Re: [twsocket] Adding some new OpenSSL declarations
> Could you apply following patches with some new OpenSSL functions Thanks, will be added shortly. Strangely, I'm writing a new ICS ACME component (automatic certificate management environment) component to acquire and install SSL certificates (initially from Let's Encrypt). I realised yesterday I need public and private keys for authentication which is this morning's job. But you seem to looked at this already. What is your SSL project? Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] HTTPS URL won't load (SSL error)
> No, but since sites now seem to be defaulting to using EC I'll > change the default for SslECDHMethod to sslECDHAuto. The overnight zip now has ICS v8.20 which the new default, only really matters for projects that did not update SslContext properties, but that included some of my own. > Is the latest ICS from the overnight ZIP suitable for production > releases? Most recent changes to ICS are relatively minor and 'safe', not having major impact on existing projects. The worst time is new compilers that introduce issues and also the effort to build and test all the new packages and files added for each new compiler, such as adding them to the zip, etc. Generally, I don't update SVN until I've build one or more of my own projects with the latest ICS changes, and those projects are usually how the changes get tested. My various projects use most of the ICS high level components, TCP, HTTP, FTP, SMTP servers and clients, POP3 client (no server yet), DNS, ICMP, telnet, MIME, etc. One of my public SQL driven web sites uses SSL HttpAppServer with thousands of accesses per hour, as you can see from the status page: https://www.telecom-tariffs.co.uk/serverinfo.htm There is also a public SSL FTP site on the same server. My ComCap, DUN Manager and MailMaint applications variously use the client components, and all have new final releases done or imminent. So yes, the current overnight ICS zip is ready for production use. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] HTTPS URL won't load (SSL error)
> Does anyone know why this URL won't open/load: > https://www.dietarysupplements.club/ > > I get this (I'm not sure what it means): > SslHandshakeErrCode> 1080 (0 if no error) > SslHandshakeRespMsg> error:14077438:SSL > routines:SSL23_GET_SERVER_HELLO:tlsv1 > alert internal error That URL displays OK in my latest build of the ICS sample web browser, including the 140 images it downloads and in the HTTPS sample which says: Verify result: ok Verify depth: 1 Received certificate Issued to: sni145334.cloudflaressl.com, Alt Domains: sni145334.cloudflaressl.com, *.dietarysupplements.club, *.ephphatha.co.nz, *.pefelie.com, *.spcemail.tk, *.teknoseri.com, *.tuboraymode.com, dietarysupplements.club, ephphatha.co.nz, pefelie.com, spcemail.tk, teknoseri.com, tuboraymode.com Issuer: COMODO ECC Domain Validation Secure Server CA 2, COMODO CA Limited Expires: 15/09/2016, Signature: ecdsa-with-SHA256 Public Key: id-ecPublicKey Verify result: ok Verify depth: 0 Handshake done, error #0 - SSL Connected OK with TLSv1.2, cipher ECDHE-ECDSA-AES128-GCM-SHA256, key exchange ECDH, encryption AESGCM(128), message authentication AEAD My first call for strange SSL issues is to test the site at: https://www.ssllabs.com/ssltest/ This tests the certificate and protocols supported by the server, and gives lots of clues as to what is wrong. The most likely explanation here is "This site works only in browsers with SNI support" since the real server is sni145334.cloudflaressl.com. But it could also be you have disabled Elliptic Curves encryption which is needed for this site, only TLS_ECDHE_ECDSA_xx protocols. Or maybe you have not supplied a DHParams file which will disable ECDHE as well? Are you using the latest ICS from the overnight zip? Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] HTTPS URL won't load (SSL error)
> Or maybe you have not supplied a DHParams file Sorry, brain fade, you only need a DHParams file for servers to support DH, and ECDH protocols, not clients. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] Should I be concerned about https://cert-test.sandbox.google.com?
> I can leave it always set to auto, right Yes, Auto is fine for clients, EC is only used if the server cipher suite requests it and is otherwise ignored. Auto only actually works with OpenSSL 1.0.2 and later, otherwise falls back to sslECDH_P256, but the rule now seems to be use the absolute latest OpenSSL for all the latest security fixes and we don't test with old stuff. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] Should I be concerned about https://cert-test.sandbox.google.com?
> Here's another issue... I can't open this URL either (with v8.18): > https://cert-test.sandbox.google.com Again the HTTPS sample works fine, make sure you have set SslECDHMethod to sslECDHAuto. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] HTTPS URL won't load (SSL error)
> I would assume "Elliptic Curves encryption" is enabled by default. No, but since sites now seem to be defaulting to using EC I'll change the default for SslECDHMethod to sslECDHAuto. I also need to improve EC to handle other curves, but that is a little harder. > Yeah! Upgrading to 8.18 seems to have fixed it. Pretty sure I was > using 8.16 before. There was an EC fix in 8.17, that probably did it. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] Internet connection speed
> In my audio + video streaming i must know the client internet > connection speed so that the application will react based on this > connection speed , so please how it's possible to calculate the > user's connection speed asit's being used on SKYPE ' Call Quality > Indicator ' or used here : http://www.pingtest.net/ Not sure if you are talking about a client or server application here. A server has no knowledge of client performance, even a client has difficulty in knowing, it might have a fast wireless connection to a router and then a terribly slow internet connection, or vice versa. Using ping you can find the round trip time in milliseconds to a host that responds to pings, but many hosts don't respond and firewalls often block pings. If ping works, it can be used to check the quality of a connection by looking for packet loss, which can be devastating for streaming which is often not error corrected. ICS has a ping component and trace route demo. Internet speeds are best measured from the client to a speedtest site, but this can be time consuming and you don't want to do it very often, also many such sites are unable to cope with the 150Mb and higher speeds common today on cable modems and FTTP. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] Internet connection speed
> yes i'm talking about the Client app , i must calculate > the user's internet connection speed because based on this > information some separate procedures will be invoked Try my previous suggestions and let us know how you get on. Beware testing performance is not fast, you won't want to do it often, and ideally you should test against the servers providing the streams. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] Internet connection speed
> + how it's possible to get the client's connection speed from the > ping result that means how can we tell the user : > your internet speed is : xxx after getting the ping result Pings do not tell you the speed, they give milliseconds round time to the host. I get less than 10ms to servers in London, 100ms to 200ms to the USA, so from that would be assume performance is better locally. If you send 100 pings and 10 fails, you've got packet loss and a lousy connection, so speed will be low. A real speed test means downloading a file using HTTP or FTP, for a minimum of 20 seconds, ideally longer, and timing it. So ideally you download a small known size media file. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] Serious bug in SmtpCli/TWSocket: infinite loop
> This server responding but incorrectly ! > After connect they return just array of zeroes #0 without any data. This is now fixed, but needs more testing before I commit it to SVN. > This will works only for Smtp protocol. But I think it's should be > fixed on TWSocket level to fix possible problems with all remaining > protocols. We have a long term problem with ICS, that different protocol components were written and updated at different times, often using differing techniques. For instance, most protocols use ASCII command lines and TWSocket offers LineMode to return simple lines, and yet many protocols have their own line parsing code duplicating LineMode, but not always successfully as with your bad server. I used LineMode for the SMTP server, and the HTTP client uses it for commands (but changes back to binary for bodies), but the SMTP, POP3 and FTP clients don't use it and all have different line parsing functions. I guess the reason the protocols were not updated to LineMode is not wanting to change something that works. But sometimes the benefit of a change are justified by increasing reliability, as with your bad server, where the data is simply ignored and the remote server drops the connection. I'll also update the POP3 client, since I'm updating two of my own applications that send and receive email, and I can test the changes easily. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] Serious bug in SmtpCli/TWSocket: infinite loop
> Just found serious problem of TWSocket/TSmtpCli: > infinite loop around DoRecv/DataAvailable in TWSocket ! > It's happens only with some misconfigured/buggy MX servers. > Yes, nmact1.nmact.org is misconfigured (i check it using sniffer - > they return 4096 bytes of > zeroes (\0) as reply) but ICS should handle all situations anyway. If the remote SMTP server does not respond to commands, nothing will work. I'll make sure there is a timeout or something. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] Serious bug in SmtpCli/TWSocket: infinite loop
> This server responding but incorrectly ! There was no valid banner response, so a timeout is a valid concept. > After connect they return just array of zeroes #0 without any data. Which should be ignored, but might have been followed by valid commands. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] HTTP Tunnel
> *Subject:* Re: [twsocket] HTTP Tunnel > We have a program that controls equipment. This program constantly > sends log and error information to our supervisors room at our > company so that any problem can instantly be addressed by one of > our technicians. The connection is a TWSocket on the client side > that connects to our server that uses a TWSocketServer to listen > for connections. > > We now have a new client that refuses to open the port necessary > for the equipment to log on to our server. However, http surfing is > liberated. I would like to know the simplest solution to make a > connection and pass the same data as always embedded in html. Since you control the client and server, surely you can just update them to use port 80 or 443 (TSocketServer has multilisten to support multiple IPs and ports) and continue using your existing protocol. If your customer has a proxy or firewall than insists on checking for the HTTP protocol, use the web server component and PUT or POST your data, obviously more work than adding an extra listener but not too hard. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] How to enable IPv6 on client components?
> I have been searching the mailing list, unit notes, and web trying > to find out what needs to be done on the client side to enable > IPv6, if anything, but I haven't found anything definitive. Does it > all "just work" under the hood, or do I simply change the > components' SocketFamily property from sfIPv4 to sfAny, or is it > more involved than that? I've been meaning to write notes about IPv6 for a long time, I've updated most of my components and applications, except the Internet Packet Monitoring Components which are 90% done, maybe next month, but also have some SSL improvements pending. And a component to automatically install free SSL certificates. But essentially IPv6 just works once you set SocketFamily, several of the samples have examples. One issue is presentation of IPv6 addresses, which usually have [] around them so a browser looks them up instead of searching Google, so I wrote a simple formatting function that creates [2a00:14f0:e03d:2::142]:21 if the IP address is IPv6, and another that strips the brackets. My public server has IPv6 versions of the ICS web and FTP servers for testing. I now have my own IPv6 address allocations, but still use free Sixxs IPv6 tunnels for testing due to firewall configuration issues. BTW, none of my customers have ever asked about IPv6. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] TWSocket.Connet/GetHostByName bottleneck
> At this time I see this way: > > 1. Use TDNSQuery.MXLookup to resolve MX, then TDNSQuery.ALookup to > resolve MX's IP. Then supply resolved MX IP to TSmtpCli to avoid > GetHostByName. > > 2. Cache both MX and A results in my own DNS cache. Seems sensible, just make sure you time out the cached entries. Most of the client components are designed for that use, not to be used in servers. > But maybe you can suggest more efficient way ? Maybe some tuning or > secret option in ICS ? No secret options. I have been planning a relaying demo combining the SMTP server I wrote a couple of years ago and Magenta Mail Queue which queues sending, but not got around to adding MX checking to the latter. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
[twsocket] Delphi 10 Seattle Announced
RAD Studio 10 Seattle, Delphi 10 Seattle and C++ Builder 10 Seattle, have been announced today: https://www.embarcadero.com/products/rad-studio and more developer oriented at: http://docwiki.embarcadero.com/RADStudio/Seattle/en/Main_Page ICS has been tested with Delphi 10 Seattle and new packages are available. The new packages have the suffix D10S instead of DXEn. Major improvement in Delphi 10 Seattle is large memory address model (4GB instead of 2GB) for IDE and applications, making more memory available to build complex projects. The ICS component library contains 94 sample projects, but it's been many releases since we could build all of them in a single session to test a new Delphi, so we split them into several separate project groups. With XE8, the compiler was out of memory after building about 25 projects, With Delphi 10 Seattle I can build all 94 projects at least twice without any memory errors I've created a Stable Version ICS V8.18 available from the download page as an alternative to the daily V8 snapshot that, rarely, does have a bug that takes a few days to fix: http://wiki.overbyte.be/wiki/index.php/ICS_Download >From XE8 onwards, Delphi includes a new GetIt tool that offers a catalog of >third party components, and allows them to be automatically downloaded and installed. This same stable ICS version should be available from GetIt in a day or two once testing is complete. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] SSL handshake failed at mozilla.org
This seems to have fixed the problem: SslContext-SslOptions=SslContext-SslOptions sslOpt_NO_SSLv2 sslOpt_NO_SSLv3; I suppose I will just leave it and hope it doesn't cause any issues for my customers. Most SSL web servers will have disabled SSLv3 to stop the Poodle and Beast exploits, some may disable TLSv1 to stop Beast but this breaks too many older browsers as well. I've just disabled DH ciphers on my Windows 2012 IIS8.5 server to mitigate a DH key exploit caused by Microsoft having the same hardcoded 1024 bit DHParams key on every single server, instead of generating a new key for each server. The ECDHE ciphers are better than DH and DHE alone, and are still supported. This is not a problem with OpenSSL because we can generate and specify our own DHParams keys and even if you use the files bundled with ICS, there are too few users to make it a security risk. We only added DH and ECDH support in V8.15, and there was an ECDH fix in V8.17. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] SSL handshake failed at mozilla.org
Seems to work here with the OverbyteIcsHttpsTst sample, connects with: Hmm... Strange. I'll have to make sure I'm using the right version. how do I try connecting with TLSv1.2? Did you try the sample application? It shows how to restrict which SSL/TLS versions are used, and how errors are reported. There were a lot of SSL changes over the last six months to support the latest protocols. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] BCB5 and ICS-SSL
Can BCB5 run ICS-SSL? I downloaded ICS-V5 BCB5 is equal to Delphi 5, which ICS has not supported for a long time. In theory the old ICS V5 does support BCB5, but we no longer support it, and the SSL version it supported is being obsoleted in four months time. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
[twsocket] OT: Windows NCSI
Ever wondered how Windows knows whether your PC has network connectivity? It's something called Network connection Status Indicator, or NCSI, described here: http://blogs.technet.com/b/networking/archive/2012/12/20/the-network-connection-statu s-icon.aspx Essentially, Windows contacts a dedicated web site and page: http://www.msftncsi.com/ncsi.txt which returns a single line of text - Microsoft NCSI. For IPV6, it then tries: http://ipv6.msftncsi.com/ncsi.txt These servers are hosted by the usual Microsoft CDN partners (Akamai and others) and so should be easily accessible worldwide. They may also be useful if your own ICS application wants to ping something to test for network connectivity, as my own do. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] How to keep SslWSocket open in a multi-threaded console app?
Should I be calling MessageLoop or ProcessMessages? Neither, Delphi windows services are message driven just like Windows applications. Most of my windows services are actually dual GUI/service, with a simple GUI that does not require any interaction when run as a service. This makes testing vastly easier, since the program can be run under the Delphi debugger and then installed as a Windows service once it's working. Originally I wrote a simple service starter application that runs a standard Windows application as a service (with a command argument) and waits for it to finish before stopping, and sends a message if told to stop. I still sell an application using this technique after 18 years. The second generation used the SvCom environment from: http://www.aldynsoftware.com/ which creates a single application that can be run as a service or GUI, just drop components on a form, jkust works, but it's commercial. For new applications I use DD Service Application Framework written by one of the ICS developers, but his web site seems to be down at the moment. I think it's on Code Central but search is useless and brings up thousands of results. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] How to keep SslWSocket open in a multi-threaded console app?
In a console app's thread, I make a valid connection, I call SslWSocket-Send, followed by MessageLoop. Once I receive OnDataSent message I call SslWSocket-PostQuitMessage(); And the data is sent and the control returns to the thread - perfect. The second time I want to send data (without closing-reopening the connection - which is not allowed by Apple) the MessageLoop immediately returns as SetTerminated(TRUE) was called once the MessageLoop was exited in the previous send. *Question what is the correct way to use a SslWSocket to send data over a continuously open connection?* If I understand you correctly, you are exiting the thread after open and a single send, which will close the connection. You need to keep the thread running and send a message to it (or use a thread event to pick something up) to send the next block. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] How to keep SslWSocket open in a multi-threaded console app?
In fact I am not exiting the thread but I am calling: SslWSocket-PostQuitMessage(); to break out of the socket MessageLoop In doing so this sets the SslWSocket Terminated to true Don't call it then! I thought PostQuitMessage was to break a thread, it posts WM_QUIT which is generally the end of all processing. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] OpenSSL update distributor
There is a way to detect the directory from which was loaded dll when that was done by windows? Look at the code attached to the last message. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] ICS - TWSocketThrdServer Client
to Angus: In one of your responses you mentioned that you had an unpredictable but very slow memory leak in one of your apps using the ICS multithreaded server - I suspect that this is the issue. I don't used TWSocketThrdServer or threads for ICS sockets, and don't have any memory leaks. But I'll check what happens OnClientDisconnect to see if it causes other problems. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] Some questions for you
I tried to load MagentaXferXE4Run.dpk and MagentaXferXE4Design.dpk packages into Delphi XE7 unsuccessfully In what way? What error message? You don't actually need to install the packages to run the demo, it creates the components at run time. No idea what you mean by 'SendFile'. This is an example of using ICS from the Overbyte / Products / User Made web page Probably very, very old. There are two sample application with the main ICS distribution: OverbyteIcsSender and OverbyteIcsRecv which send and receive a file, but you are then responsible for all the extra overhead which FTP does for you. The TMagFtp component is only a client, you still need an FTP server to receive your files. You can use one off the shelf, like FileZilla Server, or write your own with the ICS FTP Server component, if you need to process the files as they arrive. I wrote a complex application a while back that had three servers sending multiple files to 500 vehicles, and collecting files from those vehicles, over wifi and ADSL, it used a combination of FTP clients and servers, and a custom client/server SQL protocol that controlled everything, and reported the status of the 500 vehicles on web pages every minute. TMagFtp, TMagFileCopy and several of my other components (like SMART, WMI, CheckDisk, IpHlp) were originally written (and paid for) by that project. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] Some questions for you
After discovering ICS, I have tried to load and run Magenta Systems File Transfer components and samples or SendFile from your web site None of them can be compiled with ICS V8.16 out of the box. Which web site? The main web site for Magenta Systems File Transfer Components is: http://www.magsys.co.uk/delphi/magxfer.asp However the last update there was 18 months ago with packages for XE4. No reason to believe it will not work with later releases without change, it does here, and a new version is due next month now an ICS SSL package issue has been fixed (this week). No idea what you mean by 'SendFile'. Do you have any recommendation/suggestion or pointing me to a working example/source code for such integrated light web server? ICS has two web server sample, simple web server and application web server, either will suffice, the second does more, an example is: https://telecom-tariffs.co.uk/serverinfo.htm which is a Delphi ICS application using SQL server. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
[twsocket] OpenSSL 1.0.2c support
The new OpenSSL 1.0.2b and 1.0.1n versions lasted one day, and were replaced with 1.0.2c and 1.0.1o to fix a bug, which may be downloaded from: http://wiki.overbyte.be/wiki/index.php/ICS_Download They can be used with ICS V8 releases later than 25th March 2015 that relax the check for minor versions of OpenSSL, to avoid rebuilding projects. Note that one of the security fixes increases the minimum SSL server DH Param key length to 768 bits, which means use of the 512 bit key which is currently the default in ICS will give this error: SSL Handshake Failed - error:14082174:SSL routines:ssl3_check_cert_and_algorithm:dh key too small If you use a DH Param key file, to enable DH or ECDH key exchange, you will need use the 1024 bit or larger keys files. This only effects SSL servers, not SSL clients. My pending list still has ICS SSL improvements to support embedding SSL files in the application, and support for multiple DH Param key sizes, hopefully to be done by late July. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
[twsocket] OpenSSL 1.0.2b support
OpenSSL has released new versions this week, ICS versions of OpenSSL 1.0.2b and 1.0.1n may be downloaded from: http://wiki.overbyte.be/wiki/index.php/ICS_Download These new OpenSSL versions fix several moderate security holes. They can be used with ICS V8 releases later than 25th March 2015 that relax the check for minor versions of OpenSSL, to avoid rebuilding projects. The overnight V8 zips includes some SSL changes this week: OverbyteIcsWSocket.pas - Jun 05, 2015 V8.18 Angus Enabled SSL engine support, which are cryptographic modules adding extra algorithms. These modules are contained in the small DLL files distributed with OpenSSL, mostly to support dedicated cryptographic hardware to improve performance on busy servers or add extra features. All ICS packages are now include OverbyteIcsMsSslUtils and OverbyteIcsSslX509Utils (and some other dependent units) which include SSL certificate display and validation functions, and which were previously only in the SSL samples directory which made them hard to use in other projects and packages. Beware this meant updating dozens of dpk and dproj files, and I only had time to test three Delphi versions, please let us know if any packages will not build. Added Samples/Delphi/AllDemosProject.bpg which includes all 95 sample projects, making it easier to build them all together, assuming the version of Delphi does not run out of memory first. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] ICS FTP - OnProgress strange behavior
Everything worked fine in my app till 31 May 2015. FLastProgress : Int64; if FLastProgress GetTickCount then begin Do I have to clear the FLastProgress and FProgressCount variables after upload complete? Had your program been running for 49 days on 1 June? GetTickCount returns a longword, which wraps after 49 days, but you save it as a int64 which does not wrap. You should reset FLastProgress to ensure progress is should immediately. For the purpose of a second time, the wrap does not matter, if you need to time something over the 49 day wrap then you need more care in processing ticks, which the FTP component does internally. Or you can use the 64-bit tick functions in OverbyteIcsTicks64.pas (but never mix 32 and 64-bit ticks. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] ICS FTP - OnProgress strange behavior
I'm using ICS FTP client in an application to upload large files to a ftp server. In order to know hoe much data from the file has been transferred I use the onprogress property. Everything worked fine in my app till 31 May 2015. Starting from 1 June 2015 i got no reply from the progress. The files are uploaded but i have no visual feedback until the process is done.The only way to get the progress is to restart my application. Any idea why is this happening? I used a built in debugger to trap errors in my application but there appears to be no error. Could it be related to date? It's very unlikely to be the date, there is no data processing during an FTP upload. More likely the size of the file, the first was 6GB, the second 22G, perhaps you don't reset some counters before an upload and exceed something somewhere. Very unlikely to be a problem in the component. But make sure you have an exception handler in the onprogress event, since exceptions in events may be ignored. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] Delphi XE8 Announced
The Stable Version ICS V8.16 can now be downloaded and installed from within XE8, using Tools, GetIt, along with other various open source components. GetIt downloads from our wiki download page, unzips, builds and installs the packages and adds the source path. Currently, only planning for stable versions to be installed by GetIt, not the latest SVN overnight zip. If you update a GetIt install with a later version for VCL, the path will be: $(BDSCatalogRepository)\ICS_VCL-8.16\source\ which translates on my PC to: C:\Users\angus\Documents\Embarcadero\Studio\16.0\CatalogRepository\ICS_VCL-8.16 Note currently GetIt is installing FMX and VCL versions separately in different directories, I'm trying to get this fixed. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] Which SSL Options are recommended?
I've seen a list of SSL Options here: Are there recommended options that should be set? (I'm using the latest Open SSL version 1.0.2a). I don't think many of these Options matter now, many are historic for old browsers and bugs. For my public web site https://www.telecom-tariffs.co.uk/ I use the following settings: SslDHParamFile := (myfile) SslVersionMethod := sslBestVer_SERVER ; SslOptions := [sslOpt_NO_SSLv2, sslOpt_NO_SSLv3, sslOpt_CIPHER_SERVER_PREFERENCE, sslOpt_NO_SESSION_RESUMPTION_ON_RENEGOTIATION, sslOpt_NO_COMPRESSION, sslOpt_SINGLE_DH_USE ] ; SslECDHMethod := sslECDH_P256 ; SslCipherList := SslCiphersMozillaSrvInter ; Those settings get me a test result of A at: https://www.ssllabs.com/ssltest/ Adding an extra HTTP header to each page gets my result up to A+: CExtraHeaders := 'Strict-Transport-Security: max-age=31536000'+CRLF; This forces use of HTTPS by the browser. If you are using a client, I'd use the same SslOptions, but the server may have different ideas, it really controls what happens. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
[twsocket] Delphi XE8 Announced
Delphi XE8 has been announced today: http://www.embarcadero.com/products/delphi ICS has been tested with XE8 and new packages are available. I've created a Stable Version ICS V8.16 available from the download page as an alternative to the daily V8 snapshot that, rarely, does have a bug that takes a few days to fix: http://wiki.overbyte.be/wiki/index.php/ICS_Download From XE8 onwards, Delphi includes a new GetIt tool that offers a catalog of third party components, and allows them to be automatically downloaded and installed. This same stable ICS version should be available from GetIt in a day or two once testing is complete. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] SslWSocketServer
But, the server private key, must be present as a file on the local PC running the application. This means that the private key is anything but. Currently, SslContext only reads keys and certificates from files, not streams or anything else. That was how I added DHParams last month, but in retrospect these (up to four of different key lengths) would be better loaded as streams. So I'll look at loading all files as streams, but it may be a few weeks. subsequent attempts to connect fail with error code 10053 You can convert winsock error numbers to messages with WSocketGetErrorMsgFromErrorCode, it will tell you aborted which does not mean much. You have probably not closed the previous connection. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] Mail Send with SSL
I want use the Overbyte ICS component for sending Mails with SSL. The demo is running fine (I can send Mails). Now I wanted to create my own certificates (according to the instructions in the directory SSlCerts File IcsSslBuildCerts.bat). SSL client applications generally don't need SSL certificates, they are required by all servers to actually encrypt the data, and optionally to prove the server and domain match. An SSL client only needs a private key and certificate if it needs to prove it's identity to the server as a second level over passwords, and the server owner would normally issue the certificates. If you want to create a certificate request to buy an SSL certificate or create a untrusted self signed certificate, build the OverbyteIcsPemTool sample application which provides a GUI to do all this. You can copy the code into your own application for end users, generally only servers again. If an SSL client wants to check the server certificate is trusted, you need a trusted store of root certificates, and these regularly expire or are cancelled, so need to kept up to date somehow. The OverbyteIcsPemTool allows you to explore the Windows trusted store and export all the trusted certificates into a single file or directory that OpenSSL understands. Or look at the OverbyteIcsMsVerify sample that illustrates how to check certificates directly against the Windows trusted store (which Windows Updates keeps up to date). BTW, secure email testing is best done against Google gmail. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
[twsocket] OpenSSL 1.0.2a support
ICS v8 has been updated to support OpenSSL 1.0.2a and 1.0.1m, which include various security advisory fixes. The changes and OpenSSL zips may be downloaded from the SVN repository or the overnight zip file at: http://www.magsys.co.uk/delphi/magics.asp These SMPT and POP3 mail components now both support the IcsLogger. I added the logger to try and find out why I could no longer collect email from Hotmail/Live at pop3.live.com after updating to OpenSSL 1.0.2 which appears to be because it used very old ciphers. SSL Connected OK with TLSv1, cipher RC4-MD5, key exchange RSA, encryption RC4(128), message authentication MD5 No idea why Microsoft uses such old ciphers, whereas Google goes out of it's way to use the latest ciphers, as does Windows 2012. Fortunately, this transpires to be a limitation of OpenSSL 1.0.2, not an ICS bug, and is unchanged in 1.0.2a. I found users of other applications with a similar problem, although one solution found is to set SslVersionMethod := sslTLS_V1_CLIENT; to force TLSv1 instead of starting with TLSv1.2. Alternatively if support for older ciphers is important, stick to 1.0.1m which still works OK. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
[twsocket] OpenSSL 1.0.2 support, DH and EC key support
ICS v8 has been updated to support OpenSSL 1.0.2 and DH and EC keys, and to better support TLSv1.1 and TLSv1.2 protocols. The changes may be downloaded from the SVN repository or the overnight zip file at: http://www.magsys.co.uk/delphi/magics.asp Sorry, François's ISP is still unable to get the wiki server running. This group of changes allow ICS SSL servers to support DH (Diiffie- Hellman) and EDH/DHE (Ephemeral DH) key exchange, and EC (Elliptic Curve) encryption) for ECDH and EECDH key exchange, as well as the older RSA key exchange. Note SSL clients already supported these key exchanges. DH support requires supply of DH Parameters which are used to generate new keys for each session, which implements Forward Secrecy preventing decryption of old sessions if the certificate key is later broken or stolen. Currently, ICS only supports reading DH Parameters from a file generated using the openssl.exe utility with key lengths of 512, 1024, 2048, 4096 bits and it's recommended these are generated when an application is installed, although three prepared files are supplied. Beware generating DH Parameters takes a while, about 15 minutes for the 2048 bit file, 30 seconds for the 1024 file. ICS does not yet have a function to generate DH Parameters but I'll add it shortly, also a way to build them into the application rather than using a file. EC support is much easier, just selection of SslECDHMethod as s sslECDHNone, sslECDHAuto, sslECDH_P256, sslECDH_P384 and sslECDH_P521. Currently MSIE 11 does not seem to like the ICS EC support, still investigating. Note that server use of these new options needs matching Ciphers to be available, and all testing has been with sslCiphersMozillaSrvInter. SVN notes for specific units: Source/OverbyteIcsWSocket.pas Mar 16, 2015 V8.15 Angus added more SslOptions: sslOpt_NO_COMPRESSION, sslOpt_TLSEXT_PADDING, sslOpt_SAFARI_ECDHE_ECDSA_BUG, sslOpt_CISCO_ANYCONNECT, sslOpt_NO_TLSv1_1 and sslOpt_NO_TLSv1_2 Added more SslVersionMethods: sslTLS_V1_1, sslTLS_V1_2 and sslBestVer which is eqivalent to sslV23 and actually means any of SSLV3, TLS1, TLS1.1 or TLS1.2. To disable some versions, use sslBestVer and disable specific ones using SslOptions. To force only one version, set SslVersionMethod to that version. Choosing a specific TLS version will fail if matching Ciphers are not available OPENSSL_NO_TLSEXT removed so SSL Server Name Identification is always supported Added SslDHParamFile to load a DH Parameters for Diiffie-Hellman DH and EDH key ciphers. DH param files may have key lengths of 512, 1024, 2048, 4096 bits and currently need to be generated using the opensll.exe utility (or use those that come with ICS) Added SslECDHMethod to select Elliptic Curves to support ECDH and EECDH key ciphers Note, only OpenSSL 1.0.1 and later are now supported since this added TLS 1.1/1.2 Source/OverbyteIcsLIBEAY.pas Mar 13, 2015 V8.07 Angus allow load of OSSL 1.0.2 (briefly tested) Note, only OpenSSL 1.0.1 and later are now supported, removed some old conditionals and code Added functions and literals for DH and EC key support Source/OverbyteIcsSSLEAY.pas Mar 13, 2015 V8.01 Angus updated SSL_OP option literals, added TLS v1.1 and 1.2 methods Added functions need to generate DH keys for EDH ciphers with Forward Secrecy Note, only OpenSSL 1.0.1 and later are now supported, removed various conditionals Source/Include/OverbyteIcsSslDefs.inc OPENSSL_NO_TLSEXT now disabled Samples/Delphi/SslInternet/OverbyteIcsHttpsTst1.dfm Samples/Delphi/SslInternet/OverbyteIcsHttpsTst1.pas Mar 16 2015 V8.01 Angus added DH File (mainly for servers) Added SSL Version and Cipher edits to make testing easier Reset SSL when changing parameters to force new negotiation Samples/Delphi/SslInternet/OverbyteIcsPemTool1.dfm Samples/Delphi/SslInternet/OverbyteIcsPemTool1.pas Samples/Delphi/SslInternet/OverbyteIcsPemTool3.dfm Mar 16, 2015 V8.00 Angus default key length now 2048 Samples/Delphi/SslInternet/OverbyteIcsSslWebAppServerMain.dfm Samples/Delphi/SslInternet/OverbyteIcsSslWebAppServerMain.pas Mar 16 2015 V8.01 Angus added DHParam File needed to supporting DH key exchange Set ECDH method to support ECDH key exchange Samples/Delphi/SslInternet/OverbyteIcsSslWebServ1.dfm Samples/Delphi/SslInternet/OverbyteIcsSslWebServ1.pas Mar 16 2015 V8.02 Angus added DHParam File needed to supporting DH key exchange Added EllCurve to support ECDH key exchange Display SSL handshake info on demo menu Added Server Name Indication (SNI) display, used to support multiple host and certificates on the same IP address (note the OverbyteIcsSslSniSrv sample is better and changes the SslContext) Samples/Delphi/SslInternet/OverbyteIcsSslX509Utils.pas Mar 16, 2015 V8,00 Angus uses Sha256 instead of Sha1 for all signing Samples/Delphi/SslInternet/dhparam1024.pem Samples/Delphi/SslInternet/dhparam2048.pem Samples/Delphi/SslInternet/dhparam512.pem DH Parameter files with different key lengths.
Re: [twsocket] ICS - TWSocketThrdServer Client
due to the BannerTooBusy string that is sent These banners do cause trouble, I might clear them, I got caught a long time ago with a new server. It is therefore necessary to change the 'Client.Close;' line to 'Client.CloseDelayed;' in 'OverbyteIcsWSocketS.pas' I'll have a look at that, maxclients is not something often reached. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] Lazarus and free pascal?
Are there any ICS versions that will work with Lazarus and FPC? Windows only would be fine. ICS has been used with FPC in the past and still contains some conditions relating to FPC. But I've never used FPC myself so I've no idea if changes have been made that are FPC incompatible. You'll just have to test it. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] SSL Problem
My ICS has revised date: Sept 3, 2014. It's a nightly snapshot. I have OpenSSL 1.0.1k (compiled by you). You may have have them, but it's unlikely you are using them together since 1.0.1k was only released on 19th January 2015 and needs a nightly snapshot dated then or later to install it. ICS does not load newer versions of OpenSSL that have not been tested. I have an SMTP client and an HTTP client. SSL client have much less control over ciphers than servers, essentially only flags like sslOpt_NO_TLSv1, sslOpt_NO_SSLv2, sslOpt_NO_SSLv3 to refuse old ciphers. SslVersionMethod is very crude and does not support TLS 1.2, so you have to leave it as sslV23_CLIENT. If you use a specific CipherList with a client, you risk being unable to access a server that does not match it, maybe not today, but probably tomorrow when the server is hardened. SSL servers need to be updated frequently to counter new threats. Can you tell me why I get the 'SSL3_CLIENT_HELLO:no ciphers available' fatal error I have a USENET news reader program that uses an indy nntp client and the suite works fine with it. Ciphers are primarily chosen by the server, so unless you are using the ICS SMTP and HTTP client to talk to an NTTP news server, what Indy supports is irrelevant. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] SSL Problem
I have a high security email program that I'm trying to correct for POODLE in. It also uses https. Which version of ICS TWSocket are you using, and which OpenSSL version? 1.0.1j fixed Poodle. Is this a client or server? A client has much less control over ciphers than a server, the latest ICS V8 provides several levels of Ciphers used by Mozilla with sslCiphersMozillaSrvHigh being the best. This was all discussed when I explained how to stop Poodle in a mailing list post on 20 October 2014. Connecting to Gmail, I get excellent ciphers: SSL Connected OK with TLSv1.2, cipher ECDHE-RSA-AES128-GCM-SHA256, key exchange ECDH, encryption AESGCM(128), message authentication AEAD Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] ICS - TWSocketThrdServer Client
- What OS - I am using Win7 Ultimate and a Win Server 2008 for testing. Both 64-bit with at least 8GB? Windows Server 2008 (aka Vista) is getting old now, from 2008 R2 onwards 32-bit was abandoned. Local testing is however representative of both operation on a Win Server installation and using completely asynchronous clients. Maybe, maybe not. A fairer test would be several clients each running a few hundred sessions against the server, more real world. Better to test this now rather than when the project is live. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] XE7 support
I want to ask if there will be a new version of ICS for Delphi XE7? ICS V8 was updated for XE7 on 3rd September 2014 and announced in this mailing list. Just download the overnight SVN V8 version, normally from the Wiki site but the ISP is still trying to fix it, also from: http://www.magsys.co.uk/delphi/magics.asp ICS is always immediately available for new releases of Delphi, it used to be on the companion DVD before that disappeared. With the six monthly release cycle of Delphi, XE8 must be just around the corner. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] looking for a image or a video stream demo
Title says it basically am in need of a demo showing how to use Overbyte to stream a image over network There are no such samples with ICS. The concept of 'streaming' is inherent in networking, but there are numerous ways of doing it with either TCP or UDP. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] ICS - TWSocketThrdServer Client
looked at the Wiki (when that was working The SVN over night zips last successfully uploaded to the wiki server a week ago, I've asked François to chase his ISP. The SVN zips can also be downloaded from: http://www.magsys.co.uk/delphi/magics.asp but have not changed in the last week. I can connect and stream to approximately 3500 clients (500 per thread) simultaneously on an I7 machine What OS is this? Windows desktop systems are performance crippled to make you buy proper Windows Servers. There is only restricted non-paged memory in Windows, and I suspect you are hitting that limit. This has been discussed years here ago, but is not specifically an ICS issue, Googling for socket based applications using thousands of connections may bring some suggestions. I've personally only tested several hundred connections, never any more. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] FTP Client - Port Number
I have a user who wants to change the FTP Port number to something like 14581. Component wise there is no problem using strange ports, I use 2100 for testing stuff. But NAT routers may be less forgiving, they need to modify IP addresses in the control channel to forward packets and know which port to open for the data connection, and expect port 21. This is mainly a server issue, the client can use passive mode. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] C++ Builder 6: Compiling ICSv8
Is there a reason why C++ Builder 6 doesn't/can't support the building of ICSv8? Sorry, we don't currently support C++ Builder for new ICS versions, none of us have the sufficient C++ knowledge to do so. The earliest Delphi we still support is 7 due to new language features in that release, I don't know which C++ version matched that. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] SSLHttpServer...
I am testing with the OverbyteIcsSslWebServ1 demo using version 7.51. If I test with HTTP it fails with: [12:33:26 127.0.0.1] SslHandshake failed. No other error, nothing else logged. Most likely you don't have valid SSL certificates set-up, that always causes SSL to fail. But you are also using an ancient version of ICS, specifically there were improvements to the reporting of SSL handshaking errors last month, so you should update to the v8 from the overnight zip at: http://wiki.overbyte.be/wiki/index.php/ICS_Download Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
[twsocket] OpenSSL 1.0.1k binaries available
Thanks to RTT p...@sapo.pt for recompiling the OpenSSL 1.0.1k binaries so there are no external dependencies with Microsoft runtime libraries. 1.0.1k contains eight security fixes. These need to be used with the latest ICS v8 from the SVN, which has been updated to support 1.0.1k and earlier. The nightly ICS v8 and OpenSSL binaries may be downloaded from: http://wiki.overbyte.be/wiki/index.php/ICS_Download Note most users only need to download the 32-bit DLLs, the 64-bit DLLs are only for use with Delphi applications compiled for the 64-bit platform. The 32-bit DLLs work on both 32-bit and 64-bit Windows with 32-bit applications. There was another OpenSSL version the day after these DLLs were built, 1.0.1l, but the only changes were for building the DLLs, so don't think we need it. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] UNICODE Issue with OverByte ICS SSL SMTP
3. I received numerous errors concerning TSmtpSslType and TSslSmtpCli. Most likely you don't have ICS SSL installed, remove the dot from the $DEFINE USE_SSL line in OverbyteIcsDefs.inc. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] UNICODE Issue with OverByte ICS SSL SMTP Client
Will you please send your eight sample messages to icstes...@ftptest.org I received several MIME emails: Content-Type: application/octet-stream; Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename=SSL SMTP Component Message 01.eml I was expecting emails composed and sent by the component, not emails prepared a few weeks ago sent as email attachments. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] Quick way to get users MS ping?
Am looking for a quick dirty way to get users MS ping from main chat server to client I seen a ping demo in src but seams over complex is there a easier way to get users ping speed? No easier way, ping does not require much code, this is a cut down example from the IP Logger component I asked you to look at last week: with TPingThread.Create (True) do // create suspended begin FreeOnTerminate := True; PingId := Socnr ; OnTerminate := PingThreadDone ; PingHostName := RemHost ; PingSocketFamily := BindFamily ; PingSrcAddress := ICS_ANY_HOST_V4 ; PingSrcAddress6 := ICS_ANY_HOST_V6 ; PingTimeout := FPingWaitSecs * 1000 ; PingTTL := 40 ; // hops PingLookupReply := false ; // reverse DNS Resume ; // start it now, with Delphi XE should use Start result := true ; end ; procedure TMagIpLog.PingThreadDone (Sender: TObject); begin with Sender as TPingThread do // this event is thread safe begin if ErrCode = 0 then begin RemIp := DnsHostIP ; BindFamily := PingSocketFamily ; if DnsHostIP ReplyIPAddr then FLastErrorStr := FCurTitle + ' Ping Did Not Reach Host'; end else FLastErrorStr := FCurTitle + ' Failed Ping' ; end; Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] FTP Error
I have one client that is always getting problems with the FTP transfers we are performing. Any clues as to what could cause the error at 18:10:37.544 It looks like you are opening a second FTP control connection to a different IP address before closing the first connection. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] IcsLogger
I have been unable to establish if ICS supports TLSv1.1 and TLSv1.2. I expect it does, but would appreciate your confirming this. Yes, OpenSSL supports TLSv1.1 and TLSv1.2, you should see this reported in the handshake completed event like: Secure connection with TLSv1.2, cipher AES128-SHA, But OpenSSL settings may disable some features for backward compatibility, so you do need to check carefully. Thank you so much for your reply. I'm taking your advice and forgetting the IcsLogger and pursuing SSL errors via SSL events. I've been debugging a handshake problem and it turns out that currently the IcsLogger uses some OpenSSL error handling routines that are not currently public in twsocket.pas so can not be accessed by applications. so you may get more detailed errors using IcsLogger for SSL errors at present. I'm going to try and improve the SSL error reporting next month. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] IcsLogger
I'm trying to use the IcsLogger to trace down an SSL problem, but I'm only getting this one line in the log file: 15:21:49:633 InitCtx OpenSSL version: OpenSSL 1.0.1i 6 Aug 2014 You also need to attach the logger to any socket or other components you are using, they should all have an IcsLogger property (so that is also an ambiguous name for a component). But generally you are unlikely to learn more about any SSL errors from the logger than from properly reporting errors after SSL requests complete. The logger is primarily for internal ICS development purposes. Few people understand the actual OpenSSL calls, I certainly don't. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
[twsocket] OT: Let's Encrypt free SSL/TLS certificates
From next summer, it will be possible for applications to automatically request and install free SSL/TLS web domain certificates, using infrastructure from Let's Encrypt certificate authority: https://www.letsencrypt.org/ Essentially, the client runs an application that creates the SSL private keys and certificate request, and sends it automatically to Let's Encrypt. There are then challenges to prove the domain is owned by client, either by creating a DNS record or a specific file on a web server, which the CA checks before automatically sending a new certificate back, which can be installed automatically. Revocation is automated in a similar manner. https://www.letsencrypt.org/howitworks/technology/ The specifications are at: https://github.com/letsencrypt/acme-spec Automated Certificate Management Environment (ACME) ACME is a protocol for automating the management of domain-validation certificates, based on a simple JSON-over-HTTPS interface. This repository contains the specification for ACME. Effectively these are domain verified SSL certificates, which currently cost about $16 per year from automated CAs like RapidSSL, not a certificate that shows a business name which still costs $200 per year or more. Not sure when testing starts, but I'll certainly create an ICS component to get these SSL certificates, I need it for my own applications. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] OpenSSL and Poodle exploit
I see you speak of fixing web servers in regard to the poodle exploit. Is there any problem with clients? I see mine are set to sslv23. I believe that was the default. Should I change this and if so, to what? The issue with clients is they usually need to access a wide range of servers, some of which may not be using TLS. Not everyone keeps their servers up to date. You can try disabling v2 and v3, but then check your common sites are still available. SslContext.SslOptions := [sslOpt_NO_SSLv2, sslOpt_NO_SSLv3]; Also, I was wondering if it's possible to get a snapshot of your openssl 1.0.1i or 1.0.1j? 1.0.1i has been available since August at the downloads page: http://wiki.overbyte.be/wiki/index.php/ICS_Download We've not yet done an ICS 1.0.1j version, it's a minor release with mitigation for poodle, but setting options works just as well. There is quite a lot of effort in updating and testing new OpenSSL releases, and they are getting too regular. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
[twsocket] OpenSSL and Poodle exploit
There has been recent press about an SSL server exploit called Poodle, which only effect SSLv3, not the more recent TLS 1.x protocols. Disabling SSLv3 in servers can be done by setting: SslContext.SslVersionMethod := sslV23_SERVER; SslContext.SslOptions := [sslOpt_NO_SSLv2, sslOpt_NO_SSLv3, sslOpt_CIPHER_SERVER_PREFERENCE]; v2 was obsolete long ago. You should also change the cipher suite, Mozilla now suggests three levels of ciphers, which are all now added to the latest overnight ICS v8 SVN. The minimum browsers these ciphers support are: sslCiphersMozillaSrvHigh - Firefox 27, Chrome 22, IE 11, Opera 14, Safari 7, Android 4.4, Java 8 sslCiphersMozillaSrvInter - Firefox 1, Chrome 1, IE 7, Opera 5, Safari 1, Windows XP IE8, Android 2.3, Java 7 sslCiphersMozillaSrvBack - Windows XP IE6, Java 6 so since IE6 is long obsolete I suggest: SslContext.SslCipherList := sslCiphersMozillaSrvInter; Once you have your ICS SSL web server updated and installed on a public server, there is an excellent SSL testing web site at: https://www.ssllabs.com/ssltest/index.html It takes a few minutes to test all the ciphers, but generates a detailed security report giving your web site a letter rating. Making the changes above raised my ICS SSL site from C to A-. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] Use of TSslContext in sending SSL email (quick question)n)
Is it necessary for me to create a separate TSslContext each time I create a new TSslSmtpCliWithFEhloCount No, an SslContext set-up for SSL client or a single SSL server certificate can be shared by multiple socket components. The only issue is in SSL servers using MultiListen, where different IP addresses will need different certificates and all will share the same context so will fail. Just got caught on this with a project. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] What is the correct format for friendly FROM address in TSslSmtpCli?
I've tried several combinations (Using delphi with TSslSmtpCli) sending both through gmail and through my own ISP's server to both hotmail and a pop3 address. I can't seem to get the right 'from' email to show up when going through gmail. It keeps showing the real gmail account email instead. That's a Gmail anti-spamming feature. So you can not forge the From address. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] Help with sending mail through gmail please
The .exe in the zip runs ok but no matter which host and corresponding user/password I use it always reports Can Not Open Mail Server: name of the mail server:25 - 426 Timeout Without SSL, you won't be able to connect to Gmail, see below. Just tested the original binary, all I did was changed To: my own email address and clicked Send Mail, that will also work for you since it will send to my account through mail.magsys.co.uk, but obviously not to email addresses hosted by my server. These EXE does need the old OpenSSL files included in the zip, it's not been updated for two years. And the .proj file I can't get to compile because of loads of errors based around not being able to find types eg [Pascal Error] MagentaMailQueue.pas(125): E2003 Undeclared identifier: 'TSmtpSslType' SSL is optional for ICS applications, these are the errors you get when don't specify USE_SSL in the project file or don't change: {.$DEFINE USE_SSL} to {$DEFINE USE_SSL} in OverbyteIcsDefs.inc After either change, rebuild the project so all conditional SSL code is built. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] Help with sending mail through gmail please
I agree with Angus, you would be better off to send the e-mails individually to the recipients' mail servers. My main point was it's better to send individually addressed emails, than bulk BCC, they are less likely to be intercepted as spam, even if it takes longer to do so. I did mention sending directly to recipients' mail servers, but this was mainly if the mail levels are higher than a Gmail account allows. There is a spam detection risk when sending from known dynamic IP ranges, and without reverse DNS for that address, ideally you need DNS MX records and a mail server to receive bounces. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] TWSocketServer listen connections
I do not want to close the connection, and not destroy it, must leave all connected clients and access them when needed to send data and information, I do not need to use Cliente.Free? it will not overload the memory? No, your Cliente is simply a pointer to the real client in the component, there is no memory used and free closes the real client, which reduces ClientCount, so your loop goes mad. Note that clients are totally dynamic, each time a client closes or another one connects, the client total goes up and down, and the index of each client changes. Maybe this does not matter for your display, but otherwise you need to keep track of where a connection from, if you wish to respond to it. CliId is unique, incremented for each new connection. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] Help with sending mail through gmail please
see how much I can remove to get just the core functionality and minimum property seting needed to simply automatically send a emailed newletter. Please do look at the Mail Queue Component I mentioned, the demo is actually a cut down version of a mailing list application I wrote 15 years ago and use regularly. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] TWSocketServer in depdicated thread
However the question is: why events are not raised in case of moving TWSocketServer out of main application thread? Because you need a message handler in the thread. There are lots of samples that show how to use threads. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] TWSocketServer in depdicated thread
I'm trying to make TWSocketServer pworking in a separate thread Why not start with TWSocketThrdServer? Look at the sample OverbyteIcsThrdSrvV3.dpr which uses it. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] Simple Example to receive POST Data with THttpAppServer?
yes, I've looked at the example. But if I try to implement this to my application the OnPostedData-Event is never raised. I don't know why :-(. Is there a Handler for POST-Data, that I have to register first? You do need an AddPostHandler page handler for each POST page you need, maybe as well as a AddGetHandler, and you check Client.Method to see which called it. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] issues with POSTing data to ICS HTTP server (reproducible with ICS HTTP server demo)
For a current project I need to build an HTTP server to which data can be POSTed, so I build one using OverbyteIcsWebServ.dpr as an example. I ran into stability problems, and starting slimming my code down to isolate the problem. Please try uploading your file to one of my public servers, which uses the ICS webapp server component, and see if you get the same problem. http://www1.telecom-tariffs.co.uk/testing/uploadfile.htm Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] issues with POSTing data to ICS HTTP server (reproducible with ICS HTTP server demo)
Thanks for the idea, can I upload files from software instead of using the webpage? This is explained when you read the web page. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] issues with POSTing data to ICS HTTP server (reproducible with ICS HTTP server demo)
No, I can't reproduce using that URL You did not succeed in saving any files on the server, because my application ignores all upload file names with file path delimiters. It will be a better test if you strip off the path and just leave the XML file name. 12:42:59 Request: 192.168.1.162:80[id=5398] from 80.100.37.247 (bosma.xs4all.nl): http://www1.telecom-tariffs.co.uk/testing/uploadfile.htm?FileName=merijn.test/cg i-bin/FileUpload/books.xml POST 12:42:59 Received Post Data File, Size 4,550, Content Type: application/binary 12:42:59 Illegal Upload File Name: merijn.test/cgi-bin/FileUpload/books.xml FileName: merijn.test/cgi-bin/FileUpload/books.xml FileTitle: Post URL: http://www1.telecom-tariffs.co.uk/testing/uploadfile.htm From IP Address: 80.100.37.247 12:42:59 Request Completed: 192.168.1.162:80[id=5398] 80.100.37.247 (bosma.xs4all.nl), Result 200, took 0ms, CurRead 4.97 Kbytes, CurWrite 2.35 Kbytes Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] issues with POSTing data to ICS HTTP server (reproducible with ICS HTTP server demo)
I've tried a number of times with this url http://www1.telecom-tariffs.co.uk/testing/uploadfile.htm?FileName=me rijn.test Can you please confirm if the upload went ok? Received Post Data File, Size 4,550, Content Type: application/binary FileName: merijn.test/cgi-bin/FileUpload/books.xml No, my application decodes the received POST data with TFormDataAnalyser, and that has the longer CGI file name. It ignores the URL argument if the HTTP content says multipart/form-data. It's a couple of years since I worked with this stuff and I don't POST files in any of my active applications, so I'm a little hazy on why it's there - possibly to test the form decoding components when someone in this mailing list was having a problem. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
[twsocket] OT: Buffer Overflow in VCL Bitmap Processing Code
Because Embarcadero is still trying to get it's forums and newsgroups running after two weeks downtime, some may have missed a security vulnerability in the VCL graphics unit processing bitmaps: http://blog.marcocantu.com/blog/2014_august_buffer_overflow_bitmap.html The bug needs a two line fix in graphics.pas, in all versions of Delphi. http://support.embarcadero.com/article/44015 Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] OpenSSL 1.0.1h binaries available
The Overbyte web sites have finally returned to life, so the new OpenSSL binaries are also available on the wiki download page: http://wiki.overbyte.be/wiki/index.php/ICS_Download Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] THTTPCli and 307 or 308 redirects with non GET methods
Not easy to get it from the RFCs or from the online discussions, Can we please make a final decision if further redirect changes are needed now, just doing other updates. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
[twsocket] Magenta Systems IP Log Streaming Component
Version 2.0 of the Magenta Systems IP Log Streaming Component may now be freely downloaded from: http://www.magsys.co.uk/delphi/magics.asp Version 2.0 adds IPv6 and SSL support including certificate checking using a PEM bundle file or Windows Certificate Store, adds host name support for clients and adds sending a stream of unlimited length. The component needs ICS v8 dated April 2014 or later installed. Overview TMagIpLog is designed for IP stream logging, using TCP Client, TCP Server, UDP Client or UDP Server protocols, sending simple text lines across a network so they may be displayed or written to disk remotely. The component allows two way communication with TCP and UDP, so may also be used for simple protocols such as communication between two applications. The component supports multiple client sockets so may be used to send data to two or more different remote servers at the same time. For TCP and UDP clients, the component will optionally ping the remote computer first before opening an IP connection to allow faster failure retries and some confirmation that UDP may work. TCP client provides repeated connection retry attempts, including re-establishing a lost connection. UDP client will optionally keep pinging the remote during a connection to ensure it's still there. UDP server sends data to the IP address and port from which it last received data. TCP server supports multiple remote clients connecting. Received data is parsed for various line endings optionally removing control characters and triggering an event for a received line. The only other two events are optional, one for state changed when starting and stopping, the second offering progress information and errors. The component supports both IPv4 and IPv6, host name lookup for TCP and UDP Client, and SSL connections for TCP Client and TCP Server, including remote server certificate checking using either a local PEM bundle root file or the Windows Certificate Store. -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
[twsocket] Future improvements for HTTP components?
This message is intended to start a dialog about future improvements to ICS components for Windows, in particular the HTTP client and server components where the world is moving ahead of us. Currently, new features tend to get added as needed by the main ICS developers for specific projects, for instance I've added cookie and better MIME support recently for my own projects. Other users have customised ICS components for their own purposes, sometimes submitting them as 'usermade' back to ICS, sometimes making them public in other ways. So the first question here is are new features needed for future Delphi projects using ICS, and if so what, in which order of priority? The next question is has someone done this work already, and are they prepared to donate the work to ICS for others to share? Finally, all this new stuff has to integrated and tested with the existing ICS code, which can be time consuming on it's own, so who can help? Usually that is those benefiting from the improvements? Specifically, for the HTTP client and server components: 1 - Support all the current requests, PUT, DELETE, PATCH, TRACE, OPTIONS and CONNECT, optionally. 2 - Support OAuth and/or OpenID authentication. 3 - Support Web sockets (not really HTTP), already done by Stan Korotky at http://ics-websockets.googlecode.com/svn/trunk Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] Nagios like communication
which component can be used as client to talk to the above server component. Building an http server into my program sounds good but is way too much for what I need. Look at free Magenta Systems IP Log Streaming Component at: http://www.magsys.co.uk/delphi/magics.asp which is a high level TCP/IP and UDP/IP, server and client, all in a single component, that can be dropped on a form and only needs a couple of events to send and receive lines of data. There is an EXE demo in the zip. It handles all the boring error handling, connection and disconnection events, retries on failure, etc, so you just program your own protocol. I've just finished a new version supporting SSL and IPv6, not on the web site yet. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] Future improvements for HTTP components?
basic http server that handles requests but process them on different and configurable number of threads. Anyone? Have you looked at the existing threaded components and demos: OverbyteIcsWSocketTS.pas - Winsock component for building multithreaded servers OverbyteIcsThrdSrv.dpr - Basic multithreaded TCP server, banner sent in main thread OverbyteIcsThrdSrvV2.dpr - Basic multithreaded TCP server, banner sent in worker thread OverbyteIcsThrdSrvV3.dpr - Basic TCP server showing how to use TWSocketThrdServer Effectively, the existing HTTP server component needs OverbyteIcsWSocketS.pas replacing with OverbyteIcsWSocketTS.pas. I might look at this in a few months, since my own web server is currently blocking for a few milliseconds while SQL requests complete, but no-one has ever complained. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] Nagios like communication
The linchpin of all this is, that the program itself is up and running, doesn't hang and that it can still response. Otherwise, days can go by and no data is recorded. I hope your application is already a Windows service, you can then make use of the various service restart options if it stops. These options do not handle lock-ups, so you really need a second Windows service sending messages to the first, and using various methods to crash and restart it if there is no response, maybe also checking a shared file or registry key to make sure the first program is working. So my idea was to have a little watchdog (to be programmed) running on a server which regularly connects to all of the clients to get a response that all is well. Several years ago I had a large project with PCs running on road vehicles, which is a horrible environment, power surges, heat and vibration. I had three 'vehicle activity servers' using TWSocketServer which the remote vehicles contacted via wifi (and later 3G) every five minutes, which updated a SQL database, reported on web pages. I designed a simple TCP/IP ASCII protocol that ended up with about 50 different commands each way, returning status information like fan speeds and CPU temperatures so we knew when the PCs were about to die (50% of CPU fans died within a year). Some of this you can do with off the shelf software, I sell an application ComCap that accepts UDP and TCP messages, and will email based on content or when they stop, and I use it myself so I know when my remote hosted servers goes off-line. Nagios is probably similar, but much more specialised than ComCap, but I've no idea what sort of input streams it expects. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] THTTPCli and 307 or 308 redirects with non GET methods
Not easy to get it from the RFCs or from the online discussions, but I've now checked how Firefox and Chrome are implementing it Exactly, each browser has implemented redirection in different ways for different requests, there is no general consensus If you can just check MSIE as well, harder without source, we can be sure to following most browsers. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] THTTPCli and 307 or 308 redirects with non GET methods
This subject doesn't deserve not even a reply?! I'm the only one able to fix things here at the moment, and I have a lot of other priorities. But I'll put it on my list for next month. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] TSslPop3Cli... 6.13
Note messages are only deleted when the mailbox is actually closed with the QUIT command. I think that is the issue. This is a 24/7 program and I do not issue the quit until the program is stopped. POP3 mailboxes are rarely dynamic, they show a snapshot of the content when opened, and not email that arrives while they are open. Otherwise the STAT, LIST and UIDL command message numbers would not match the message numbers when you retrieve or delete something. I guess they could retrieve new content each time one of those commands is issued, and maybe that is what a modern database driven POP3 mailbox can do, unlike the old flat file mailboxes from years ago. But generally closing the POP3 mailbox as soon as possible is the way to work. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] C++Builder XE6
I would be happy to share my work if you'd like and you think it might be helpful to others... Probably, but we really need all three missing BCB versions tested, which needs someone with all these versions installed, which is not trivial. I have Windows 7 VM that is currently 120 gigs with 13 (I think) versions of Delphi/BCB installed, which I use for testing ICS, it was a pain to set-up, I hope it never self destructs so I don't have to start again. Also, I have a question about the 'Debug' vs 'Release' build. Right now it seems the projects compile with the 'Debug' build. What advantage does compiling for 'Release' have? What actually happens for debug and release builds can be customised, but generally release is smaller since there is no debug information in the EXE. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] TFtipClient and TFtpServer and 10053 error after Transmit successful...
Not sure if this gives us more information to go on. Any ideas? Assuming you are logging OnError, I can see no errors reported, so all we have is the error code 500 after a sequence of FTP events that all appear to have completed correctly. Are you logging the ErrorMessage property at the end, it may have something? However, there seems to be a missing response to QUIT, it should be: QUIT 221 Goodbye. FTP Session Closed so maybe this is where your abort error is coming from. If you log a different client without the error, do you see 221? I've never used TRANSMIT, or any of the other methods that do a complete FTP session using a single method, the problem is you really have no idea when it fails as to why, as you've discovered. I use the separate methods and check for errors after every command. But I ignore errors for QUIT and ABORT, since nothing actually matters at that point. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] TFtipClient and TFtpServer and 10053 error after Transmit successful...
The Transmit method returns failure even though the file is successfully uploaded. Notice how the request is 18, the StatusCode is 226 but an Error 500 is returned with a winsock error of #10053). 226 is success, so no idea why you get 500 as well. The transmit method does several commands in sequence, but you are not logging enough to see where the error is happening. You really need to log the onDisplay, OnError and OnResponse events so you see all the command responses being processed. #10053 is connection aborted, which generally does not matter if the important commands have already been successful. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] HTTP PATCH method for the HttpCli
SVN is now updated with the PATCH method in the HTTP Client. Angus Original Message *Subject:* Re: [twsocket] HTTP PATCH method for the HttpCli *From:* RTT p...@sapo.pt *To:* ICS support mailing twsocket@lists.elists.org *Date:* Fri, 18 Apr 2014 17:31:38 +0100 On 18-04-2014 16:34, Angus Robertson - Magenta Systems Ltd wrote: So there is no way for us to test the changes, without extra development to change our web samples? I also can not make TortoiseSVN recognise your patch file, which is either faulty or badly formatted, or maybe I just don't know how to use SVN. I've sent you the file OverbyteIcsHTTProt.pas, with the changes already applied, and the OverbyteIcsHttpTst1 project, changed files, with the Patch method implemented. You can test it against this online service http://httpbin.org/ Just set the URL to the patch endpoint, http://httpbin.org/patch, add some text to the data field, and click the Patch button. -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
[twsocket] SSL improvements
To improve handling and reporting of PEM SSL certificates, there is a new component class TX509Ex derived from TX509Base adding properties for most common certificate entries including extensions, there are the properties reported for my code signing certificate, as reported by the updated OverbyteIcsPemTool tool: --- ISSUED TO (Subject) Common Name (CN):Magenta Systems Ltd Alt Name (DNS): Alt Name (IP): Organisation (O): Magenta Systems Ltd Organisational Unit (OU): SECURE APPLICATION DEVELOPMENT Country (C): GB State/Province(ST): England Locality (L): Croydon Serial Number: Title (T): Initials (I): Given Name (G): Surname (S): Description (D): Email (Email): ISSUED BY Common Name (CN):Thawte Code Signing CA - G2 Organisation (O): Thawte, Inc. Organisational Unit (OU): Country (C): GB State/Province(ST): England Locality (L): Croydon Email (Email): GENERAL Serial Number: -1 Issued on:12/10/2013 Expires on:16/10/2014 Key Usage: Extended Key Usage: Code Signing, Microsoft Commercial Code Signing Basic Constraints: CA=FALSE Authority Info Access: OCSP - URI=http://ocsp.thawte.com --- A certificate authority certificate is reported similarly to the following, which is reported as self signed, by a CA: --- ISSUED TO (Subject) Common Name (CN):thawte Primary Root CA Alt Name (DNS): Alt Name (IP): Organisation (O): thawte, Inc. Organisational Unit (OU): Certification Services Division, (c) 2006 thawte, Inc. - For authorized use only Country (C): US State/Province(ST): Locality (L): Serial Number: Title (T): Initials (I): Given Name (G): Surname (S): Description (D): Email (Email): SELF SIGNED GENERAL Serial Number: -1 Issued on:17/11/2006 Expires on:16/07/2036 Key Usage: Certificate Sign, CRL Sign Extended Key Usage: Basic Constraints: CA=TRUE Authority Info Access: --- The OverbyteIcsPemTool listview now reports the common name, issued to and issuer, for each certificate it finds in the specific directory. When using OverbyteIcsPemTool to create self signed certificates, certificate requests, and creating PEMs from the Windows Certificate Store, optionally clear text comments can be added before the base64 blocks to easily identify different certificates (which otherwise all look much alike), ie: --- # X509 SSL Certificate # Subject Common Name: RapidSSL CA # Subject Alt Names: # Subject Organisation: GeoTrust, Inc. # Issuer: GeoTrust Global CA # Expires: 18/02/2020 -BEGIN CERTIFICATE- --- When creating a certificate requests and self signed certificates, the private key and certificate may now be optionally saved to separate files, since you certainly don't want to distribute your private key anywhere. Note these changes are in OverbyteIcsSslX509Utils.pas which is currently in the Samples/Delphi/SslInternet directory, it may be more convenient to copy it to the main source directory. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] HTTP PATCH method for the HttpCli
Any technical reason for discarding this functionality I submitted some time ago? How do we test it? There is no sample to run. Nothing to test against. I don't have time to read the Google Drive API, Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] Clarification Re: FTP TLS, SSL, + passive mode problem
asked me about it), this server is private (hosting in US : atomicvps.com) So you are using a public server on a WAN, with a NAT routers or a firewall on either end of the connection? as another test i also installed local filezilla server and was able to reproduce same problem with it (ICS upload to local filezilla server) But now you say it fails on the LAN as well, is that with the ICS SSL demo FTP application? This is an extract log from the ICS FTP server I asked you to test against, which shows Passive mode with SSL does work OK. This test is done using my DUN Manager application you can download and test from: http://www.magsys.co.uk/dunman/ Starting FTP Download from: ics.ftptest.org Connect/Logon to FTP Server: ics.ftptest.org:990 Check for Old SSL Session ! SSL handshake OK SSL Handshake Done OK, Secured with TLSv1, Cipher AES256-SHA, Secret Bits 256 (Total 256) 0 Certificate(s) in the verify chain Starting SSL Session Cache SSL Session: New 220-ics.ftptest.org 220-ICS TFtpServerW (c) 1998-2013 F. Piette V8.04 220 Server: MAGPUB2 at 2014-04-08T19:17:26 FTP Session Connected to 217.146.102.142:990 Downloading File: /test/testcode.asp to E:\temp1\testcode.asp, size 10.7 Kbytes PASV 227 Entering Passive Mode (217,146,102,142,82,82). RETR testcode.asp Check for Old SSL Session 150 Opening data connection for testcode.asp. ! SSL handshake OK SSL Handshake Done OK, Secured with TLSv1, Cipher AES256-SHA, Secret Bits 256 (Total 256) 0 Certificate(s) in the verify chain Starting SSL Session Cache SSL Session: Reuse 226 File sent ok ! 10.7Kbytes received/sent in 250 milliseconds Downloaded File e:\temp1\testcode_asp.tmp, size 10.7 Kbytes Updating Time Stamp: E:\temp1\testcode.asp to (UTC)=20080307-23 Download OK: E:\temp1\testcode.asp, size: 10.7 Kbytes, duration 0:00, average speed 38.1K/sec Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] HTTP PATCH method for the HttpCli
It's exactly the same code as for POST and PUT. Only the HTTP method name changes. So there is no way for us to test the changes, without extra development to change our web samples? I also can not make TortoiseSVN recognise your patch file, which is either faulty or badly formatted, or maybe I just don't know how to use SVN. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
[twsocket] OT: Microsoft network sniffers
Never noticed them before, but Microsoft has two network traffic monitoring or sniffer tools. The older one is Microsoft Network Monitor 3.4 for XP and later, and Microsoft Message Analyzer 1.0 for Windows 7 and later, both free from the download center. Has anyone tried either? I note that Nirsoft 'Who is connected sniffer' supports WinPcap and both the Microsoft tools, so presumably there is a published interface for them to allow application control. Has anyone tried the Microsoft sniffers? Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] When receiving UDP datas, find if there were sent through a broadcast
I have a server with an UDP socket listening. Some Clients connect with the Ip address of the server : Direct Addressing. Some Clients do not know the Ip address of the server, therefore they connect by sending a broadcast. In OnDataAvailable event, i would like to know which Clients have been connected through a broadcast. I don't believe there is anything in the IP protocol that will identify a broadcast. So you can either arrange the clients tell you as part of the data you send, use a different port for broadcasts, or keep track of the IP addresses locally (if you know already). In DataAvailable, you can use ReceiveFrom the get the IP address of the remote client. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] Handshake of TWSocket
is there anybody who can and will explain to me if the socket handshake protocol is implemented GET /chat HTTP/1.1 Host: server.example.com Upgrade: websocket Sorry, websockets is not supported by the ICS HTTP components. Another ICS user stas...@orc.ru has implemented websockets: http://code.google.com/p/ics-websockets/ although I've never looked at it, and the project does not seem to have been updated for over a year. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] Basic HTTP Authentication over SSL
The process should be as follows: 1) Use HTTP POST to pass username and password parameters to login URL 2) A token string is returned if login was successful 3) The token is then used as Basic Authentication using HTTP GET to retrieve JSON from different API URL Step 1 and 2 are normal and simple, step 3 is unusual, basic authentication is rarely used to pass tokens, they are normally sent as parameters with the request or handled as cookies. You really need a proper log in your code so you can see exactly what commands are sent, and the responses received. Look at the Browser demo, which supports authentication and cookies. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] No Socket Handshake available
I encountered that the socket handshake, as described in RFC 6455, is not implemented in the ICS components of overbyte. That standard is websockets, not sockets, totally different. Websockets is not supported by ICS, see the answer I gave you yesterday which you ignored, I suggest an ICS component that does websockets. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] default gzip of json by THTTPServer - is it possible or am I to do it myself?
Not used JSON myself, but I'd guess if it's a compressable response then 'application/json' needs to added to that line so compression is not skipped. SVN was updated a couple of days ago with this JSON fix in the HTTP Server, also now compressing Javascript, and recognising both as MIME types. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] OverbyteIcsFtpCli v8 (current) old problem resurfaces
{ V8.03 InternalReady happens between multiple commands, ignore it } if FState in [ftpReady {, ftpInternalReady}] then begin Include ftpInternalReady in the check and it should work again. @Angus, why did you change it? For the reason documented in the code, the longer version is at the top of the module: Fixed bug in WaitUntilReady that meant some sync methods with multiple commands randomly terminated prematurely allowing further commands to be sent usually resulting in not ready errors. TriggerRequestDone is called after each command which sets ftpInternalReady (except for passive PUT), but this means it's set briefly during numerous async methods, often after PORT before LIST, GET or PUT has started. So WaitUntilReady exits before other commands are done. I'd been seeing these errors for many years. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] default gzip of json by THTTPServer - is it possible or am I to do it myself?
I have enabled content encoding on my THTTPServer: And return content to my client using AnswerString pClientCnx-AnswerString(Flags, 200 OK, application/json, sResponseHeader, sResponseBody); However if my client includes Accept-Encoding: gzip in its request header the OnHttpContentEncode event is not called. if (ContType = '') or (Pos ('text/', ContType) 0) or (Pos ('xml', ContType) 0) then begin{ only compress textual stuff } Not used JSON myself, but I'd guess if it's a compressable response then 'application/json' needs to added to that line so compression is not skipped. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be