocketS.pas' I'll have a look at that, maxclients is not something often reached. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] How to enable/disable TLS 1.1 or TLS 1.2?
> We can't find any way of disabling TLS 1.0 and leaving TLS 1.1 and > TLS 1.2 as the only enabled protocols for the TSslSocket. Correct, there have been a number of improvement in OpenSSL over the past few years that have been skipped by ICS, primarily because ICS seemed to support new OpenSSL releases without change. But I've spent the last few days updating SSL support in ICS, there are new sslTLS_V1_1, sslTLS_V1_2 and sslBestVer version methods and six new options including sslOpt_NO_TLSv1_1 and sslOpt_NO_TLSv1_2. But mainly I'm adding support for DH key exchange which seems to be missed in the original development, and restricts the ciphers that our servers can support. Specifically, it means ciphers offering 'forward secrecy' are not supported by servers (clients are OK), which reduces our ratings by SSL security checks. It's not finished yet, should only be a couple of days. If anyone is aware of other OpenSSL features missing from the ICS implementation, now is the time to speak up. OpenSSL 1.0.2 will be supported by the new version, but I can not see any major interface changes, just minor things. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
[twsocket] OpenSSL 1.0.2 support, DH and EC key support
ICS v8 has been updated to support OpenSSL 1.0.2 and DH and EC keys, and to better support TLSv1.1 and TLSv1.2 protocols. The changes may be downloaded from the SVN repository or the overnight zip file at: http://www.magsys.co.uk/delphi/magics.asp Sorry, François's ISP is still unable to get the wiki server running. This group of changes allow ICS SSL servers to support DH (Diiffie- Hellman) and EDH/DHE (Ephemeral DH) key exchange, and EC (Elliptic Curve) encryption) for ECDH and EECDH key exchange, as well as the older RSA key exchange. Note SSL clients already supported these key exchanges. DH support requires supply of DH Parameters which are used to generate new keys for each session, which implements Forward Secrecy preventing decryption of old sessions if the certificate key is later broken or stolen. Currently, ICS only supports reading DH Parameters from a file generated using the openssl.exe utility with key lengths of 512, 1024, 2048, 4096 bits and it's recommended these are generated when an application is installed, although three prepared files are supplied. Beware generating DH Parameters takes a while, about 15 minutes for the 2048 bit file, 30 seconds for the 1024 file. ICS does not yet have a function to generate DH Parameters but I'll add it shortly, also a way to build them into the application rather than using a file. EC support is much easier, just selection of SslECDHMethod as s sslECDHNone, sslECDHAuto, sslECDH_P256, sslECDH_P384 and sslECDH_P521. Currently MSIE 11 does not seem to like the ICS EC support, still investigating. Note that server use of these new options needs matching Ciphers to be available, and all testing has been with sslCiphersMozillaSrvInter. SVN notes for specific units: Source/OverbyteIcsWSocket.pas Mar 16, 2015 V8.15 Angus added more SslOptions: sslOpt_NO_COMPRESSION, sslOpt_TLSEXT_PADDING, sslOpt_SAFARI_ECDHE_ECDSA_BUG, sslOpt_CISCO_ANYCONNECT, sslOpt_NO_TLSv1_1 and sslOpt_NO_TLSv1_2 Added more SslVersionMethods: sslTLS_V1_1, sslTLS_V1_2 and sslBestVer which is eqivalent to sslV23 and actually means any of SSLV3, TLS1, TLS1.1 or TLS1.2. To disable some versions, use sslBestVer and disable specific ones using SslOptions. To force only one version, set SslVersionMethod to that version. Choosing a specific TLS version will fail if matching Ciphers are not available OPENSSL_NO_TLSEXT removed so SSL Server Name Identification is always supported Added SslDHParamFile to load a DH Parameters for Diiffie-Hellman DH and EDH key ciphers. DH param files may have key lengths of 512, 1024, 2048, 4096 bits and currently need to be generated using the opensll.exe utility (or use those that come with ICS) Added SslECDHMethod to select Elliptic Curves to support ECDH and EECDH key ciphers Note, only OpenSSL 1.0.1 and later are now supported since this added TLS 1.1/1.2 Source/OverbyteIcsLIBEAY.pas Mar 13, 2015 V8.07 Angus allow load of OSSL 1.0.2 (briefly tested) Note, only OpenSSL 1.0.1 and later are now supported, removed some old conditionals and code Added functions and literals for DH and EC key support Source/OverbyteIcsSSLEAY.pas Mar 13, 2015 V8.01 Angus updated SSL_OP option literals, added TLS v1.1 and 1.2 methods Added functions need to generate DH keys for EDH ciphers with Forward Secrecy Note, only OpenSSL 1.0.1 and later are now supported, removed various conditionals Source/Include/OverbyteIcsSslDefs.inc OPENSSL_NO_TLSEXT now disabled Samples/Delphi/SslInternet/OverbyteIcsHttpsTst1.dfm Samples/Delphi/SslInternet/OverbyteIcsHttpsTst1.pas Mar 16 2015 V8.01 Angus added DH File (mainly for servers) Added SSL Version and Cipher edits to make testing easier Reset SSL when changing parameters to force new negotiation Samples/Delphi/SslInternet/OverbyteIcsPemTool1.dfm Samples/Delphi/SslInternet/OverbyteIcsPemTool1.pas Samples/Delphi/SslInternet/OverbyteIcsPemTool3.dfm Mar 16, 2015 V8.00 Angus default key length now 2048 Samples/Delphi/SslInternet/OverbyteIcsSslWebAppServerMain.dfm Samples/Delphi/SslInternet/OverbyteIcsSslWebAppServerMain.pas Mar 16 2015 V8.01 Angus added DHParam File needed to supporting DH key exchange Set ECDH method to support ECDH key exchange Samples/Delphi/SslInternet/OverbyteIcsSslWebServ1.dfm Samples/Delphi/SslInternet/OverbyteIcsSslWebServ1.pas Mar 16 2015 V8.02 Angus added DHParam File needed to supporting DH key exchange Added EllCurve to support ECDH key exchange Display SSL handshake info on demo menu Added Server Name Indication (SNI) display, used to support multiple host and certificates on the same IP address (note the OverbyteIcsSslSniSrv sample is better and changes the SslContext) Samples/Delphi/SslInternet/OverbyteIcsSslX509Utils.pas Mar 16, 2015 V8,00 Angus uses Sha256 instead of Sha1 for all signing Samples/Delphi/SslInternet/dhparam1024.pem Samples/Delphi/SslInternet/dhparam2048.pem Samples/Delphi/SslInternet/dhparam512.pem DH Parameter files with different key lengths. -
