Component shuffling Nov 2023
V9.1
TOcspHttp from OverbyteIcsSslHttpRest to OverbyteIcsSslUtils
TDnsQueryHttp from SslHttpRest to DnsHttps
TIcsDomNameCacheHttps from SslHttpRest to DnsHttps
TX509Base from OverbyteIcsWSocket to SslBase
TSslBaseComponent from WSocket to SslBase
TX509List from WSocket to SslBase
TSslContext from OverbyteIcsWSocket to SslBase (except callback, now set in
TextToHtmlText and IcsHtmlValuesToUnicode from FormDataDecoder to HtmlUtils
IcsFindHtmlCharset, IcsFindHtmlCodepage, IcsContentCodepage, IcsHtmlToStr from CharsetUtils to HtmlUtils
IcsExtractURLEncodedValue from SslHttpRest to OverbyteIcsUrl
GetCookieValue from HttpSrv to OverbyteIcsUrl
ExtractURLEncodedParamList from HttpSrv to OverbyteIcsUrl
HttpSrv now calls Icsxx versions in OverbyteIcsUrl
Future?
TSocketFamily and IPv4/v6 functions from OverbyteIcsWSocket to new unit
New units
OverbyteIcsHtmlUtils.pas
OverbyteIcsSslBase.pas
OverbyteIcsDnsHttps.pas
OverbyteIcsSslUtils.pas
Ics.Fmx.OverbyteIcsDnsHttps.pas
Ics.Fmx.OverbyteIcsSslUtils.pas
Ics.Fmx.OverbyteIcsSslBase.pas
OverbyteIcsSslBase.dcr
OverbyteIcsDnsHttps.dcr
OverbyteIcsSslUtils.dcr
OverbyteIcsDnsHttps.res
Nov 16, 2024 V9.1 Using OverbyteIcsHtmlUtils instead of CharSetUtils/FormDataDecoder.
Feb 07, 2024 V9.1 Added OverbyteIcsHtmlUtils.
Feb 06, 2024 V9.1 Added OverbyteIcsHtmlUtils.
7 Feb 2024
// OverbyteIcsCharsetUtils, { V9.1 }
OverbyteIcsHtmlUtils, { V9.1 }
OverbyteIcsHtmlUtils, { V9.1 }
OverbyteIcsCharsetUtils, { V9.1 }
// Ics.Fmx.OverbyteIcsSslHttpRest, { V8.69 }
Ics.Fmx.OverbyteIcsSslUtils, { V9.1 }
// OverbyteIcsSslHttpRest, { V8.69, gone V9.1 }
OverbyteIcsSslUtils, { V9.1 }
Ics.Fmx.OverbyteIcsSslHttpOAuth in '..\Source\Ics.Fmx.OverbyteIcsSslHttpOAuth.pas',
Ics.Fmx.OverbyteIcsIpUtils in '..\Source\Ics.Fmx.OverbyteIcsSslHttpOAuth.pas';
Nov 16, 2023 V9.1 TOcspHttp now in OverbyteIcsSslUtils rather than OverbyteIcsSslHttpRest to
ease linking.
OverbyteIcsSslUtils
OverbyteIcsSslBase, { V9.1 TX509Base }
Ics.Fmx.OverbyteIcsSslBase, { V9.1 TX509Base }
{$IFDEF USE_SSL}
OverbyteIcsSSLEAY, OverbyteIcsLIBEAY,
OverbyteIcsSslBase, { V9.1 TX509Base }
{$ENDIF}
OverbyteIcsSslBase; { V9.1 TX509Base }
Nov 20, 2023 V9.1 Added OverbyteIcsSslBase which now includes TSslContext,TX509Base and TX509List.
TOcspHttp now in OverbyteIcsSslUtils rather than OverbyteIcsSslHttpRest to
ease linking.
OverbyteIcsSslUtils, { V9.1 TOcspHttp }
OverbyteIcsSslBase; { V9.1 TSslContext, TX509Bas, TX509List }
Note: no longer supported, please use OverbyteIcsFtpMulti.pas instead.
Feb 07, 2024 V9.1 Added OverbyteIcsSslBase which now includes TSslContext,TX509Base and TX509List.
Nov 22, 2023 V9.1 Moved TSslContext, TSslBaseComponent, TX509Base and TX509List to OverbyteIcsSslBase
to simplify this unit, left SslContext callbacks here since they need access to
it, now set in InitSSLConnection instead of InitContext.
No longer supportng defines OPENSSL_USE_DELPHI_MM (never used),
OPENSSL_NO_ENGINE (deprecated, never used), OPENSSL_USE_RESOURCE_STRINGS
(never used), NO_OSSL_VERSION_CHECK (dangerous), DEFINE OPENSSL_NO_TLSEXT
(TLS needed everywhere), LOADSSL_ERROR_FILE (better debugging now).
FSslCtx to SslCtxPtr
Added OverbyteIcsUrl which has IcsExtractURLEncodedValue.
{ Uncomment next define to compile ICS against YuOpenSSL. This compiles }
{ OpenSSL code directly into binaries and frees applications from OpenSSL }
{ DLLs. Download YuOpenSSL from https://www.yunqa.de. }
{.$DEFINE YuOpenSSL}
{ Uncomment next define to link the OpenSSL DLLs into the application as }
{ resource files which firsy time run are extracted to shell path }
{ CSIDL_COMMON_APPDATA and sub-directory "ICS-OpenSSl" with a version }
{ subdirectory, so usually "C:\ProgramData\ICS-OpenSSl\3012\" }
{ Note only one specific major/minor version can be linked, as specified }
{ here, which is used in OverbyteIcsLIBEAY.pas to save and load the files. }
{ Ignored with DEFINE YuOpenSSL. }
{$DEFINE OpenSSL_Resource_Files}
{.$DEFINE OpenSSL_30}
{$DEFINE OpenSSL_31}
{.$DEFINE OpenSSL_32}
{ Comment out next define if you don't want ICS to look for the OpenSSL DLLs }
{ in shell path CSIDL_COMMON_APPDATA and sub-directory "ICS-OpenSSl" which }
{ usually "C:\ProgramData\ICS-OpenSSl", note no version sub-directory so }
{ DLLs extracted from other ICS applications will not be found. }
{ Ignored with DEFINEs YuOpenSSL and OpenSSL_Resource_Files }
{$DEFINE OpenSSL_ProgramData}
Description, Library name, All Configurations, Win/32/64
Description: Overbyte ICS Common Run-Time Package for Delphi
LIB suffix: $(Auto)
unit output directory
..\Lib\$(Config)\$(Platform)\D12
sslcontext - remove
{$R '..\Source\OverbyteIcsSslBase.dcr'}
{$R '..\Source\OverbyteIcsDnsHttps.dcr'}
{$R '..\Source\OverbyteIcsSslUtils.dcr'}
OverbyteIcsDnsHttps in '..\Source\OverbyteIcsDnsHttps.pas',
OverbyteIcsSslUtils in '..\Source\OverbyteIcsSslUtils.pas',
OverbyteIcsSslBase in '..\Source\OverbyteIcsSslBase.pas';
All Configurations - All Platforms
DCP output dir:
Paclage output dir:
Unit output dir: ..\Lib\$(Config)\$(Platform)\$(ProductVersion)
Default output dir: .\$(Platform)\$(Config)
copy ..\Source\OverbyteIcsTnOptFrm.dfm ..\Lib\$(Config)\$(Platform)\$(ProductVersion)\OverbyteIcsTnOptFrm.dfm© ..\Source\OverbyteIcsOAuthFormVcl.dfm ..\Lib\$(Config)\$(Platform)\$(ProductVersion)\OverbyteIcsOAuthFormVcl.dfm
copy ..\Source\OverbyteIcsOAuthFormFmx.fmx ..\Lib\$(Config)\$(Platform)\$(ProductVersion)\OverbyteIcsOAuthFormFmx.fmx
copy ..\Source\OverbyteIcsTnOptFrm.dfm ..\Lib\Release\Win32\D12\OverbyteIcsTnOptFrm.dfm© ..\Source\OverbyteIcsOAuthFormVcl.dfm ..\Lib\Release\Win32\D12\OverbyteIcsOAuthFormVcl.dfmcopy ..\Source\OverbyteIcsTnOptFrm.dfm ..\Lib\Debug\Win64\D12\OverbyteIcsTnOptFrm.dfm© ..\Source\OverbyteIcsOAuthFormVcl.dfm ..\Lib\Debug\Win64\D12\OverbyteIcsOAuthFormVcl.dfm
copy ..\Source\OverbyteIcsOAuthFormFmx.fmx ..\Lib\Release\Win32\D12\OverbyteIcsOAuthFormFmx.fmx
Overbyte ICS Test Linux Package for Delphi
Lib suffix: $(Auto)
{$IFNDEF UNICODE} { V9.1 not needed for unicode compilers }
{$ENDIF UNICODE}
{ ICS has three optional root certificate authority bundles that can be }
{ linked as resources, only one of these should be uncommented. }
{$DEFINE OpenSSL_CA_Bundle_Small}
{.$DEFINE OpenSSL_CA_Bundle_Medium}
{.$DEFINE OpenSSL_CA_Bundle_Large}
{ ICS will auto load OpenSSL and Root CA Bundle into IcsSslRootCAStore on }
{ start-up if the OverbyteIcsSslBase unit is linked, disable if your }
{ application should not load OpenSSL. }
{$DEFINE OpenSSL_AutoLoad_CA_Bundle}
Mostly gone sslRootCACertsBundle
IcsSslRootCAStore := TSslRootCAStore(Nil); { V9.1 common Root CA Store }
IcsSslRootCAStore.Initialise;
FInitFlag := True;
FCAStoreSource := CARootTxt;
DefRootFile := 'DefRootCABundle.pem';
ExtraRootFile := 'ExtraRootCABundle.pem';
{ first try internal store }
{ now try C:\ProgramData\ICS-OpenSSL\DefRootCABundle.pem }
{ finally DefRootCABundle.pem }
Searching for: sslRootCACertsBundle
Using public IcsSslRootCAStore instead of local root store.
SslContext now uses public IcsSslRootCAStore instead of local root store.
if NOT IcsSslRootCAStore.InitFlag then { V9.1 if internal not loaded, do it }
IcsSslRootCAStore.Initialise;
FUseSharedCAStore : Boolean; { V9.1 ignores CAFile, CALines, CAPath, uses IcsSslRootCAStore }
// OverbyteIcsSslX509Utils, { gone V9.1 }
SslContext now uses public IcsSslRootCAStore and ignores root bundle.
FSslContext.UseSharedCAStore := True; { V9.1 ignore fSslRootFile for now }
OverbyteIcsHtmlUtils.pas
OverbyteIcsSslBase; { V9.1 TSslContext, TX509Bas, TX509List }
FSslContext.UseSharedCAStore := True; { V9.1 ignore fSslRootFile for now }
Remove OverbyteIcsWSocket.LoadSsl
Replace with IcsSslRootCAStore.Initialise in case not done automatically if an application
needs to report the OpenSSL version before requests start.
https://www.overbyte.eu - 19 Dec 2023
Dec 19, 2023 V9.1 Replaced LoadSsl with IcsSslRootCAStore.Initialise and LibeayLoadProviders
since this sample needs the OpenSSL Legacy provider.
Dec 19, 2023 V9.1 Added OverbyteIcsSslBase, replaced LoadSsl with IcsSslRootCAStore.Initialise.
Ignoring SslCertAuth root for now, fixed store instead.
IcsSslRootCAStore.Initialise; { V9.1 if OpenSSL and internal not loaded, do it }
LibeayLoadProviders(True, False); { V9.1 need legacy provider }
21st December 2023
function IcsReportOpenSSLVer(RootCA: Boolean = False): String; { V9.1 centralise version reporting }
{ OverbyteIcsWSocket.LoadSsl; V9.1 moved later in case OpenSSL not needed }
if ICS_OPENSSL_VERSION_NUMBER > 0 then { V9.1 done at startup, report it }
LogWin.Lines.Add('SSL/TLS ' + IcsReportOpenSSLVer(True)); { V9.1 simplify }
LogWin.Lines.Add('Built With ' + IcsBuiltWithEx); { V8.70 }
DisplayMemo.Lines.Add('SSL/TLS ' + IcsReportOpenSSLVer(True)); { V9.1 simplify }
proxyurl
http://pc21-web5.magenta:81
=================================================================================================
New OpenSSL releases 3.1.3, 3.0.11 and 1.1.1w
OpenSSL has released new versions of the three active branches.
These releases fix a low severity issue with the Win64 POLY1305 MAC implementation
corrupting XMM registers ([CVE-2023-4807]) which applies only to processors released
in the last two or three years supporting AVX512-IFMA instructions.
Windows binaries are available in SVN and the overnight zip file (tomorrow) and
separately from https://wiki.overbyte.eu/wiki/index.php/ICS_Download or https://www.magsys.co.uk/delphi/magics.asp
Separately, YuOpenSSL has released 3.0.11 and 1.1.1w as commercial DCUs allowing
applications to be used with OpenSSL without needing separate DLLs.
Note that 1.1.1w is the last release of that version, it is now out of support unless
you have an OpenSSL Premium Level Support contract for $50,000/year.
Angus
==============================================================================
4
03 Nov 2023
ICS V9.1 - Part 6
A lot of changes, many relating to uploading large files using HTTP. Previously the Web Application Server accepted uploads into memory restricting the maximum size, now a temporary file is used for larger files, tested up to 6GB.
The HTTP REST client has improved file uploading, allowing unrestricted parameters to be specified and multiple (smaller) files uploaded together, progress indication for uploads has been added. Note common browsers only support 2GB uploads.
There are improvements for accessing and processing posted content in the web server, with improved character set handling.
Also, the HTTP REST Client and web servers have a new option NoSSL to disable SSL/TLS protocols if not needed, this will be extended in future ICS releases as the non-SSL components disappear, too many conditionals in the code.
OverbyteIcsFormDataDecoder.pas
Oct 26, 2023 V9.1
Moved TextToHtmlText and IcsHtmlValuesToUnicode to CharsetUtils to avoid circular references.
Reworked so content value or data is saved during Decode as RawContentData except for file content, rather then being read from the stream on demand. If the encoding is known it may be read as RawContentData and decoded rather then using AsString which tries various decoding options.
Added property DecodeInfo that returns same output as Display event debug but as a string.
Added property FormCodePage that may be set with the form code page before decoding, used to correctly decode values.
Supported character set according to RFC7578 with an optional charset_ part typically specifying utf-8, sets FormCodePage.
If Content-Type specifies a charset or FormCodePage is set, values are converted from that charset, otherwise % is checked for percent encoding, or HTML encoding is assumed.
Added more PartData overrides that take a part number.
Display debug now includes textual data values.
Detect end of form if missing final -- missing after last boundary, don't return illegal parts.
OverbyteIcsFtpCli.pas
OverbyteIcsFtpSrv.pas
Oct 24, 2023 V9.1
Use IcsGetTempPath.
OverbyteIcsHttpAppServer.pas
Nov 02, 2023 V9.1
Added properties PostedDataTB and PostedDataStr to return posted data in easier to use types than an PAnsiChar buffer.
Added MaxUploadMB defaults to 200 MBbyte to restroct maximum size of POST or PUT requests.
Added MaxStreamMB defaults to 50 MBbyte as the maximum TMemoryStream size before a TFileStream is instead used with a temporary file name.
Added PostedDataStream to which POST and PUT content is written which is what TFormDataAnalyser needs, PostedData pointer now points to the stream memory rather than a stack buffer. This change allows file uploads larger than memory, up to MaxUploadSize.
Added new property NoSSL that prevents use of HTTPS, must be set before server is started.
INI file reads NoSSl, MaxUploadMB and MaxStreamMB.
OverbyteIcsHttpProt.pas
Oct 27, 2023 V9.1
Only call SetSslAlpnProtocols if using https.
If the Location property is cleared during the OnLocationChange event, relocation is stopped, can be used stop relocation from http to https.
Minor clean-up in DoRequestSync.
OverbyteIcsHttpSrv.pas
Nov 02, 2023 V9.1
ExtractURLEncodedParamList has new optional Values parameter than adds all values to the strings as name=value.
ContentLength can now be larger than 2GB.
Added new property NoSSL that prevents use of HTTPS, must be set before server is started.
OverbyteIcsMailQueue.pas
Nov 02, 2023 V9.1
Added new property NoSSL that prevents use of SSL/TLS, must be set before the queue is started.
INI file has new NoSSL setting to prevent SSL/TLS.
OverbyteIcsSslHttpRest.pas
Nov 03, 2023 V9.1
Added new property SharedSslCtx to TSslHttpRest which allows an external TSslContext component to be set to the SslContext property (just as with TSslHttpCli) rather than using the internal RestSslCtx automatically. This will be more efficient on memory when using multiple TSslHttpRest components in parallel since the root store or perhaps hundreds of SSL certificates will only be loaded once rather than separately for each instance.
Added new property NoSSL to TSslHttpRest that prevents use of HTTPS, must be set before any requests. HTTP redirected to HTTPS will fail.
TRestParams now builds POST/PUT parameters into a stream instead of a string to allow parameters including very large files and since the HTTP component needs a post stream, mainly for multipart/form-data parameters, see below, A temporary file is used for parameters larger than 50MB.
Added new TRestParams content type PContFormData to create multipart/form-data parameters, also TParamType of RPTypeFile, see OverbyteIcsUrl.
File uploading with HttpUploadSimple can now use TRestParams.
Added new property MaxLogParams to TSslHttpRest defaulting to 4,096 to restrict the length of params logged before requests with DebugLevel is DebugParams or better, there may be megabytes. Params are now line broken and binary stripped.
Added progress information for file uploading, that may take a while, uploads tested to 7GB, beware preparing the form-data content stream may take a few minutes without progress information, need TStream.CopyTo with a callback.
OverbyteIcsUrl.pas
Oct 27, 2023 V9.1
Redesigned TRestParams to build parameters into ParamStream using GetParamStream, to allow parameters including very large files and since the HTTP component needs a post stream rather than a string, mainly for multipart/form-data parameters, see below, GetParams still returns an AnsiString.
Added new TRestParams content type of PContNone to make them easier to disable, beware ordial values have changed if this
saved rather than a literal.
Added new TRestParams content type PContFormData to create multipart/form-data parameters, according to RFC7578 which may include multiple binary files and _charset_ part.
The TRestParams AddItem method has a new optional ContentType argument, currently used for PContFormData only.
Added TParamType of RPTypeFile for binary file content.
Added new TRestParams AddItemFile method that takes a full binary file name with optional file size and ContentType, the latter two will be looked up if not supplied, content from file extension and a MIME table.
Added new TRestParams FormDataUtf8 property that if true will add a FormData _charset_ part with utf-8 and send all textual conent as utf-8 without UrlEncoding.
Added GetEstParamSize that returns Int64 estimated size of the parameters, to allow the application to allocate a TFileStream instead of TMemoryStream if massive files are included, typically more than 50MB.
Added IcsPercentEncode and IcsPercentDecode to percent encode and decode any non 7-bit characters, ignore charsets. Similar to UrlEncode but does not change spaces or special chars, except %.
OverbyteIcsUtils.pas
Oct 29, 2023 V9.1
Added IcsTBToHex for a TBytes buffer.
Added Base64EncodeTB for a TBytes buffer.
Added IcsFormatHexStr to break long hex string into groups and lines, defaulting to eight chars per group, 64 per line.
Added IcsStrRemCntls to replace control codes (< space) in string with ~, optionally leaving line endings, IcsStrRemCntlsA takes an AnsiString or buffer, IcsStrRemCntlsTB is TBytes buffer.
Added IcsStrBeakup to break up text into multiple lines ol specified length, default 80.
Added IcsTimeToZStr to convert DataTime to string hh:mm:ss:zzz.
OverbyteIcsWSocket.pas
Oct 12, 2023 V9.1
Added property X509PubKeyTB to TX509Base to get the certificate public in DER binary format as TBytes, from where it may be converted to hex or base64, used for Raw Public Key certificate validation.
Added new TSslContext method GetCAStoreTotal to check how many certificates are in CA Store, so we know if it's empty and need to load it.
If a connection fails, don't change State to wsConnected briefly before changing it again to wsClosed.
OverbyteIcsWSocketS.pas
Nov 02, 2023 V9.1
Added new property NoSSL that prevents use of SSL/TLS, must be set before
OverbyteIcsCharsetUtils.pas
Oct 27, 2023 V9.1
Moved TextToHtmlText and IcsHtmlValuesToUnicode from FormDataDecoder to avoid circular references.
Samples/Delphi/SslInternet/OverbyteIcsHttpRestTst1.dfm
Samples/Delphi/SslInternet/OverbyteIcsHttpRestTst1.pas
Nov 03, 2023 V9.1
Added Added new 'Rest Content' type of 'None' which means ignore REST parametee.
Added 'No SSL/HTTPS' tick box to disable SSL and HTTPS requests.
Added new 'Rest Content' type of 'Form-Data Body' to create MIME multipart/form-data parameters that may include new TParamType of RPTypeFile that specifies a file name whose binary content will be added to the parameters as a file upload, in a similar way to the existing 'Upload File' as 'Form-Data' except allowing multiple files and extra parameters.
Added 'Form-Data UTF-8 Charset' tick box so form parameters are encoded as UTF-8 rather than HTML characters.
TRestParams are now into a TStream rather than an AnsiString to allow larger sizes, tested up to 8GB.
Samples/Delphi/SslInternet/OverbyteIcsDDWebService.ini
Samples/Delphi/SslInternet/OverbyteIcsDDWebService64.ini
Samples/Delphi/SslInternet/OverbyteIcsDDWebServiceSrv.dfm
Samples/Delphi/SslInternet/OverbyteIcsDDWebServiceSrv.pas
Samples/Delphi/SslInternet/OverbyteIcsSslMultiWebMailer.pas
Samples/Delphi/SslInternet/OverbyteIcsSslMultiWebServ.ini
Samples/Delphi/SslInternet/OverbyteIcsSslMultiWebServ1.dfm
Samples/Delphi/SslInternet/OverbyteIcsSslMultiWebServ1.pas
Samples/Delphi/SslInternet/OverbyteIcsSslMultiWebServ64.ini
Nov 03, 2023 V9.1
Added OverbyteIcsCharsetUtils for TextToHtmlText.
INI file has new MaxUploadMB default 200M and MaxStreamMB default 50M settings to restroct content upload for POST and PUT request, the latter is the largest memory stream before a temporary file is used in UploadDir, so sample now supports large uploads, tested with a 6 GBbyte file. Avoid using Form-Data for large files since the file has to be copied perhaps taking a minute or more before the request response is sent.
INI file has new NoSSL setting to prevent HTTPS with SSL/TLS. Variouschanges to sample so NoSSL does not use OpenSSL functions or offer HTTPS URLs.
Added new postinfo.html page that decodes and displays any parameters passed.
Samples/Delphi/SslInternet/OverbyteIcsSslMultiWebUploads.pas
Oct 29, 2023 V9.1
Added OverbyteIcsCharsetUtils for TextToHtmlText.
Using Client.PostedDataStr instead of Client.PostedData to avoid casting a buffer.
TFormDataAnalyser now decodes a form using Client.PostedDataStream instead of creating a new TMemoryStream, now supports uploads larger than memory, tested to 6GB. Should suggest unicode chars.
Added new postinfo.html page that decodes and displays any parameters passed.
Samples/Delphi/WebDemos/OverbyteIcsHttpPost1.dfm
Samples/Delphi/WebDemos/OverbyteIcsHttpPost1.pas
Samples/Delphi/WebDemos/OverbyteIcsWebAppServerMailer.pas
Samples/Delphi/WebDemos/OverbyteIcsWebAppServerMain.dfm
Samples/Delphi/WebDemos/OverbyteIcsWebAppServerMain.pas
Oct 27, 2023 V9.1
Added OverbyteIcsCharsetUtils for RemoveHtmlSpecialChars.
Using Client.PostedDataStr instead of Client.PostedData to avoid casting a buffer.
==============================================================================
07 Nov 2023
ICS V9.1 - Part 7
Extending NoSSL to more units.
The Snippets sample has been updated for the new file upload features in TSslHttpRest.
ICS V9.0 and V9.1 already have packages for RAD Studio 12.0 Athens and have been tested on the RTM.
V9.0 is already available from GetIt.
If installing manually, there is a new D12InstallVcl.groupproj for VCL only that replaces D12Install.groupproj.
OverbyteIcsFtpMulti.pas
OverbyteIcsHttpMulti.pas
Nov 07, 2023 V9.1
Added new property NoSSL to TIcsHttpMulti that prevents use of SSL and HTTPS, must be set before any requests. HTTP redirected to HTTPS will fail.
Samples/Delphi/SslInternet/OverbyteIcsHttpRestTst1.pas
Nov 06, 2023 V9.1
Fixed NoSSL so OpenSsl not opened until request starts.
Samples/Delphi/SslInternet/OverbyteIcsSnippets1.dfm
Samples/Delphi/SslInternet/OverbyteIcsSnippets1.pas
Nov 07, 2023 V9.1
Improved HTTP uploading snippets for new features in TSslHttpRest.
Snippet HTTP POST Upload File is now HTTP Simple Upload File.
New snippet HTTP Form Upload File that uses form-data parameters.
Samples/Delphi/SslInternet/OverbyteIcsXferTst1.dfm
Samples/Delphi/SslInternet/OverbyteIcsXferTst1.pas
Nov 07, 2023 V9.1
Added 'No SSL/HTTPS' tick box to disable SSL and HTTPS requests.
MyJsonParams := TRestParams.Create(self);
MyJsonParams.PContent := PContJson;
MyJsonParams.AddItem('FileTitle', mytitle);
MyJsonParams.AddItem('FileName', myfile);
SslHttpRest.RestParams.PContent := PContFormData;
SslHttpRest.RestParams.AddItem('FileTitle', mytitle);
SslHttpRest.RestParams.AddItemA('JsonBlock', MyJsonParams.GetParameters, true);
SslHttpRest.RestParams.AddItemFile('FileName', mysrcfile, 0);
SslHttpRest.RestParams.AddItem('Submit', 'SubmitFile');
SslHttpRest.HttpUploadStrat := HttpUploadNone;
StatCode := SslHttpRest.RestRequest(httpPOST, myurl, False, '');
==============================================================================
10 Nov 2013
OpenSSL-Win32/legacy.dll
OpenSSL-Win32/libcrypto-3.dll
OpenSSL-Win32/libssl-3.dll
OpenSSL-Win32/openssl.exe
OpenSSL-Win32/readme.txt
Samples/Delphi/SslInternet/legacy-x64.dll
Samples/Delphi/SslInternet/legacy.dll
Samples/Delphi/SslInternet/libcrypto-3-x64.dll
Samples/Delphi/SslInternet/libcrypto-3.dll
Samples/Delphi/SslInternet/libssl-3-x64.dll
Samples/Delphi/SslInternet/libssl-3.dll
Include/OverbyteIcsDefs.inc
OpenSSL-Win32/LibV31OpenSSL32.RC
OpenSSL-Win32/LibV31OpenSSL32.RES
==============================================================================
ICS V9.1 - Part 8
Updated OpenSSL to 3.1.4.
ICS can includes the OpenSSL DLLs as resource files that can be pptionally linked into application as a resource, to avoid distributing them separately. When the application runs, it checks to see if the DLLs have be extracted previously, and if not, creates them from the resource. See below for more information.
OverbyteIcsLIBEAY.pas
Nov 09, 2023 V9.1 Added two more X509 functions.
Removed support for OpenSSL 1.1.1 which is end of life.
Not currently supporting GSSLEAY_DLL_IgnoreOld/New since only 3.x supported.
The external OpenSSL DLL files may now be optionally linked into application as a resource, to avoid distributing
them separately. When the application runs, it checks to see if the DLLs have be extracted previously, and if not,
creates them from the resource.
The OpenSSL extract directory is shell path CSIDL_COMMON_APPDATA which in recent Windows versions is
"C:\Users\All Users\" aliased as "C:\ProgramData\", in sub-directory "ICS-OpenSSL" with a sub-directory for each different OpenSSL major/minor version, ie "3012" for 3.0.12, ie "C:\ProgramData\ICS-OpenSSL\3012\libcrypto-3.dll".
OverbyteIcsDefs.inc has a new define OpenSSL_Resource_Files which causes the resource file to be linked, the major/minor version being defined as OpenSSL_30, OpenSSL_31 or OpenSSL_32 (not supported yet), the actual resource files are LibV3xOpenSSL32.RES and LibV3xOpenSSL64.RES where x is the minor version. Note ICS supports linking specific major/minor
versions of OpenSSL, but only one per application, but not multiple patch versions which don't have new features, only security and bug fixes. The RES files are distributed in the zip files with the DLLs from the ICS wiki site, with the latest versions in the source directory. If the new resource can not be found or there is a problem extracting the DLLs, ICS falls back to looking for OpenSSL DLLs as previous releases. Resource files are available for OpenSSL 3.0.12 and 3.1.4, and later.
Thanks to Michael Ott for the original resource file implementation.
OverbyteIcsSSLEAY.pas
Nov 09, 2023 V9.1
Removed support for OpenSSL 1.1.1 which is end of life.
Added GSSLEAY_RES_SUBDIR defaults to "ICS-OpenSSL", where OpenSSL files will be saved and accessed in linked as a resource in the application, with a sub-directory for each different version.
OverbyteIcsUtils.pas
Nov 09, 2023 V9.1
Added IcsTBToHex for a TBytes buffer.
Added Base64EncodeTB for a TBytes buffer.
IcsTBytesToString now sets length if not specified.
Added IcsFormatHexStr to break long hex string into groups and lines, defaulting to eight chars per group, 64 per line.
Added IcsStrRemCntls to replace control codes (< space) in string with ~, optionally leaving line endings, IcsStrRemCntlsA takes an AnsiString or buffer, IcsStrRemCntlsTB is TBytes buffer.
Added IcsStrBeakup to break up text into multiple lines ol specified length, default 80.
Added IcsTimeToZStr to convert DataTime to string hh:mm:ss:zzz.
Added IcsResourceGetTB to read TBytes from a named resource.
Added IcsResourceSaveFile to save a file from a named resource.
Include/OverbyteIcsDefs.inc
Nov 09, 2023 V9.1
Updated Athens to D12.
Added DEFINE OpenSSL_Resource_Files to link the OpenSSL DLLs into the application, must specify which version here.
LibV30OpenSSL32.RES
LibV30OpenSSL64.RES
LibV31OpenSSL32.RES
LibV31OpenSSL64.RES
Added four resource files to the source directory, one will be conditionally linked into the application according
to defines by OverbyteIcsLIBEAY. These files currently include the latest versions of the supported OpenSLL releases,
3.0.12 and 3.1.4, and will be kept up to date for new releases.
==============================================================================
New OpenSSL releases 3.1.4 and 3.0.12, and new resource files linked by ICS
OpenSSL has released new versions of the two active branches.
These releases fix a medium severity bug with symmetric cipher key and initialisation vector (IV) length that can result in non-uniqueness, which could result in loss of confidentiality for some cipher modes. This does not effect SSL/TLS, only encryption using EVP_EncryptInit_ex2().
Windows binaries are available in SVN and the overnight zip file and separately from https://wiki.overbyte.eu/wiki/index.php/ICS_Download or https://www.magsys.co.uk/delphi/magics.asp
Separately, YuOpenSSL has released 3.0.12 as commercial DCUs allowing applications to be used with OpenSSL without needing separate DLLs.
In addition to the three DLL files, the zip includes a compiled RES resource file that contains the same DLLs, text files and version information, see the RC file. The RES file may be linked into application EXE files and code then used to extract the DLLs from the resource to a temporary directory to avoid distributing them separately.
ICS V9.1 and later optionally support loading the resource file, currently in SVN and the overnight zip.
The OpenSSL extract directory is shell path CSIDL_COMMON_APPDATA which in recent Windows versions is
"C:\Users\All Users\" aliased as "C:\ProgramData\", in sub-directory "ICS-OpenSSl" with a sub-directory for each different OpenSSL major/minor version, ie "3012" for 3.0.12, ie "C:\ProgramData\ICS-OpenSSl\3012\libcrypto-3.dll".
OverbyteIcsDefs.inc has a new define OpenSSL_Resource_Files which causes the resource file to be linked, the major/minor version being defined as OpenSSL_30, OpenSSL_31 or OpenSSL_32 (not supported yet), the actual resource files are LibV3xOpenSSL32.RES and LibV3xOpenSSL64.RES where x is the minor version.
Note ICS supports linking specific major/minor versions of OpenSSL, but only one per application, but not multiple patch versions which don't have new features, only security and bug fixes. The RES files are distributed in the zip files with the DLLs from the ICS wiki site, with the latest versions in the source directory. If the new resource can not be found or there is a problem extracting the DLLs, ICS falls back to looking for OpenSSL DLLs as previous releases.
The OverbyteIcsDefs.inc in SVN has define OpenSSL_Resource_Files enabled, so if copied will mean projects rebuilt will automatically have the OpenSSL resources linked without any other changes.
A decision will be taken before the final release as to whether this is best behaviour, it does resolve a long term problem of DLL hell or keeping OpenSSL DLLs updated in potentially dozens of different directories, particularly if applications build to Win32 and Win64 directories, now a single set of any version is needed in "C:\ProgramData\ICS-OpenSSL". The only downside is larger EXE files, particularly if an application has multiple EXEs.
ICS has a global variable GSSL_DLL_DIR that defines where to look for the OpenSSL files, defaulting to blank but set in all samples to the program directory so a known version of OpenSSL is loaded.
Perhaps ICS should set this to "C:\ProgramData\ICS-OpenSSL" by default so only a single set of DLLs are needed. Only snag is automating a means of getting files to this directory if the resource files are not used.
==============================================================================
23 Nov 2023
Install/D110InstallVclFmx.groupproj
Install/D12InstallVclFmx.groupproj
Install/IcsInstallFmx.groupproj
Install/IcsInstallVcl.groupproj
Install/IcsInstallVclFmx.groupproj
Packages/IcsAndroid.dpk
Packages/IcsAndroid.dproj
Packages/IcsAndroid.res
Packages/IcsCommonD110Run.dpk
Packages/IcsCommonD110Run.dproj
Packages/IcsCommonD12Design.dproj
Packages/IcsCommonD12Design.res
Packages/IcsCommonD12Run.dpk
Packages/IcsCommonD12Run.dproj
Packages/IcsCommonNewDesign.dpk
Packages/IcsCommonNewDesign.dproj
Packages/IcsCommonNewDesign.res
Packages/IcsCommonNewRun.dpk
Packages/IcsCommonNewRun.dproj
Packages/IcsCommonNewRun.res
Packages/IcsFmxD110Design.dproj
Packages/IcsFmxD110Run.dpk
Packages/IcsFmxD110Run.dproj
Packages/IcsFmxD12Design.dproj
Packages/IcsFmxD12Run.dpk
Packages/IcsFmxD12Run.dproj
Packages/IcsFmxNewDesign.dpk
Packages/IcsFmxNewDesign.dproj
Packages/IcsFmxNewDesign.res
Packages/IcsFmxNewRun.dpk
Packages/IcsFmxNewRun.dproj
Packages/IcsFmxNewRun.res
Packages/IcsLinux.dpk
Packages/IcsLinux.dproj
Packages/IcsLinux.res
Packages/IcsVclD110Run.dpk
Packages/IcsVclD110Run.dproj
Packages/IcsVclD12Run.dpk
Packages/IcsVclD12Run.dproj
Packages/IcsVclNewDesign.dpk
Packages/IcsVclNewDesign.dproj
Packages/IcsVclNewDesign.res
Packages/IcsVclNewRun.dpk
Packages/IcsVclNewRun.dproj
Packages/IcsVclNewRun.res
Packages/OverbyteIcsD2010Run.dproj
Samples/Delphi/BrowserDemo/FBUnitIcs.dfm
Samples/Delphi/BrowserDemo/FBUnitIcs.pas
Samples/Delphi/BrowserDemo/ProxyDlg.dfm
Samples/Delphi/BrowserDemo/ProxyDlg.pas
Samples/Delphi/BrowserDemo/UrlConIcs.pas
Samples/Delphi/OtherDemos/OverbyteIcsNetMon1.dfm
Samples/Delphi/OtherDemos/OverbyteIcsNetMon1.pas
Samples/Delphi/OtherDemos/OverbyteIcsNetTools1.dfm
Samples/Delphi/OtherDemos/OverbyteIcsNetTools1.pas
Samples/Delphi/SslInternet/OverbyteIcsDDWebServiceSrv.dfm
Samples/Delphi/SslInternet/OverbyteIcsDDWebServiceSrv.pas
Samples/Delphi/SslInternet/OverbyteIcsHttpRestTst1.dfm
Samples/Delphi/SslInternet/OverbyteIcsHttpRestTst1.pas
Samples/Delphi/SslInternet/OverbyteIcsHttpsTst1.dfm
Samples/Delphi/SslInternet/OverbyteIcsHttpsTst1.pas
Samples/Delphi/SslInternet/OverbyteIcsIpStmLogTst1.pas
Samples/Delphi/SslInternet/OverbyteIcsJoseTst1.pas
Samples/Delphi/SslInternet/OverbyteIcsMailQuTst1.dfm
Samples/Delphi/SslInternet/OverbyteIcsMailQuTst1.pas
Samples/Delphi/SslInternet/OverbyteIcsPemTool1.dfm
Samples/Delphi/SslInternet/OverbyteIcsPemTool1.pas
Samples/Delphi/SslInternet/OverbyteIcsProxySslServer1.dfm
Samples/Delphi/SslInternet/OverbyteIcsProxySslServer1.pas
Samples/Delphi/SslInternet/OverbyteIcsSimpleSslCli1.dfm
Samples/Delphi/SslInternet/OverbyteIcsSimpleSslCli1.pas
Samples/Delphi/SslInternet/OverbyteIcsSimpleSslServer1.dfm
Samples/Delphi/SslInternet/OverbyteIcsSimpleSslServer1.pas
Samples/Delphi/SslInternet/OverbyteIcsSslFtpServ1.dfm
Samples/Delphi/SslInternet/OverbyteIcsSslFtpServ1.pas
Samples/Delphi/SslInternet/OverbyteIcsSslFtpTst1.dfm
Samples/Delphi/SslInternet/OverbyteIcsSslFtpTst1.pas
Samples/Delphi/SslInternet/OverbyteIcsSslMailRcv1.dfm
Samples/Delphi/SslInternet/OverbyteIcsSslMailRcv1.pas
Samples/Delphi/SslInternet/OverbyteIcsSslMailSnd1.dfm
Samples/Delphi/SslInternet/OverbyteIcsSslMailSnd1.pas
Samples/Delphi/SslInternet/OverbyteIcsSslMultiFtpServ1.dfm
Samples/Delphi/SslInternet/OverbyteIcsSslMultiFtpServ1.pas
Samples/Delphi/SslInternet/OverbyteIcsSslMultiWebHead.pas
Samples/Delphi/SslInternet/OverbyteIcsSslMultiWebMailer.pas
Samples/Delphi/SslInternet/OverbyteIcsSslMultiWebServ1.dfm
Samples/Delphi/SslInternet/OverbyteIcsSslMultiWebServ1.pas
Samples/Delphi/SslInternet/OverbyteIcsSslMultiWebUploads.pas
Samples/Delphi/SslInternet/OverbyteIcsSslNewsRdr1.dfm
Samples/Delphi/SslInternet/OverbyteIcsSslNewsRdr1.pas
Samples/Delphi/SslInternet/OverbyteIcsSslSmtpServ1.dfm
Samples/Delphi/SslInternet/OverbyteIcsSslSmtpServ1.pas
Samples/Delphi/SslInternet/OverbyteIcsSslWebServ1.dfm
Samples/Delphi/SslInternet/OverbyteIcsSslWebServ1.pas
Samples/Delphi/SslInternet/OverbyteIcsX509CertsTst1.dfm
Samples/Delphi/SslInternet/OverbyteIcsX509CertsTst1.pas
Samples/Delphi/SslInternet/OverbyteIcsXferTst1.dfm
Samples/Delphi/SslInternet/OverbyteIcsXferTst1.pas
Ics.Fmx.OverbyteIcsDnsHttps.pas
Ics.Fmx.OverbyteIcsSslBase.pas
Ics.Fmx.OverbyteIcsSslUtils.pas
Include/OverbyteIcsDefs.inc
Include/OverbyteIcsSslDefs.inc
OverbyteIcsCRC.pas
OverbyteIcsCharsetUtils.pas
OverbyteIcsCsc.pas
OverbyteIcsDnsHttps.dcr
OverbyteIcsDnsHttps.pas
OverbyteIcsFormDataDecoder.pas
OverbyteIcsFtpCli.pas
OverbyteIcsFtpMulti.pas
OverbyteIcsFtpSrv.pas
OverbyteIcsHtmlUtils.pas
OverbyteIcsHttpAppServer.pas
OverbyteIcsHttpMulti.pas
OverbyteIcsHttpProt.pas
OverbyteIcsHttpSrv.pas
OverbyteIcsIpStreamLog.pas
OverbyteIcsLIBEAY.pas
OverbyteIcsMQTT.pas
OverbyteIcsMailQueue.pas
OverbyteIcsMimeUtils.pas
OverbyteIcsMsSslUtils.pas
OverbyteIcsNntpCli.pas
OverbyteIcsPop3Prot.pas
OverbyteIcsProxy.pas
OverbyteIcsReg.pas
OverbyteIcsSSLEAY.pas
OverbyteIcsSmtpProt.pas
OverbyteIcsSmtpSrv.pas
OverbyteIcsSocketUtils.pas
OverbyteIcsSslBase.dcr
OverbyteIcsSslBase.pas
OverbyteIcsSslHttpOAuth.pas
OverbyteIcsSslHttpRest.dcr
OverbyteIcsSslHttpRest.pas
OverbyteIcsSslSessionCache.pas
OverbyteIcsSslUtils.dcr
OverbyteIcsSslUtils.pas
OverbyteIcsSslX509Certs.pas
OverbyteIcsSslX509Utils.pas
OverbyteIcsUrl.pas
OverbyteIcsUtils.pas
OverbyteIcsWSocket.dcr
OverbyteIcsWSocket.pas
OverbyteIcsWSocketS.pas
OverbyteIcsWebSocketCli.pas
OverbyteIcsWebSocketSrv.pas
modified Install/D110InstallVclFmx.groupproj
modified Install/D12InstallVclFmx.groupproj
modified Packages/IcsCommonD110Run.dpk
modified Packages/IcsCommonD110Run.dproj
modified Packages/IcsCommonD12Design.dproj
modified Packages/IcsCommonD12Run.dpk
modified Packages/IcsCommonD12Run.dproj
modified Packages/IcsFmxD110Design.dproj
modified Packages/IcsFmxD110Run.dpk
modified Packages/IcsFmxD110Run.dproj
modified Packages/IcsFmxD12Design.dproj
modified Packages/IcsFmxD12Run.dpk
modified Packages/IcsFmxD12Run.dproj
modified Packages/IcsVclD110Run.dpk
modified Packages/IcsVclD110Run.dproj
modified Packages/IcsVclD12Run.dpk
modified Packages/IcsVclD12Run.dproj
modified Packages/OverbyteIcsD2010Run.dproj
modified Samples/Delphi/BrowserDemo/FBUnitIcs.dfm
modified Samples/Delphi/BrowserDemo/FBUnitIcs.pas
modified Samples/Delphi/BrowserDemo/ProxyDlg.dfm
modified Samples/Delphi/BrowserDemo/ProxyDlg.pas
modified Samples/Delphi/BrowserDemo/UrlConIcs.pas
modified Samples/Delphi/OtherDemos/OverbyteIcsNetMon1.dfm
modified Samples/Delphi/OtherDemos/OverbyteIcsNetMon1.pas
modified Samples/Delphi/OtherDemos/OverbyteIcsNetTools1.dfm
modified Samples/Delphi/OtherDemos/OverbyteIcsNetTools1.pas
modified Samples/Delphi/SslInternet/OverbyteIcsDDWebServiceSrv.dfm
modified Samples/Delphi/SslInternet/OverbyteIcsDDWebServiceSrv.pas
modified Samples/Delphi/SslInternet/OverbyteIcsHttpRestTst1.dfm
modified Samples/Delphi/SslInternet/OverbyteIcsHttpRestTst1.pas
modified Samples/Delphi/SslInternet/OverbyteIcsHttpsTst1.dfm
modified Samples/Delphi/SslInternet/OverbyteIcsHttpsTst1.pas
modified Samples/Delphi/SslInternet/OverbyteIcsIpStmLogTst1.pas
modified Samples/Delphi/SslInternet/OverbyteIcsJoseTst1.pas
modified Samples/Delphi/SslInternet/OverbyteIcsMailQuTst1.dfm
modified Samples/Delphi/SslInternet/OverbyteIcsMailQuTst1.pas
modified Samples/Delphi/SslInternet/OverbyteIcsPemTool1.dfm
modified Samples/Delphi/SslInternet/OverbyteIcsPemTool1.pas
modified Samples/Delphi/SslInternet/OverbyteIcsProxySslServer1.dfm
modified Samples/Delphi/SslInternet/OverbyteIcsProxySslServer1.pas
modified Samples/Delphi/SslInternet/OverbyteIcsSimpleSslCli1.dfm
modified Samples/Delphi/SslInternet/OverbyteIcsSimpleSslCli1.pas
modified Samples/Delphi/SslInternet/OverbyteIcsSimpleSslServer1.dfm
modified Samples/Delphi/SslInternet/OverbyteIcsSimpleSslServer1.pas
modified Samples/Delphi/SslInternet/OverbyteIcsSslFtpServ1.dfm
modified Samples/Delphi/SslInternet/OverbyteIcsSslFtpServ1.pas
modified Samples/Delphi/SslInternet/OverbyteIcsSslFtpTst1.dfm
modified Samples/Delphi/SslInternet/OverbyteIcsSslFtpTst1.pas
modified Samples/Delphi/SslInternet/OverbyteIcsSslMailRcv1.dfm
modified Samples/Delphi/SslInternet/OverbyteIcsSslMailRcv1.pas
modified Samples/Delphi/SslInternet/OverbyteIcsSslMailSnd1.dfm
modified Samples/Delphi/SslInternet/OverbyteIcsSslMailSnd1.pas
modified Samples/Delphi/SslInternet/OverbyteIcsSslMultiFtpServ1.dfm
modified Samples/Delphi/SslInternet/OverbyteIcsSslMultiFtpServ1.pas
modified Samples/Delphi/SslInternet/OverbyteIcsSslMultiWebHead.pas
modified Samples/Delphi/SslInternet/OverbyteIcsSslMultiWebMailer.pas
modified Samples/Delphi/SslInternet/OverbyteIcsSslMultiWebServ1.dfm
modified Samples/Delphi/SslInternet/OverbyteIcsSslMultiWebServ1.pas
modified Samples/Delphi/SslInternet/OverbyteIcsSslMultiWebUploads.pas
modified Samples/Delphi/SslInternet/OverbyteIcsSslNewsRdr1.dfm
modified Samples/Delphi/SslInternet/OverbyteIcsSslNewsRdr1.pas
modified Samples/Delphi/SslInternet/OverbyteIcsSslSmtpServ1.dfm
modified Samples/Delphi/SslInternet/OverbyteIcsSslSmtpServ1.pas
modified Samples/Delphi/SslInternet/OverbyteIcsSslWebServ1.dfm
modified Samples/Delphi/SslInternet/OverbyteIcsSslWebServ1.pas
modified Samples/Delphi/SslInternet/OverbyteIcsX509CertsTst1.dfm
modified Samples/Delphi/SslInternet/OverbyteIcsX509CertsTst1.pas
modified Samples/Delphi/SslInternet/OverbyteIcsXferTst1.dfm
modified Samples/Delphi/SslInternet/OverbyteIcsXferTst1.pas
modified Source/Include/OverbyteIcsDefs.inc
modified Source/OverbyteIcsCharsetUtils.pas
modified Source/OverbyteIcsCRC.pas
modified Source/OverbyteIcsCsc.pas
modified Source/OverbyteIcsFormDataDecoder.pas
modified Source/OverbyteIcsFtpCli.pas
modified Source/OverbyteIcsFtpMulti.pas
modified Source/OverbyteIcsFtpSrv.pas
modified Source/OverbyteIcsHttpAppServer.pas
modified Source/OverbyteIcsHttpMulti.pas
modified Source/OverbyteIcsHttpProt.pas
modified Source/OverbyteIcsHttpSrv.pas
modified Source/OverbyteIcsIpStreamLog.pas
modified Source/OverbyteIcsLIBEAY.pas
modified Source/OverbyteIcsMailQueue.pas
modified Source/OverbyteIcsMimeUtils.pas
modified Source/OverbyteIcsMQTT.pas
modified Source/OverbyteIcsMsSslUtils.pas
modified Source/OverbyteIcsNntpCli.pas
modified Source/OverbyteIcsPop3Prot.pas
modified Source/OverbyteIcsProxy.pas
modified Source/OverbyteIcsReg.pas
modified Source/OverbyteIcsSmtpProt.pas
modified Source/OverbyteIcsSmtpSrv.pas
modified Source/OverbyteIcsSocketUtils.pas
modified Source/OverbyteIcsSSLEAY.pas
modified Source/OverbyteIcsSslHttpOAuth.pas
modified Source/OverbyteIcsSslHttpRest.dcr
modified Source/OverbyteIcsSslHttpRest.pas
modified Source/OverbyteIcsSslSessionCache.pas
modified Source/OverbyteIcsSslX509Certs.pas
modified Source/OverbyteIcsSslX509Utils.pas
modified Source/OverbyteIcsUrl.pas
modified Source/OverbyteIcsUtils.pas
modified Source/OverbyteIcsWebSocketCli.pas
modified Source/OverbyteIcsWebSocketSrv.pas
modified Source/OverbyteIcsWSocket.dcr
modified Source/OverbyteIcsWSocket.pas
modified Source/OverbyteIcsWSocketS.pas
Packages/IcsAndroid.dpk
Packages/IcsAndroid.dproj
Packages/IcsAndroid.res
Packages/IcsCommonD12Design.res
Packages/IcsLinux.dpk
Packages/IcsLinux.dproj
Packages/IcsLinux.res
Source/Ics.Fmx.OverbyteIcsDnsHttps.pas
Source/Ics.Fmx.OverbyteIcsSslBase.pas
Source/Ics.Fmx.OverbyteIcsSslUtils.pas
Source/OverbyteIcsDnsHttps.dcr
Source/OverbyteIcsDnsHttps.pas
Source/OverbyteIcsHtmlUtils.pas
Source/OverbyteIcsSslBase.dcr
Source/OverbyteIcsSslBase.pas
Source/OverbyteIcsSslUtils.dcr
Source/OverbyteIcsSslUtils.pas
==============================================================================
ICS V9.1 - Part 9
This is a massive update, with major changes to two source files, and minor changes to dozens more, with new packages and install groups. Please be gentle with it, this part is NOT production ready and needs at least another week of testing, there may be missing files from SVN that will be added.
The main change is splitting out much of the SSL/TLS related code from the massive OverbyteIcsWSocket.pas unit to a new unit OverbyteIcsSslBase.pas, to ease maintenance. Also the OverbyteIcsSslHttpRest.pas has been split with two
new units OverbyteIcsDnsHttps.pas and OverbyteIcsSslUtils.pas, to ease linking avoiding circular references.
Another new unit OverbyteIcsHtmlUtils.pas now contains functions designed to build HTML pages that were previously split across different units. There may be some more consolidation to come.
Specifically the components TSslContext, TSslBaseComponent, TX509Base and TX509List are now in the new unit OverbyteIcsSslBase.pas, although the TSslContext callbacks that interact with sockets remain in OverbyteIcsWSocket.pas, and are now set in InitSSLConnection instead of InitContext. The OverbyteIcsSslDefs.inc file has gone, none of it's defines have not been used for years. SSL engine support has gone, deprecated with OpenSSLL 3 and not tested for 10 years.
Also moved the TDnsQueryHttps and TIcsDomNameCacheHttps components from OverbyteIcsSslHttpRest.pas to OverbyteIcsDnsHttps.pas and TOcspHttp to OverbyteIcsSslUtils to avoid bringing the HttpRest unit into as many components and avoid circular references.
Applications that have TSslContext on a form will need to be opened so the OverbyteIcsSslBase is automatically added to the users clause. Units that reference TX509Base, mostly for the OnSslHandshakeDone event, may need OverbyteIcsSslBase adding manually if they don't also have TSslContext. Ditto TDnsQueryHttps, TIcsDomNameCacheHttps and TOcspHttp although these are less commonly used.
Web server applications building HTML may need OverbyteIcsHtmlUtils adding, instead of OverbyteIcsFormDataDecoder.
All the ICS SSL samples have been updated with these changes, so should still build OK.
Currently, only the packages for Delphi 11 and 12 have been updated with the new units. There are other pending changes for old packages which will be done next week, hopefully.
There is a new Android package, purely to ensure that these units are ready for ICS V10 which is when Linux and perhaps Android support will be added, all Android compile errors have been fixed, although some functions are still missing.
OverbyteIcsDefs.inc has a new define OpenSSL_ProgramData which causes ICS to ignore GSSL_DLL_DIR by setting it to shell path CSIDL_COMMON_APPDATA and sub-directory "ICS-OpenSSl" which is usually "C:\ProgramData\ICS-OpenSSl" which is where the OpenSSL DLLs should be placed. OpenSSL_ProgramData is ignored if for DEFINEs YuOpenSSL and OpenSSL_Resource_Files. The default file has OpenSSL_ProgramData and OpenSSL_Resource_Files defined so will link OpenSSL into the application and extract it when first run. For backward compatibility, OpenSSL_ProgramData and OpenSSL_Resource_Files should both the disabled.
==============================================================================
part 10 pending
modified Packages/IcsAndroid.dpk
modified Packages/IcsAndroid.dproj
modified Packages/IcsLinux.dpk
modified Packages/IcsLinux.dproj
modified Samples/Delphi/SslInternet/OverbyteIcsMsVerify1.dfm
modified Samples/Delphi/SslInternet/OverbyteIcsMsVerify1.pas
modified Samples/Delphi/SslInternet/OverbyteIcsSslSniSrv1.dfm
modified Samples/Delphi/SslInternet/OverbyteIcsSslSniSrv1.pas
modified Samples/Delphi/SslInternet/OverbyteIcsSslWebAppServerMain.dfm
modified Samples/Delphi/SslInternet/OverbyteIcsSslWebAppServerMain.pas
modified Source/OverbyteIcsLIBEAY.pas
modified Source/OverbyteIcsStreams.pas
modified Source/OverbyteIcsUtils.pas
modified Source/OverbyteIcsWSocket.pas
modified ZipOverbyteIcsV9.lst
Install/IcsInstallFmx.groupproj
Install/IcsInstallVcl.groupproj
Install/IcsInstallVclFmx.groupproj
Packages/IcsCommonNewDesign.dpk
Packages/IcsCommonNewDesign.dproj
Packages/IcsCommonNewDesign.res
Packages/IcsCommonNewRun.dpk
Packages/IcsCommonNewRun.dproj
Packages/IcsCommonNewRun.res
Packages/IcsFmxNewDesign.dpk
Packages/IcsFmxNewDesign.dproj
Packages/IcsFmxNewDesign.res
Packages/IcsFmxNewRun.dpk
Packages/IcsFmxNewRun.dproj
Packages/IcsFmxNewRun.res
Packages/IcsVclNewDesign.dpk
Packages/IcsVclNewDesign.dproj
Packages/IcsVclNewDesign.res
Packages/IcsVclNewRun.dpk
Packages/IcsVclNewRun.dproj
Packages/IcsVclNewRun.res
Source/LibV32OpenSSL32.RES
Source/LibV32OpenSSL64.RES
==============================================================================
ICS V9.1 - Part 10
This version adds OpenSSL resource files for version 3.2.0, which has a lot of new features, none of which are yet used by ICS, and which has only been briefly tested for clients, not yet servers. So ICS does not yer default to usin 3.2.0 nor are any of the DLLs included, yet.
To ease future releases, there are three new install groups, IcsInstallFmx, IcsInstallVcl and IcsInstallVclFmx which use packages with 'new' instead of a Delphi version and $(Auto) library suffix which causes packages to be build with the compiler version instead of the manually entered Delphi version. These new packages can be used for Delphi 10.4 and later, and will avoid needing to add new packages to ICS for new versons of Delphi.
Note you will need to use Componment, Install Packages, to manually remove the old format packages with Delphi versions before the compiler version packages can be installed. Currently the existing format packages are still being distributed, but will disappear before the final release.
The readme will be updated when the next block of package changes is finished.
There are test Linux and Android packages, but a lot of new errors have appeared that need fixing.
==============================================================================
New OpenSSL release 3.2.0, and new resource files linked by ICS
OpenSSL has released new minor version 3.2.0, which has a lot of new features. It is compatible with the current versions of ICS, but has only been tested briefly with clients, it needs at least a week of testing with servers before I'm comfortable adding the DLLs to ICS as the defaults.
The major change in 3.2.0 is support for client side QUIC protocol. QUIC is based on UDP rather than TCP and allows multiple streams in parallel, typically for downloading web pages with hundreds of elements, QUIC combined with HTTP/2 becomes HTTP/3. There is a DLL solution that has been used to add HTTP/2 to Indy but not native Delphi implementation I'm aware of, it's a lot of work. So no possibility of ICS having HTTP/3 soon.
Other changes in 3.2.0 include:
Certificate compression in TLS, including support for zlib, zstd and Brotli
Deterministic ECDSA.
Support for Ed25519ctx, Ed25519ph and Ed448ph.
AES-GCM-SIV.
Argon2 and supporting thread pool functionality.
Hybrid Public Key Encryption (HPKE).
The ability to use raw public keys in TLS.
Support for Brainpool curves in TLS 1.3.
SM4-XTS.
Support for using the Windows system certificate store as a source of trusted root certificates.
Some of the above cipher and hash changes may be used by TLS connections without change to ICS, if negotiated with the other end, but certificate related changes will need updates to ICS.
Windows binaries are available in SVN and the overnight zip file and separately from https://wiki.overbyte.eu/wiki/index.php/ICS_Download or https://www.magsys.co.uk/delphi/magics.asp
In addition to the three DLL files, the zip includes a compiled RES resource file that contains the same DLLs, text files and version information, see the RC file. The RES file may be linked into application EXE files and code then used to extract the DLLs from the resource to a temporary directory to avoid distributing them separately.
ICS V9.1 and later optionally support loading the resource file, currently in SVN and the overnight zip.
Version 3.2 will be supported until 2025-11-23
==============================================================================
SSL/TLS changes in V9.1
Pending -
CA Root Bundles
Currently most high level components expose a property for an SSL root certificate authority bundle file,
but use a smallish internal root bundle if none is specified, and this bundle is loaded into SslContext components
in various places.
V9.1 now has a common IcsSslRootCAStore component created at start-up, which is initialised with one of three
internal root bundles and then shared by all SslContexts and other components that need a CA store,
saving on memory and mutliple loadings.
Question 1: given that the CA root bundle is now linked into the application rather than distributed as a file,
should applications now cease to support specifying a root bundle for high level components, to simplify usage?
If an application needs a different root bundle, it can always load it into IcsSslRootCAStore directly replacing
the internal root bundle. This will simplify several high level components.
Question 2: there is a conditional define OpenSSL_AutoLoad_CA_Bundle that causes OpenSSL and the internal root
CA bundle to be loaded at program start-up, should this be disabled by default to save memory until an
SSL/TLS connection is opened, but with slower opening of that connection?
==============================================================================
Samples/Delphi/BrowserDemo/FBUnitIcs.dfm
Samples/Delphi/BrowserDemo/FBUnitIcs.pas
Samples/Delphi/BrowserDemo/ProxyDlg.dfm
Samples/Delphi/BrowserDemo/UrlConIcs.pas
Samples/Delphi/OtherDemos/OverbyteIcsNetMon1.dfm
Samples/Delphi/SslInternet/OverbyteIcsDDWebServiceCtl.dfm
Samples/Delphi/SslInternet/OverbyteIcsDDWebServiceSrv.dfm
Samples/Delphi/SslInternet/OverbyteIcsDDWebServiceSrv.pas
Samples/Delphi/SslInternet/OverbyteIcsHttpRestTst1.dfm
Samples/Delphi/SslInternet/OverbyteIcsHttpRestTst1.pas
Samples/Delphi/SslInternet/OverbyteIcsHttpsTst1.dfm
Samples/Delphi/SslInternet/OverbyteIcsHttpsTst1.pas
Samples/Delphi/SslInternet/OverbyteIcsIpStmLogTst1.dfm
Samples/Delphi/SslInternet/OverbyteIcsIpStmLogTst1.pas
Samples/Delphi/SslInternet/OverbyteIcsJoseTst1.dfm
Samples/Delphi/SslInternet/OverbyteIcsJoseTst1.pas
Samples/Delphi/SslInternet/OverbyteIcsMailQuTst1.dfm
Samples/Delphi/SslInternet/OverbyteIcsMQTTst1.dfm
Samples/Delphi/SslInternet/OverbyteIcsMQTTst1.pas
Samples/Delphi/SslInternet/OverbyteIcsPemTool1.pas
Samples/Delphi/SslInternet/OverbyteIcsProxySslServer1.dfm
Samples/Delphi/SslInternet/OverbyteIcsProxySslServer1.pas
Samples/Delphi/SslInternet/OverbyteIcsSslMultiFtpServ1.dfm
Samples/Delphi/SslInternet/OverbyteIcsSslMultiFtpServ1.pas
Samples/Delphi/SslInternet/OverbyteIcsSslMultiWebServ1.dfm
Samples/Delphi/SslInternet/OverbyteIcsSslMultiWebServ1.pas
Samples/Delphi/SslInternet/OverbyteIcsSslWebServ1.dfm
Samples/Delphi/SslInternet/OverbyteIcsSslWebServ1.pas
Samples/Delphi/SslInternet/OverbyteIcsX509CertsTst1.dfm
Samples/Delphi/SslInternet/OverbyteIcsX509CertsTst1.pas
Samples/Delphi/SslInternet/OverbyteIcsXferTst1.dfm
Samples/Delphi/SslInternet/OverbyteIcsXferTst1.pas
Include/OverbyteIcsDefs.inc
OverbyteIcsFtpMulti.pas
OverbyteIcsHttpAppServer.pas
OverbyteIcsHttpMulti.pas
OverbyteIcsHttpProt.pas
OverbyteIcsIpStreamLog.pas
OverbyteIcsLIBEAY.pas
OverbyteIcsMailQueue.pas
OverbyteIcsMQTT.pas
OverbyteIcsProxy.pas
OverbyteIcsSslBase.pas
OverbyteIcsSSLEAY.pas
OverbyteIcsSslHttpOAuth.pas
OverbyteIcsSslHttpRest.pas
OverbyteIcsSslX509Certs.pas
OverbyteIcsSslX509Utils.pas
OverbyteIcsUtils.pas
OverbyteIcsWSocket.pas
OverbyteIcsWSocketS.pas
ZipOverbyteIcsV9.lst
RootCaCertsBundle.RES
sslRootCACertsBundle.RES
TrustedCaBundle.RES
==============================================================================
ICS V9.1 - Part 11
This batch of changes completes a massive re-organisation of the way ICS uses SSL/TLS, it has been well tested and is in use on my public web servers. Beware updating existing ICS projects using SSL/TLS will mostly need minor changes due to new units.
Earlier ICS versions required the OpenSSL DLLs to be distributed with applications, and a root CA bundle file to verify SSL/TLS connections, and these needed to be loaded using code. There was little standardisation over where the OpenSSL DLLs were located, applications tended to keep their own copies alongside other executables, leading to multiple DLL copies and needing code to ensure they were loaded from the correct directory. Likewise, root CA bundle directories had to be loaded with code.
ICS V9.1 simplifies this, the OpenSSL DLLs and root CA bundle are now built as resource files linked into applications, and loaded automatically when the application starts, unless disabled with defines. A common IcsSslRootCAStore component is created at start-up, optionally loading OpenSSL and a root CA bundle, which are then available for all other SSL/TLS components to share without any loading needed. This is all controlled by new defines in OverbyteIcsDefs.inc so existing applications will behave unchanged unless the new defines are added.
The OpenSSL DLLs and root CA bundles now use a common directory, shell path CSIDL_COMMON_APPDATA and sub-directory "ICS-OpenSSl" which is usually "C:\ProgramData\ICS-OpenSSl", an alias for "C:\Users\All Users\ICS-OpenSSl". If the OpenSSL DLLs are linked as resources, they are automatically extracted to version specific sub-directories (ie "3012" for v3.12) allowing multiple OpenSSL versions to be used by different projects, but ICS will also search "ICS-OpenSSl" for manually installed DLLs.
When updating projects using a TSslContext component, setting the new property UseSharedCAStore to True causes the properties CAFile, CALines and CAPath to be ignored, and the new IcsSslRootCAStore component will be used instead, being automatically initialised if not done at program start-up. Don't use UseSharedCAStore for server components. High level ICS components such as TSslHttpRest that have an internal TSslContext component all set UseSharedCAStore and ignore properties like SslRootFile to load a root CA bundle. If a specific bundle is required it may be loaded to IcsSslRootCAStore.
To simplify long term maintenance of ICS, new units may need adding to existing applications, mostly by opening forms containing ICS SSL components, but sometimes manually if components are created in code. The main change is the massive OverbyteIcsWSocket.pas unit has all the SSL certificate related components TSslContext, TX509Base and TX509List split into a new unit OverbyteIcsSslBase.pas which will be needed in most SSL/TLS applications.
The OverbyteIcsSslHttpRest.pas has been split with two new units OverbyteIcsDnsHttps.pas and OverbyteIcsSslUtils.pas, to ease linking avoiding circular references. Another new unit OverbyteIcsHtmlUtils.pas contains functions designed to build HTML pages that were previously split across different units, web server applications building HTML may need this adding instead of OverbyteIcsFormDataDecoder. There may be some more consolidation to come.
The OverbyteIcsSslDefs.inc file has gone, none of it's defines have not been used for years. SSL engine support has gone, deprecated with OpenSSLL 3 and not tested for 10 years.
All the ICS samples have been updated for these changes, so should still build OK. Currently, only the packages for Delphi 11 and 12 have been updated with the new units. There are other pending changes for old packages which will be done soon.
OverbyteIcsDefs.inc has several new defines that need adding manually if the existing file if not overridden:
{ Uncomment next define to link the OpenSSL DLLs into the application as }
{ resource files which first time run are extracted to shell path }
{ CSIDL_COMMON_APPDATA and sub-directory "ICS-OpenSSl" with a version }
{ subdirectory, so usually "C:\ProgramData\ICS-OpenSSl\3012\" }
{ Ignored with DEFINE YuOpenSSL. }
{$DEFINE OpenSSL_Resource_Files}
{ Note only one specific major/minor version can be linked, as specified }
{ here, which is used in OverbyteIcsLIBEAY.pas to save and load the files. }
{ Ignored unless OpenSSL_Resource_Files defined }
{.$DEFINE OpenSSL_30}
{.$DEFINE OpenSSL_31}
{$DEFINE OpenSSL_32}
{ Comment out next define if you don't want ICS to look for the OpenSSL DLLs }
{ in shell path CSIDL_COMMON_APPDATA and sub-directory "ICS-OpenSSl" which }
{ usually "C:\ProgramData\ICS-OpenSSl", note no version sub-directory so }
{ DLLs extracted from other ICS applications will not be found. }
{ Ignored with DEFINEs YuOpenSSL and OpenSSL_Resource_Files }
{$DEFINE OpenSSL_ProgramData}
{ ICS has three optional root certificate authority bundles that can be }
{ linked as resources, only one of these should be uncommented. }
{$DEFINE OpenSSL_CA_Bundle_Small}
{.$DEFINE OpenSSL_CA_Bundle_Medium}
{.$DEFINE OpenSSL_CA_Bundle_Large}
{ ICS will auto load OpenSSL and Root CA Bundle into IcsSslRootCAStore on }
{ start-up if the OverbyteIcsSslBase unit is linked, disable if your }
{ application should not load OpenSSL. }
{$DEFINE OpenSSL_AutoLoad_CA_Bundle}
For backward compatibility, OpenSSL_ProgramData and OpenSSL_Resource_Files should both the disabled. Applications not requiring SSL/TLS should disable all these defines.
OverbyteIcsWSocket.pas
Dec 22, 2023 V9.1
Moved TSslContext, TSslBaseComponent, TX509Base and TX509List to OverbyteIcsSslBase to simplify this unit, left SslContext callbacks here since they need access to it, now set in InitSSLConnection instead of InitContext.
No longer supporting defines OPENSSL_USE_DELPHI_MM (never used), OPENSSL_NO_ENGINE (deprecated, never used), OPENSSL_USE_RESOURCE_STRINGS (never used), NO_OSSL_VERSION_CHECK (dangerous), DEFINE OPENSSL_NO_TLSEXT (TLS needed everywhere), LOADSSL_ERROR_FILE (better debugging now).
If a connection fails, don't change State to wsConnected briefly before changing it again to wsClosed.
Added TSslWsocket SslAlpnProtocols property to specify a list of protocols for clients to send to servers, instead of a similar SslContext property.
OverbyteIcsSslBase.pas
RootCaCertsBundle.RES
sslRootCACertsBundle.RES
TrustedCaBundle.RES
Dec 22, 2023 V9.1 Baseline. New Unit.
Moved TSslContext, TSslBaseComponent, T509Base and TX509List here from OverbyteIcsWSocket which is a massive unit, but left TSslContext callbacks in WSocket since they need access to it, now set in TWSocket.SetSslCallbacks instead of InitContext.
Moved function sslRootCACertsBundle here from X509Utils.
Added property X509PubKeyTB to TX509Base to get the certificate public in DER binary format as TBytes, from where it may be converted to hex or base64, used for Raw Public Key certificate validation.
Made more TX509Base functions and variables public so they can be accessed from other units.
Added DHE-RSA-CHACHA20-POLY1305 to TLS/1.2 sslCiphersMozillaSrvTLS12.
Added IcsReadTBBio, IcsWriteStrBio, IcsWriteTBBio, IcsSslLoadStackFromP12TB which are internal functions for handling TBytes and certificates, to simplify code (we use too many AnsiStrings for binary data).
TX509List can now load and save PKCS#12 certificate bundle files, smaller than PEM files, added SaveToP12File, SaveToP12TB, LoadAllFromP12File, LoadAllFromP12TB, intended to load a certificate bundle. LoadAllFromPemFile and LoadAllFromPemTB renamed from LoadAllFromFileEx and AddAllFromFStringEx with new versions handling both PEM and PKCS#12 certificate bundle files.
TX509List has new method ListCerts that returns one listing line per cert.
Added new TSslRootCAStore component derived from TX509List with an Initialise method that loads OpenSSL, then tries to load the internal certificate sslRootCACertsBundle that should be linked into the app, if missing then tries to load DefRootCABundle.pem from C:\ProgramData\ICS-OpenSSL\ or the app path. It also tries to load ExtraRootCABundle.pem which is an optional private root bundle that can be used for private customer or devel roots.
Added public IcsSslRootCAStore component created and intialised when this unit is loaded so a common root store is ready for any SslContext or other components. Define OpenSSL_AutoLoad_CA_Bundle can be suppressed to stop OpenSSL and the bundled being automatically loaded, if not needed.
SslContext has new property UseSharedCAStore which causes the properties CAFile, CALines and CAPath to be ignored, uses IcsSslRootCAStore instead.
Added function IcsReportOpenSSLVer to centralise version reporting, optionally adding number of CA root certificates loaded.
OverbyteIcsWSocketS.pas
Dec 22, 2023 V9.1
Added new property NoSSL that prevents use of SSL/TLS, must be set before server is started.
TOcspHttp now in OverbyteIcsSslUtils rather than OverbyteIcsSslHttpRest to ease linking.
Added OverbyteIcsSslBase which now includes TSslContext, TX509Base and TX509List.
Replaced FX509CAList with public IcsSslRootCAStore.
OverbyteIcsLIBEAY.pas
OverbyteIcsSSLEAY.pas
Dec 13, 2023 V9.1
Added two more X509 functions.
Removed support for OpenSSL 1.1.1 which is end of life.
Not currently supporting GSSLEAY_DLL_IgnoreOld/New since only 3.x supported.
OverbyteIcsDefs.inc has a new define OpenSSL_ProgramData which causes ICS to ignore GSSL_DLL_DIR by setting it to shell path CSIDL_COMMON_APPDATA and sub-directory "ICS-OpenSSl" which is usually "C:\ProgramData\ICS-OpenSSl" which is where the OpenSSL DLLs and root CA bundles should be placed.
The external OpenSSL DLL files may now be optionally linked into applications as a resource, to avoid distributing them separately. When the application runs, it checks to see if the DLLs have be extracted previously, and if not, creates them from the resource.
The OpenSSL extract directory is shell path CSIDL_COMMON_APPDATA which in recent Windows versions is "C:\Users\All Users\" aliased as "C:\ProgramData\", in sub-directory "ICS-OpenSSL" with a sub-directory for each different OpenSSL major/minor version, ie "3012" for 3.0.12, ie "C:\ProgramData\ICS-OpenSSL\3012\libcrypto-3.dll".
OverbyteIcsDefs.inc has a new define OpenSSL_Resource_Files which causes the resource file to be linked, the major/minor version being defined as OpenSSL_30, OpenSSL_31 or OpenSSL_32 (not supported yet), the actual resource files are LibV3xOpenSSL32.RES and LibV3xOpenSSL64.RES where x is the minor version. Note ICS supports linking specific major/minor versions of OpenSSL, but only one per application, but not multiple patch versions which don't have new features, only security and bug fixes. The RES files are distributed in the zip files with the DLLs from the ICS wiki site, with the latest versions in the source directory. If the new resource can not be found or there is a problem extracting the DLLs, ICS falls back to looking for OpenSSL DLLs as previous releases or as per define OpenSSL_ProgramData above. Resource files are available from OpenSSL 3.0.12 and 3.1.4, and later. Thanks to Michael Ott for the original resource file implementation.
No longer supporting defines OPENSSL_USE_DELPHI_MM (never used), OPENSSL_NO_ENGINE (deprecated, never used), OPENSSL_USE_RESOURCE_STRINGS (never used), NO_OSSL_VERSION_CHECK (dangerous), DEFINE OPENSSL_NO_TLSEXT (TLS needed everywhere), LOADSSL_ERROR_FILE (better debugging now).
Added GSSLEAY_RES_SUBDIR defaults to "ICS-OpenSSL", where OpenSSL files will be saved and accessed in linked as a resource in the application, with a sub-directory for each different version.
Added SSL_CTX_set_cert_store.
OverbyteIcsCharsetUtils.pas
Nov 23, 2023 V9.1
Moved IcsFindHtmlCharset, IcsFindHtmlCodepage, IcsContentCodepage, IcsHtmlToStr to OverbyteIcsHtmlUtils.
IsValidAnsiCodePage now calls IcsIsValidAnsiCodePage.
OverbyteIcsFtpMulti.pas
Dec 15, 2023 V9.1
Added OverbyteIcsSslBase which now includes TX509Base and TX509List.
Added new property NoSSL to TIcsFtpMulti that prevents use of SSl/TLS, must be set before any requests.
TOcspHttp now in OverbyteIcsSslUtils rather than OverbyteIcsSslHttpRest to ease linking.
SslContext now uses public IcsSslRootCAStore and ignores root bundle.
If download file has increased in size since being listed after a successful download, don't fail and delete it.
OverbyteIcsHttpAppServer.pas
Dec 05, 2023 V9.1
Added properties PostedDataTB and PostedDataStr to return posted data in easier to use types than an PAnsiChar buffer.
Added MaxUploadMB defaults to 200 MBbyte to restrict maximum size of POST or PUT requests.
Added MaxStreamMB defaults to 50 MBbyte as the maximum TMemoryStream size before a TFileStream is instead used with a temporary file name.
Added PostedDataStream to which POST and PUT content is written which is what TFormDataAnalyser needs, PostedData pointer now points to the stream memory rather than a stack buffer. This change allows file uploads larger than memory, up to MaxUploadSize.
Added new property NoSSL that prevents use of HTTPS, must be set before server is started.
INI file reads NoSSl, MaxUploadMB and MaxStreamMB.
PUT requests now save uploaded data similarly to POST.
OverbyteIcsHttpMulti.pas
Dec 12, 2023 V9.1
Added OverbyteIcsSslBase which now includes TX509Base and TX509List.
Added new property NoSSL to TIcsHttpMulti that prevents use of HTTPS, must be set before any requests. HTTP redirected to HTTPS will fail.
TOcspHttp now in OverbyteIcsSslUtils rather than OverbyteIcsSslHttpRest to ease linking.
SslContext now uses public IcsSslRootCAStore and ignores root bundle.
OverbyteIcsHttpProt.pas
Dec 22, 2023 V9.1
Only call SetSslAlpnProtocols if using https.
If the Location property is cleared during the OnLocationChange event, relocation is stopped, can be used stop relocation from http to https.
Minor clean-up in DoRequestSync.
Added OverbyteIcsSslBase which now includes TX509Base and TX509List.
ALPN is now set for TSslWSocket rather than SslContext.
When sending proxy CONNNECT request, add ALPN: header (RFC7639) which will be forwarded to target by some proxies, needed for Acme protocol.
OverbyteIcsHttpSrv.pas
Nov 18, 2023 V9.1
Added OverbyteIcsSslBase which now includes TX509Base and TX509List.
ContentLength can now be larger than 2GB.
Added new property NoSSL that prevents use of HTTPS, must be set before server is started.
TOcspHttp now in OverbyteIcsSslUtils rather than OverbyteIcsSslHttpRest to ease linking.
ExtractURLEncodedValue now calls IcsExtractURLEncodedValue in OverbyteIcsUrl to ease sharing (not actually used by server, only apps).
Renamed UrlEncode to SrvUrlEncode to avoid conflicts with other units, pending replace them with common versions.
OverbyteIcsIpStreamLog.pas
Dec 18, 2023 V9.1
TOcspHttp now in OverbyteIcsSslUtils rather than OverbyteIcsSslHttpRest to ease linking.
Added OverbyteIcsSslBase which now includes TX509Base and TX509List.
SslContext now uses public IcsSslRootCAStore and ignores root bundle.
OverbyteIcsMailQueue.pas
Dec 13, 2023 V9.1
Added OverbyteIcsSslBase which now includes TX509Base and TX509List.
Added new property NoSSL that prevents use of SSL/TLS, must be set before the queue is started.
INI file has new NoSSL setting to prevent SSL/TLS.
TOcspHttp now in OverbyteIcsSslUtils rather than OverbyteIcsSslHttpRest to ease linking.
SslContext now uses public IcsSslRootCAStore instead of local root store.
No longer logging OpenSSL version, probably loaded earlier.
OverbyteIcsMQTT.pas
Dec 12, 2023 V9.1
Added OverbyteIcsSslBase which now includes TX509Base and TX509List.
TOcspHttp now in OverbyteIcsSslUtils rather than OverbyteIcsSslHttpRest to ease linking.
SslContext now uses public IcsSslRootCAStore and ignores root bundle.
OverbyteIcsProxy.pas
Dec 22, 2023 V9.1
Added OverbyteIcsHtmlUtils.
Added OverbyteIcsSslBase which now includes TX509Base and TX509List.
TOcspHttp now in OverbyteIcsSslUtils rather than OverbyteIcsSslHttpRest to ease linking.
Target SslContent uses UseSharedCAStore instead of RootCA property.
Support CONNECT ALPN: header (RFC7659), to forward ALPN to target.
If source sends SSL ALPN, forward it to target. Perhaps optional or at least remove h2 and h3 which we don't support.
OverbyteIcsSslHttpOAuth.pas
Dec 21, 2023 V9.1
Added OverbyteIcsSslBase which now includes TX509Base and TX509List.
Added new OAuthOption of OAopAuthBasic which means use Basic Authentication with client id and secret instead of sending them as parameters.
Added some documentation about OAuthOptions, needs more detail.
Microsoft 365 Rest Email now supports EmailFmtRaw for both GetEmail and SendEmail to receive and send RFC822 SMTP format messages (like GMail) prepared by the TSslHtmlSmtpCli component with HTML content and attachments, and received message can be decoded using TMimeDecodeW.
New TRestEmailType of RestEmailNone where we don't want REST email, beware ordial values changed if saved instead of literals, default now None.
TSimpleWebServer now logs SSL client hello.
OverbyteIcsSslHttpRest.pas
Dec 12, 2023 V9.1
Moved TDnsQueryHttps and TIcsDomNameCacheHttps to OverbyteIcsDnsHttps to avoid circular references and simplify unit.
Moved TOcspHttp to OverbyteIcsSslUtils to avoid bringing this unit into as many components.
Moved various MIME literals to OverbyteIcsMimeUtils.
Added new property SharedSslCtx to TSslHttpRest which allows an external TSslContext component to be set to the SslContext property (just as with TSslHttpCli) rather than using the internal RestSslCtx automatically. This will be more efficient on memory when using multiple TSslHttpRest components in parallel since the root store or perhaps hundreds of SSL certificates will only be loaded once rather than separately for each instance.
Added new property NoSSL to TSslHttpRest that prevents use of HTTPS, must be set before any requests. HTTP redirected to HTTPS will fail.
TRestParams now builds POST/PUT parameters into a stream instead of a string to allow parameters including very large files and since the HTTP component needs a post stream, mainly for multipart/form-data parameters, see below. A temporary file is used for parameters larger than 50MB.
Added new TRestParams content type PContFormData to create multipart/form-data parameters, also TParamType of RPTypeFile, see OverbyteIcsUrl.
File uploading with HttpUploadSimple can now use TRestParams.
Added new property MaxLogParams to TSslHttpRest defaulting to 4,096 to restrict the length of params logged before requests with DebugLevel is DebugParams or better, there may be megabytes. Params are now line broken and binary stripped.
Added progress information for file uploading, that may take a while, uploads tested to 7GB, beware preparing the form-data content stream may take a few minutes without progress information, need TStream.CopyTo with a callback.
Added OverbyteIcsSslBase which now includes TX509Base and TX509List.
Moved IcsExtractURLEncodedValue to OverbyteIcsUrl, now used by HttpSrv.
SslContext now uses public IcsSslRootCAStore and ignores root bundle.
OverbyteIcsSslUtils.pas
Nov 17, 2023 V9.1
Baseline. New unit.
Moved TOcspHttp here from OverbyteIcsSslHttpRest to avoid bringing that unit into as many components.
OverbyteIcsSslX509Certs.pas
Dec 21, 2023 V9.1
Make sure certificate extensions are set for server certificate before creating certificate request so international domain name with accents gets processed, got broken in June 2023 due to change in DoCertReqProps.
Added OverbyteIcsSslBase which now includes TX509Base and TX509List.
Validation now uses public IcsSslRootCAStore and ignores root bundle.
OverbyteIcsSslX509Utils.pas
Dec 11, 2023 V9.1
Added OverbyteIcsSslBase which now includes TX509Base and TX509List.
Moved sslRootCACertsBundle function to OverbyteIcsSslBase.
OverbyteIcsUrl.pas
Nov 18, 2023 V9.1
Redesigned TRestParams to build parameters into ParamStream using GetParamStream, to allow parameters including very large files and since the HTTP component needs a post stream rather than a string, mainly for multipart/form-data parameters, see below, GetParams still returns an AnsiString.
Added new TRestParams content type of PContNone to make them easier to disable, beware ordial values have changed if this saved rather than a literal.
Added new TRestParams content type PContFormData to create multipart/form-data parameters, according to RFC7578 which may include multiple binary files and _charset_ part.
The TRestParams AddItem method has a new optional ContentType argument, currently used for PContFormData only.
Added TParamType of RPTypeFile for binary file content.
Added new TRestParams AddItemFile method that takes a full binary file name with optional file size and ContentType,
the latter two will be looked up if not supplied, content from file extension and a MIME table.
Added new TRestParams FormDataUtf8 property that if true will add a FormData _charset_ part with utf-8 and send all textual content as utf-8 without UrlEncoding.
Added GetEstParamSize that returns Int64 estimated size of the parameters, to allow the application to allocate a TFileStream instead of TMemoryStream if massive files are included, typically more than 50MB.
Added IcsPercentEncode and IcsPercentDecode to percent encode and decode any non 7-bit characters, ignore charsets. Similar to UrlEncode but does not change spaces or special chars, except %.
Moved IcsExtractURLEncodedValue here from OverbyteIcsSslHttpRest.
Moved ExtractURLEncodedParamList and GetCookieValue here from OverbyteIcsHttpSrv with Ics, old versions use these.
ExtractURLEncodedParamList has new optional Values parameter than adds all values to the strings as name=value.
OverbyteIcsUtils.pas
Dec 06, 2023 V9.1
Added IcsTBToHex for a TBytes buffer.
Added Base64EncodeTB for a TBytes buffer.
IcsTBytesToString now sets length if not specified.
Added IcsFormatHexStr to break long hex string into groups and lines, defaulting to eight chars per group, 64 per line.
Added IcsStrRemCntls to replace control codes (< space) in string with ~, optionally leaving line endings, IcsStrRemCntlsA takes an AnsiString or buffer, IcsStrRemCntlsTB is TBytes buffer.
Added IcsStrBeakup to break up text into multiple lines of specified length, default 80.
Added IcsTimeToZStr to convert DataTime to string hh:mm:ss:zzz.
Added IcsResourceGetTB to read TBytes from a named resource.
Added IcsResourceSaveFile to save a file from a named resource.
Report mobile platforms to IcsBuiltWithEx.
Fix some problems building for Android.
IcsFileStreamW now only for non-unicode compilers.
Added IcsDataSaveFile and IcsDataLoadFile to save TBytes to a file, and load it from a file, no error reporting.
Another IcsMoveTBytesToString overload for AnsiString.
OverbyteIcsDnsHttps.pas
Nov 16, 2023 V9.1 Baseline. New unit.
Split TDnsQueryHttps and TIcsDomNameCacheHttps from OverbyteIcsSslHttpRest to avoid circular references and simplify unit.
==============================================================================
deleted OpenSSL-Win32
deleted OpenSSL-Win32/legacy.dll
deleted OpenSSL-Win32/libcrypto-3.dll
deleted OpenSSL-Win32/libssl-3.dll
deleted OpenSSL-Win32/LibV31OpenSSL32.RC
deleted OpenSSL-Win32/LibV31OpenSSL32.RES
deleted OpenSSL-Win32/LICENSE.txt
deleted OpenSSL-Win32/openssl.exe
deleted OpenSSL-Win32/readme.txt
modified Samples/Delphi/SslInternet/OverbyteIcsHttpRestTst1.dfm
modified Samples/Delphi/SslInternet/OverbyteIcsHttpRestTst1.pas
modified Samples/Delphi/SslInternet/OverbyteIcsJoseTst1.dfm
modified Samples/Delphi/SslInternet/OverbyteIcsJoseTst1.pas
modified Source/OverbyteIcsLIBEAY.pas
modified Source/OverbyteIcsSSLEAY.pas
modified Source/OverbyteIcsSslJose.pas
modified Source/OverbyteIcsUrl.pas
modified Source/OverbyteIcsUtils.pas
modified Source/OverbyteIcsWebSocketCli.pas
modified Source/OverbyteIcsWebSocketSrv.pas
modified Source/OverbyteIcsWSocket.pas
added ICS-OpenSSL
added ICS-OpenSSL/3200.txt
added ICS-OpenSSL/DefRootCABundle.pem
added ICS-OpenSSL/ExtraRootCABundle.pem
added ICS-OpenSSL/legacy-x64.dll
added ICS-OpenSSL/legacy.dll
added ICS-OpenSSL/libcrypto-3-x64.dll
added ICS-OpenSSL/libcrypto-3.dll
added ICS-OpenSSL/libssl-3-x64.dll
added ICS-OpenSSL/libssl-3.dll
added ICS-OpenSSL/LICENSE.txt
added ICS-OpenSSL/openssl.exe
added ICS-OpenSSL/readme.txt
added ICS-OpenSSL/RootCaCertsBundle.p12
added ICS-OpenSSL/RootCaCertsBundle.pem
added ICS-OpenSSL/sslRootCACertsBundle.p12
added ICS-OpenSSL/sslRootCACertsBundle.pem
added ICS-OpenSSL/TrustedCaBundle.p12
added ICS-OpenSSL/TrustedCaBundle.pem
added ICS-OpenSSL/Version.txt
ICS V9.1 - Part 12
These changes are mainly fixes for the Websocket client and server components, specifically where proxy servers consolidate TCP packets.
There is also an initial upload of a new ICS-OpenSSL directory that replaces the OpenSSL-Win32 directory, but which adds
a number of SSL/TLS files that are currently in the Samples/Delphi/SslInternet/ directory which will also be removed shortly.
The intention is all files in ICS-OpenSSL will be copied to "C:\ProgramData\ICS-OpenSSl" and be available to all ICS applications.
OverbyteIcsWebSocketCli.pas
Jan 08, 2023 V9.1
Added property WSFullHdrs which when true causes all HTTP request headers to be sent when upgrading a connection to WebSocket, normally only the important headers are sent.
Stop range checking while checking received data.
Using OverbyteIcsHtmlUtils instead of CharSetUtils.
Fixed a problem where multiple or partial frames might arrive together, ensure they are corrected assembled. Added new frame state wsfsIncompleteHeader when this happens. Thanks to Jaroslav Kulisek.
When checking server key, removed unnecessary string cast
OverbyteIcsWebSocketSrv.pas
Jan 08, 2024 V9.1
Using OverbyteIcsHtmlUtils instead of CharSetUtils.
Fixed a problem where multiple or partial frames might arrive together, ensure they are corrected assembled. Added new frame state wsfsIncompleteHeader when this happens. Thanks to Jaroslav Kulisek.
Skip websocket upgrade if authentication needed.
OverbyteIcsLIBEAY.pas
OverbyteIcsSSLEAY.pas
OverbyteIcsSslJose.pas
Jan 08, 2024 V9.1
Removed support for OpenSSL 1.1.1, out of maintenance, saves a lot of code.
OverbyteIcsUrl.pas
Jan 03, 2024 V9.1
The ResultSet2Json method of TRestParamsSrv has a new optional query parameter that is added to the Json to assist processing.
OverbyteIcsUtils.pas
Jan 08, 2023 V9.1
Added Base64EncodeTB for a TBytes buffer, Base64EncodeA for AnsiString.
Samples/Delphi/SslInternet/OverbyteIcsHttpRestTst1.dfm
Samples/Delphi/SslInternet/OverbyteIcsHttpRestTst1.pas
Jan 08, 2024 V9.1
Websocket testing will now parse Json if returned, added Send Multi Lines to send two or more lines of text in a single message or as multiple separate messages waiting for response after each.
==============================================================================
Saved perivate key OK with AES128 key cipher: C:\svn-repos\ics-certauth\ICSRootCA-key.pem
Saved certificate OK with AES128 key cipher: C:\svn-repos\ics-certauth\ICSRootCA-bundle.pem
Saved certificate OK with AES128 key cipher: C:\svn-repos\ics-certauth\ICSRootCA-bundle.pfx
Saved certificate OK - C:\svn-repos\ics-certauth\ICSRootCA.pem
Saved certificate OK with AES128 key cipher: C:\svn-repos\ics-certauth\ICSRootCA.pfx
Certificate Details:
Issued to (CN): ICS Intermediate, (O): https://www.overbyte.eu/, (OU): Internet Component Suite
Issuer (CN): ICS Root CA, (O): https://www.overbyte.eu/, (OU): Internet Component Suite
Expires: 2026-10-06T19:02:03, Signature: sha256WithRSAEncryption
Valid From: 2024-01-11T19:02:03, Serial Number: 7db4fed3
Fingerprint (sha256): de91a79dc24901fd10be24aed3228351418ffae2ff625106b0cddfa32720a8f8
Public Key: RSA Key Encryption 2048 bits, 112 security bits
Saved PEM bundle with certificate, key and intermediate with None key cipher: C:\svn-repos\ics-certauth\OwnCA-1003-ICS_Intermediate-bundle.pem
Saved PKCS12 bundle with certificate, key and intermediate with Triple DES key cipher: C:\svn-repos\ics-certauth\OwnCA-1003-ICS_Intermediate.pfx
Saving final versions of all files without order numbers locally
Saved private key file with None key cipher: C:\svn-repos\ics-certauth\ICS_Intermediate-privatekey.pem
Saved PEM certificate alone: C:\svn-repos\ics-certauth\ICS_Intermediate-certonly.pem
Saved PEM bundle with certificate, key and intermediate with None key cipher: C:\svn-repos\ics-certauth\ICS_Intermediate-bundle.pem
Saved PKCS12 bundle with certificate, key and intermediate with Triple DES key cipher: C:\svn-repos\ics-certauth\ICS_Intermediate.pfx
Certificate Details:
Issued to (CN): ICS Intermediate Short, (O): https://www.overbyte.eu/, (OU): Internet Component Suite
Issuer (CN): ICS Root CA, (O): https://www.overbyte.eu/, (OU): Internet Component Suite
Expires: 2024-04-20T19:24:13, Signature: sha256WithRSAEncryption
Valid From: 2024-01-11T19:24:13, Serial Number: 2fff7fff
Fingerprint (sha256): 9f5936d5091c78626c3dabd238cb9b183ba3c10465ede26b5248e3475b713d6e
Public Key: RSA Key Encryption 2048 bits, 112 security bits
Saved PEM bundle with certificate, key and intermediate with None key cipher: C:\svn-repos\ics-certauth\OwnCA-1004-ICS_Intermediate_Short-bundle.pem
Saved PKCS12 bundle with certificate, key and intermediate with Triple DES key cipher: C:\svn-repos\ics-certauth\OwnCA-1004-ICS_Intermediate_Short.pfx
Saving final versions of all files without order numbers locally
Saved private key file with None key cipher: C:\svn-repos\ics-certauth\ICS_Intermediate_Short-privatekey.pem
Saved PEM certificate alone: C:\svn-repos\ics-certauth\ICS_Intermediate_Short-certonly.pem
Saved PEM bundle with certificate, key and intermediate with None key cipher: C:\svn-repos\ics-certauth\ICS_Intermediate_Short-bundle.pem
Saved PKCS12 bundle with certificate, key and intermediate with Triple DES key cipher: C:\svn-repos\ics-certauth\ICS_Intermediate_Short.pfx
Certificate Details:
Issued to (CN): localhost, (O): https://www.overbyte.eu/, (OU): Internet Component Suite
Alt Domains (SAN): localhost
Issuer (CN): ICS Root CA, (O): https://www.overbyte.eu/, (OU): Internet Component Suite
Expires: 2026-10-06T19:25:18, Signature: sha256WithRSAEncryption
Valid From: 2024-01-11T19:25:18, Serial Number: 5d7dceb4
Fingerprint (sha256): d11f8051865e3db1886b1244a8ca506eb45577297d96ffb717489cfcfb0c4298
Public Key: RSA Key Encryption 2048 bits, 112 security bits
Saved PEM bundle with certificate, key and intermediate with None key cipher: C:\svn-repos\ics-certauth\OwnCA-1005-localhost-bundle.pem
Saved PKCS12 bundle with certificate, key and intermediate with Triple DES key cipher: C:\svn-repos\ics-certauth\OwnCA-1005-localhost.pfx
Saving final versions of all files without order numbers locally
Saved private key file with None key cipher: C:\svn-repos\ics-certauth\localhost-privatekey.pem
Saved PEM certificate alone: C:\svn-repos\ics-certauth\localhost-certonly.pem
Saved PEM bundle with certificate, key and intermediate with None key cipher: C:\svn-repos\ics-certauth\localhost-bundle.pem
Saved PKCS12 bundle with certificate, key and intermediate with Triple DES key cipher: C:\svn-repos\ics-certauth\localhost.pfx
xcopy "..\ICS-OpenSSL\*.*" "C:\ProgramData\ICS-OpenSSL\" /y /s /e /c
C:\ProgramData\ICS-OpenSSL\ICS-Certs
C:\ProgramData\ICS-OpenSSL\ICS-Certs\localhost-bundle.pem
C:\ProgramData\ICS-OpenSSL\ICS-Certs\ICS_Intermediate_Short-bundle.pem
{ V9.1 directories built when SSL loads for ICS certificates and Root CAs }
GSSL_CERTS_SUBDIR : String = 'ICS-Certs\';
GSSL_ROOTS_SUBDIR : String = 'ICS-RootCAs\';
GSSL_LOCALHOST_NAME : String = 'localhost-bundle.pem';
GSSL_ROOTCA_NAME : String = 'ICSRootCA.pem';
GSSL_INTER_NAME : String = 'ICS_Intermediate_Short-bundle.pem';
GSSL_DEFROOT_NAME : String = 'DefRootCABundle.pem';
GSSL_EXTRAROOT_NAME : String = 'ExtraRootCABundle.pem';
GSSL_CERTS_DIR : String = ''; // C:\ProgramData\ICS-OpenSSL\ICS-Certs\
GSSL_ROOTS_DIR : String = ''; // C:\ProgramData\ICS-OpenSSL\ICS-RootCAs\
GSSL_INTER_FILE : String = ''; // C:\ProgramData\ICS-OpenSSL\ICS-Certs\ICS_Intermediate_Short-bundle.pem
Created self signed certificate OK
ISSUED TO (Subject)
Common Name (CN): ICS Root CA
Alt Name (DNS):
Alt Name (IP):
Organisation (O): https://www.overbyte.eu/
Organisational Unit (OU): Internet Component Suite
Country (C): BE
State/Province(ST):
Locality (L):
Serial Number:
Title (T):
Initials (I):
Given Name (G):
Surname (S):
Description (D):
Email (Email):
Raw Public Key:
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0uF7nCYh6yDEUAx87Bd4
xE8Wp2iZFffonFxvaxzwBUfHbgTOq45TMT3+NZesCfVrwDmPq1jlzLdTz4KRVg2+
lh32rHzy4WiWbabGUv0uPwl/+AoRJcGtWVyjcL6cU7tn1wiHbnv3PKlypqFcWolc
lJHX4brTqRmPgtr6hIjnBFN35X/8GoFz/D9I9O3sZMd+9O5oyfprCpBd/p8gl+fY
+P5ka1WUzkbk1HFf8F7/+1cKyDVCwrxVFpUYvPJpo97m6N5YPiNgFhIvh8IGLVWU
NAnyBk7UemqMHdAz+mn0o8V0g1UU6U9cEU/TqlqVuVxjX8w4xYdgieEUnn/kdBw2
rQIDAQAB
SELF SIGNED
GENERAL
Serial Number: 3e76dae6
Issued on (UTC): 17/01/2024 14:39:59
Expires on (UTC): 30/07/2044 14:39:59
Basic Constraints: CA=TRUE
Key Usage: Certificate Sign, CRL Sign
Extended Key Usage:
Authority Info, OCSP:
Authority Info, Issuer Cert:
Certificate Policies:
CRL Distribution Points:
Authority Key Identifier:
Subject Key Identifier:
Signature Algorithm: sha256WithRSAEncryption
Fingerprint (sha1): b1c52c79027257990db81d116af542cdabcb66f3
Fingerprint (sha56): ab8afe2a495cdcdd8918cd83d8ca813ef474e4a31e939b5885c9f4e83cfe257c
Key Info: RSA Key Encryption 2048 bits, 112 security bits
Saved certificate OK - C:\svn-repos\ics-certauth\ICSRootCA.pem
Saved certificate OK with None key cipher: C:\svn-repos\ics-certauth\ICSRootCA.p12
Saved perivate key OK with AES256 key cipher: C:\svn-repos\ics-certauth\ICSRootCA-key.pem
Saved certificate OK with AES256 key cipher: C:\svn-repos\ics-certauth\ICSRootCA-bundle.pem
Saved certificate OK with AES256 key cipher: C:\svn-repos\ics-certauth\ICSRootCA.pfx
Certificate Details:
Issued to (CN): ICS Intermediate, (O): https://www.overbyte.eu/, (OU): Internet Component Suite
Issuer (CN): ICS Root CA, (O): https://www.overbyte.eu/, (OU): Internet Component Suite
Expires: 2026-10-12T14:46:14, Signature: sha256WithRSAEncryption
Valid From: 2024-01-17T14:46:14, Serial Number: 4ff0faef
Fingerprint (sha256): 60419ae4d84f8ecd08890b38e020d9d8fbd7bdb0cf8c5f948b05b25d793d3aa8
Public Key: RSA Key Encryption 2048 bits, 112 security bits
Saved PEM bundle with certificate, key and intermediate with None key cipher: C:\svn-repos\ics-certauth\OwnCA-1001-ICS_Intermediate-bundle.pem
Saved PKCS12 bundle with certificate, key and intermediate with Triple DES key cipher: C:\svn-repos\ics-certauth\OwnCA-1001-ICS_Intermediate.pfx
SSL certificate chain validated OK:
Server: Issued to (CN): ICS Intermediate, (O): https://www.overbyte.eu/, (OU): Internet Component Suite
Issuer (CN): ICS Root CA, (O): https://www.overbyte.eu/, (OU): Internet Component Suite
Expires: 2026-10-12T14:46:14, Signature: sha256WithRSAEncryption
Valid From: 2024-01-17T14:46:14, Serial Number: 4ff0faef
Fingerprint (sha256): 60419ae4d84f8ecd08890b38e020d9d8fbd7bdb0cf8c5f948b05b25d793d3aa8
Public Key: RSA Key Encryption 2048 bits, 112 security bits
Trusted CA: Issued to (CN): ICS Root CA, (O): https://www.overbyte.eu/, (OU): Internet Component Suite
Issuer: Self Signed
Expires: 2044-07-24T18:53:42, Signature: sha256WithRSAEncryption
Valid From: 2024-01-11T18:53:42, Serial Number: 6eca5b2e
Fingerprint (sha256): a4ef52c602a0beb0a97022ac14cabb1a5b51251963e45684eb57e1da47e7794e
Public Key: RSA Key Encryption 2048 bits, 112 security bits
Saving final versions of all files without order numbers locally
Saved private key file with None key cipher: C:\svn-repos\ics-certauth\ICS_Intermediate-privatekey.pem
Saved PEM certificate alone: C:\svn-repos\ics-certauth\ICS_Intermediate-certonly.pem
Saved PEM bundle with certificate, key and intermediate with None key cipher: C:\svn-repos\ics-certauth\ICS_Intermediate-bundle.pem
Saved PKCS12 bundle with certificate, key and intermediate with Triple DES key cipher: C:\svn-repos\ics-certauth\ICS_Intermediate.pfx
Certificate Details:
Issued to (CN): ICS Intermediate Short, (O): https://www.overbyte.eu/, (OU): Internet Component Suite
Issuer (CN): ICS Root CA, (O): https://www.overbyte.eu/, (OU): Internet Component Suite
Expires: 2024-04-26T14:49:06, Signature: sha256WithRSAEncryption
Valid From: 2024-01-17T14:49:06, Serial Number: 7b3d3f7f
Fingerprint (sha256): 5e4f9057be7a871cd8ee6c76ddfd9e1339d062fffce08ae9ff9b8a09e56f3363
Public Key: RSA Key Encryption 2048 bits, 112 security bits
Saved PEM bundle with certificate, key and intermediate with None key cipher: C:\svn-repos\ics-certauth\OwnCA-1002-ICS_Intermediate_Short-bundle.pem
Saved PKCS12 bundle with certificate, key and intermediate with Triple DES key cipher: C:\svn-repos\ics-certauth\OwnCA-1002-ICS_Intermediate_Short.pfx
SSL certificate chain validated OK:
Server: Issued to (CN): ICS Intermediate Short, (O): https://www.overbyte.eu/, (OU): Internet Component Suite
Issuer (CN): ICS Root CA, (O): https://www.overbyte.eu/, (OU): Internet Component Suite
Expires: 2024-04-26T14:49:06, Signature: sha256WithRSAEncryption
Valid From: 2024-01-17T14:49:06, Serial Number: 7b3d3f7f
Fingerprint (sha256): 5e4f9057be7a871cd8ee6c76ddfd9e1339d062fffce08ae9ff9b8a09e56f3363
Public Key: RSA Key Encryption 2048 bits, 112 security bits
Trusted CA: Issued to (CN): ICS Root CA, (O): https://www.overbyte.eu/, (OU): Internet Component Suite
Issuer: Self Signed
Expires: 2044-07-24T18:53:42, Signature: sha256WithRSAEncryption
Valid From: 2024-01-11T18:53:42, Serial Number: 6eca5b2e
Fingerprint (sha256): a4ef52c602a0beb0a97022ac14cabb1a5b51251963e45684eb57e1da47e7794e
Public Key: RSA Key Encryption 2048 bits, 112 security bits
Saving final versions of all files without order numbers locally
Saved private key file with None key cipher: C:\svn-repos\ics-certauth\ICS_Intermediate_Short-privatekey.pem
Saved PEM certificate alone: C:\svn-repos\ics-certauth\ICS_Intermediate_Short-certonly.pem
Saved PEM bundle with certificate, key and intermediate with None key cipher: C:\svn-repos\ics-certauth\ICS_Intermediate_Short-bundle.pem
Saved PKCS12 bundle with certificate, key and intermediate with Triple DES key cipher: C:\svn-repos\ics-certauth\ICS_Intermediate_Short.pfx
SSL certificate chain validated OK:
Server: Issued to (CN): localhost, (O): https://www.overbyte.eu/, (OU): Internet Component Suite
Alt Domains (SAN): localhost
Issuer (CN): ICS Intermediate, (O): https://www.overbyte.eu/, (OU): Internet Component Suite
Expires: 2024-04-26T14:50:44, Signature: sha256WithRSAEncryption
Valid From: 2024-01-17T14:50:44, Serial Number: 3e74faf4
Fingerprint (sha256): 6d52ee5a0e3526bf9cb6846e4220eff938590a1c1881bde0dbb1d0ab0adcccca
Public Key: RSA Key Encryption 2048 bits, 112 security bits
Intermediate: Issued to (CN): ICS Intermediate, (O): https://www.overbyte.eu/, (OU): Internet Component Suite
Issuer (CN): ICS Root CA, (O): https://www.overbyte.eu/, (OU): Internet Component Suite
Expires: 2026-10-12T14:46:14, Signature: sha256WithRSAEncryption
Valid From: 2024-01-17T14:46:14, Serial Number: 4ff0faef
Fingerprint (sha256): 60419ae4d84f8ecd08890b38e020d9d8fbd7bdb0cf8c5f948b05b25d793d3aa8
Public Key: RSA Key Encryption 2048 bits, 112 security bits
Trusted CA: Issued to (CN): ICS Root CA, (O): https://www.overbyte.eu/, (OU): Internet Component Suite
Issuer: Self Signed
Expires: 2044-07-24T18:53:42, Signature: sha256WithRSAEncryption
Valid From: 2024-01-11T18:53:42, Serial Number: 6eca5b2e
Fingerprint (sha256): a4ef52c602a0beb0a97022ac14cabb1a5b51251963e45684eb57e1da47e7794e
Public Key: RSA Key Encryption 2048 bits, 112 security bits
Saving final versions of all files without order numbers locally
Saved private key file with None key cipher: C:\svn-repos\ics-certauth\localhost-privatekey.pem
Saved PEM certificate alone: C:\svn-repos\ics-certauth\localhost-certonly.pem
Saved PEM intermediate certificate: C:\svn-repos\ics-certauth\localhost-inters.pem
Saved PEM bundle with certificate, key and intermediate with None key cipher: C:\svn-repos\ics-certauth\localhost-bundle.pem
Saved PKCS12 bundle with certificate, key and intermediate with Triple DES key cipher: C:\svn-repos\ics-certauth\localhost.pfx
====================================================================
modified ICS-OpenSSL/ExtraRootCABundle.pem
deleted ICS-OpenSSL/RootCaCertsBundle.p12
deleted ICS-OpenSSL/RootCaCertsBundle.pem
deleted ICS-OpenSSL/sslRootCACertsBundle.p12
deleted ICS-OpenSSL/sslRootCACertsBundle.pem
deleted ICS-OpenSSL/TrustedCaBundle.p12
deleted ICS-OpenSSL/TrustedCaBundle.pem
deleted OpenSSL-Win32
deleted OpenSSL-Win32/legacy.dll
deleted OpenSSL-Win32/libcrypto-3.dll
deleted OpenSSL-Win32/libssl-3.dll
deleted OpenSSL-Win32/LibV31OpenSSL32.RC
deleted OpenSSL-Win32/LibV31OpenSSL32.RES
deleted OpenSSL-Win32/LICENSE.txt
deleted OpenSSL-Win32/openssl.exe
deleted OpenSSL-Win32/readme.txt
modified Samples/Delphi/OtherDemos/OverbyteIcsNetMon1.dfm
modified Samples/Delphi/OtherDemos/OverbyteIcsNetMon1.pas
modified Samples/Delphi/OtherDemos/OverbyteIcsNetTools1.dfm
modified Samples/Delphi/OtherDemos/OverbyteIcsNetTools1.pas
modified Samples/Delphi/SslInternet/OverbyteIcsPemTool1.dfm
modified Samples/Delphi/SslInternet/OverbyteIcsPemTool1.pas
modified Samples/Delphi/SslInternet/OverbyteIcsSslMultiWebServ1.dfm
modified Samples/Delphi/SslInternet/OverbyteIcsSslMultiWebServ1.pas
modified Samples/Delphi/SslInternet/OverbyteIcsSslWebServ1.dfm
modified Samples/Delphi/SslInternet/OverbyteIcsSslWebServ1.pas
modified Samples/Delphi/SslInternet/OverbyteIcsX509CertsTst.res
modified Samples/Delphi/SslInternet/OverbyteIcsX509CertsTst1.dfm
modified Samples/Delphi/SslInternet/OverbyteIcsX509CertsTst1.pas
modified Source/OverbyteIcsCommonVersion.rc
modified Source/OverbyteIcsCommonVersion.res
modified Source/OverbyteIcsIpHlpApi.pas
modified Source/OverbyteIcsIpUtils.pas
modified Source/OverbyteIcsLIBEAY.pas
modified Source/OverbyteIcsMsSslUtils.pas
modified Source/OverbyteIcsSslBase.pas
modified Source/OverbyteIcsSSLEAY.pas
modified Source/OverbyteIcsSslX509Certs.pas
modified Source/OverbyteIcsSslX509Utils.pas
modified Source/OverbyteIcsWSocket.pas
modified Source/OverbyteIcsWSocketS.pas
modified Source/OverbyteIcsXpManifest.res
added ICS-OpenSSL/ICS-Certs
added ICS-OpenSSL/ICS-Certs/dhparam2048.pem
added ICS-OpenSSL/ICS-Certs/ics-client-test.pem
added ICS-OpenSSL/ICS-Certs/ics-client-test.pfx
added ICS-OpenSSL/ICS-Certs/localhost-bundle.pem
added ICS-OpenSSL/ICS-Certs/localhost.pfx
added ICS-OpenSSL/ICS-RootCAs
added ICS-OpenSSL/ICS-RootCAs/ICS_Intermediate.pem
added ICS-OpenSSL/ICS-RootCAs/ICS_Intermediate_Short-bundle.pem
added ICS-OpenSSL/ICS-RootCAs/ICS_Intermediate_Short.pfx
added ICS-OpenSSL/ICS-RootCAs/ICSRootCA.p12
added ICS-OpenSSL/ICS-RootCAs/ICSRootCA.pem
added ICS-OpenSSL/ICS-RootCAs/RootCaCertsBundle.p12
added ICS-OpenSSL/ICS-RootCAs/RootCaCertsBundle.pem
added ICS-OpenSSL/ICS-RootCAs/sslRootCACertsBundle.p12
added ICS-OpenSSL/ICS-RootCAs/sslRootCACertsBundle.pem
added ICS-OpenSSL/ICS-RootCAs/TrustedCaBundle.p12
added ICS-OpenSSL/ICS-RootCAs/TrustedCaBundle.pem
added Source/BuildICSResFiles.cmd
added Source/ICS_Intermediate_Short-bundle.pem
added Source/ICSCerts.RC
added Source/ICSCerts.RES
added Source/ICSPortList.RC
added Source/ICSPortList.RES
added Source/ICSPortList.txt
added Source/ICSRootCA.pem
added Source/nmap-mac-prefixes.RC
added Source/nmap-mac-prefixes.RES
ICS-OpenSSL/ExtraRootCABundle.pem
ICS-OpenSSL/ICS-Certs
ICS-OpenSSL/ICS-Certs/dhparam2048.pem
ICS-OpenSSL/ICS-Certs/ics-client-test.pem
ICS-OpenSSL/ICS-Certs/ics-client-test.pfx
ICS-OpenSSL/ICS-Certs/localhost-bundle.pem
ICS-OpenSSL/ICS-Certs/localhost.pfx
ICS-OpenSSL/ICS-RootCAs
ICS-OpenSSL/ICS-RootCAs/ICSRootCA.p12
ICS-OpenSSL/ICS-RootCAs/ICSRootCA.pem
ICS-OpenSSL/ICS-RootCAs/ICS_Intermediate.pem
ICS-OpenSSL/ICS-RootCAs/ICS_Intermediate_Short-bundle.pem
ICS-OpenSSL/ICS-RootCAs/ICS_Intermediate_Short.pfx
ICS-OpenSSL/ICS-RootCAs/RootCaCertsBundle.p12
ICS-OpenSSL/ICS-RootCAs/RootCaCertsBundle.pem
ICS-OpenSSL/ICS-RootCAs/TrustedCaBundle.p12
ICS-OpenSSL/ICS-RootCAs/TrustedCaBundle.pem
ICS-OpenSSL/ICS-RootCAs/sslRootCACertsBundle.p12
ICS-OpenSSL/ICS-RootCAs/sslRootCACertsBundle.pem
Samples/Delphi/OtherDemos/OverbyteIcsNetMon1.dfm
Samples/Delphi/OtherDemos/OverbyteIcsNetMon1.pas
Samples/Delphi/OtherDemos/OverbyteIcsNetTools1.dfm
Samples/Delphi/OtherDemos/OverbyteIcsNetTools1.pas
Samples/Delphi/SslInternet/OverbyteIcsPemTool1.dfm
Samples/Delphi/SslInternet/OverbyteIcsPemTool1.pas
Samples/Delphi/SslInternet/OverbyteIcsSslMultiWebServ1.dfm
Samples/Delphi/SslInternet/OverbyteIcsSslMultiWebServ1.pas
Samples/Delphi/SslInternet/OverbyteIcsSslWebServ1.dfm
Samples/Delphi/SslInternet/OverbyteIcsSslWebServ1.pas
Samples/Delphi/SslInternet/OverbyteIcsX509CertsTst.res
Samples/Delphi/SslInternet/OverbyteIcsX509CertsTst1.dfm
Samples/Delphi/SslInternet/OverbyteIcsX509CertsTst1.pas
Source/BuildICSResFiles.cmd
Source/ICSCerts.RC
Source/ICSCerts.RES
Source/ICSPortList.RC
Source/ICSPortList.RES
Source/ICSPortList.txt
Source/ICSRootCA.pem
Source/ICS_Intermediate_Short-bundle.pem
Source/OverbyteIcsCommonVersion.rc
Source/OverbyteIcsCommonVersion.res
Source/OverbyteIcsIpHlpApi.pas
Source/OverbyteIcsIpUtils.pas
Source/OverbyteIcsLIBEAY.pas
Source/OverbyteIcsMsSslUtils.pas
Source/OverbyteIcsSSLEAY.pas
Source/OverbyteIcsSslBase.pas
Source/OverbyteIcsSslX509Certs.pas
Source/OverbyteIcsSslX509Utils.pas
Source/OverbyteIcsWSocket.pas
Source/OverbyteIcsWSocketS.pas
Source/OverbyteIcsXpManifest.res
Source/nmap-mac-prefixes.RC
Source/nmap-mac-prefixes.RES
====================================================================
ICS V9.1 - Part 13
Hopefully the final OpenSSL changes for this release of ICS. But now needs testing on older Delphi versions and older packages updated with all the new units, so not ready for productions yet.
ICS now has it's own SSL root certificate 'ICS Root CA' and two intermediates, 'ICS Intermediate' and 'ICS Intermediate Short', the last of which includes a private key so can be used to automatically sign new certificates by ICS server applications, rather than just self signed certificates as before.
If the 'ICS Root CA' certificate is installed in the Window Store and browser stores, it should stop certificate warnings appearing. ICS applications automatically trust the ICS root, so will give warnings.
The short intermediate has a maximum 100 day expiry, so new versions will be issued regularly.
There is a single function CreateSelfSignCertEx that created signed certificates, and another IcsInstallIcsRoot that installs the ICS root into the Windows Store, so easy to use.
Users can use their own root and intermediate and still have ICS servers automatically signing certificates.
OverbyteIcsSslBase.pas
Jan 19, 2024 V9.1 Baseline.
Moved TSslContext, TSslBaseComponent, T509Base and TX509List here from OverbyteIcsWSocket which is a massive unit, but left TSslContext callbacks in WSocket since they need access to it, now set in TWSocket.SetSslCallbacks instead of InitContext.
Moved function sslRootCACertsBundle here from X509Utils.
Added property X509PubKeyTB to TX509Base to get the certificate public in DER binary format as TBytes, from where it may be converted to hex or base64, used for Raw Public Key certificate validation.
Made more TX509Base functions and variables public so they can be accessed from other units.
Added DHE-RSA-CHACHA20-POLY1305 to TLS/1.2 sslCiphersMozillaSrvTLS12.
Added IcsReadTBBio, IcsWriteStrBio, IcsWriteTBBio, IcsSslLoadStackFromP12TB which are internal functions for handling TBytes and certificates, to simplify code (we use too many AnsiStrings for binary data).
TX509List can now load and save PKCS#12 certificate bundle files, smaller than PEM files, added SaveToP12File, SaveToP12TB, LoadAllFromP12File, LoadAllFromP12TB, intended to load a certificate bundle. LoadAllFromPemFile and LoadAllFromPemTB renamed from LoadAllFromFileEx and AddAllFromFStringEx with new versions handling both PEM and PKCS#12 certificate bundle files.
TX509List has new method ListCerts that returns one listing line per cert.
Added new TSslRootCAStore component derived from TX509List with an Initialise method that loads OpenSSL, then tries to load the internal certificate sslRootCACertsBundle that should be linked into the app, if missing then tries to load DefRootCABundle.pem from C:\ProgramData\ICS-OpenSSL\ or the app path. It also tries to load ExtraRootCABundle.pem which is an optional private root bundle that can be used for private customer or devel roots.
Added public IcsSslRootCAStore component created and intialised when this unit is loaded so a common root store is ready for any SslContext or other components. Define OpenSSL_AutoLoad_CA_Bundle can be suppressed to stop OpenSSL and the bundled being automatically loaded, if not needed.
SslContext has new property UseSharedCAStore which causes the properties CAFile, CALines and CAPath to be ignored, uses IcsSslRootCAStore instead.
Added function IcsReportOpenSSLVer to centralise version reporting, optionally adding number of CA root certificates loaded.
Saving a private key with a PCKS12 file is now optional.
Moved BuildCertFName here from WSocketS as IcsIcsBuildCertFName.
ICSRootCA.pem and ICS_Intermediate_Short-bundle.pem certificates linked as resources, root is added to IcsSslRootCAStore.
OverbyteIcsWSocketS.pas
Jan 20, 2024 V9.1
Added new property NoSSL that prevents use of SSL/TLS, must be set before server is started.
TOcspHttp now in OverbyteIcsSslUtils rather than OverbyteIcsSslHttpRest to ease linking.
Added OverbyteIcsSslBase which now includes TSslContext, TX509Base and TX509List.
Replaced FX509CAList with public IcsSslRootCAStore.
Moved BuildCertFName to SslBase.
When creating a local SSL/TLS certificate to allow a server to start, ICS now creates a certificate with the IcsHosts.Hosts names signed by an internal ICS intermediate 'ICS Intermediate Short' signed by 'ICS Root CA' which if installed in Windows and browsers will stop certificate warnings appearing. Previously ICS only created self signed certificates. The global GSSL_INTER_FILE may be changed to an alternate intermediate bundle. The ICS bundle has the password 'password' and a maximum 100 day life, so new intermediates will be required regularly, to prevent misuse.
Use the function IcsInstallIcsRoot to install the ICS root certificate into the Windows Root Store, needs admin rights for the Local Machine store.
OverbyteIcsLIBEAY.pas
OverbyteIcsSSLEAY.pas
Jan 20, 2024 V9.1
Added two more X509 functions.
Removed support for OpenSSL 1.1.1 which is end of life.
Not currently supporting GSSLEAY_DLL_IgnoreOld/New since only 3.x supported.
OverbyteIcsDefs.inc has a new define OpenSSL_ProgramData which causes ICS to ignore GSSL_DLL_DIR by setting it to shell path CSIDL_COMMON_APPDATA and sub-directory "ICS-OpenSSl" which is usually "C:\ProgramData\ICS-OpenSSl" which is where the OpenSSL DLLs and root CA bundles should be placed.
The external OpenSSL DLL files may now be optionally linked into applications as a resource, to avoid distributing them separately. When the application runs, it checks to see if the DLLs have be extracted previously, and if not, creates them from the resource.
The OpenSSL extract directory is shell path CSIDL_COMMON_APPDATA which in recent Windows versions is "C:\Users\All Users\" aliased as "C:\ProgramData\", in sub-directory "ICS-OpenSSL" with a sub-directory for each different OpenSSL major/minor version, ie "3012" for 3.0.12, ie "C:\ProgramData\ICS-OpenSSL\3012\libcrypto-3.dll".
OverbyteIcsDefs.inc has a new define OpenSSL_Resource_Files which causes the resource file to be linked, the major/minor version being defined as OpenSSL_30, OpenSSL_31 or OpenSSL_32 (not supported yet), the actual resource files are LibV3xOpenSSL32.RES and LibV3xOpenSSL64.RES where x is the minor version. Note ICS supports linking specific major/minor versions of OpenSSL, but only one per application, but not multiple patch versions which don't have new features, only security and bug fixes. The RES files are distributed in the zip files with the DLLs from the ICS wiki site, with the latest versions in the source directory. If the new resource can not be found or there is a problem extracting the DLLs, ICS falls back to looking for OpenSSL DLLs as previous releases or as per define OpenSSL_ProgramData above. Resource files are available from OpenSSL 3.0.12 and 3.1.4, and later. Thanks to Michael Ott for the original resource file implementation.
No longer supporting defines OPENSSL_USE_DELPHI_MM (never used), OPENSSL_NO_ENGINE (deprecated, never used), OPENSSL_USE_RESOURCE_STRINGS (never used), NO_OSSL_VERSION_CHECK (dangerous), DEFINE OPENSSL_NO_TLSEXT (TLS needed everywhere), LOADSSL_ERROR_FILE (better debugging now).
Added GSSLEAY_RES_SUBDIR defaults to "ICS-OpenSSL", where OpenSSL files will be saved and accessed in linked as a resource in the application, with a sub-directory for each different version.
Added SSL_CTX_set_cert_store.
Added GSSL_CERTS_DIR and GSSL_ROOTS_DIR globals where ICS looks for SSL/TLS certificates and bundles.
OverbyteIcsMsSslUtils.pas
Jan 19, 2024 V9.1
Added OverbyteIcsSslBase which now includes TX509Base and TX509List.
SaveToStorePfx has new argument MsCertStore to allow loading into roots store as well as MyStore.
Added function IcsInstallIcsRoot to install the ICS Root CA from linked resource into the Windows Trust Store.
TMsCertTools has new method GetOneCert by SHA1 Digest.
OverbyteIcsIpHlpApi.pas
Jan 09, 2024 V9.1
Trying to find msghandler leak in TIcsIpChanges.
OverbyteIcsIpUtils.pas
Jan 11, 2024 V9.1
IcsLoadMacPrefixes now tries to load list from resource file nmap-mac-prefixes.RES if linked into application, otherwise loads file nmap-mac-prefixes.txt.
Loading common port list from resource file icsportlist.RES if linked into application, otherwise loads file icsportlist.txt.
Removed WellKnownSvcs which duplicates port list.
OverbyteIcsSslX509Certs.pas
Jan 18, 2024 V9.1
Make sure certificate extensions are set for server certificate before creating certificate request so international domain name with accents gets processed, got broken in June 2023 due to change in DoCertReqProps.
Added OverbyteIcsSslBase which now includes TX509Base and TX509List.
Validation now uses public IcsSslRootCAStore and ignores root bundle.
OwnCASign to sign our own certificates with OwnCA now creates intermediates as well.
wnCASign now adds signing certificate as intermediate to bundle.
OverbyteIcsSslX509Utils.pas
Jan 19, 2024 V9.1
Added OverbyteIcsSslBase which now includes TX509Base and TX509List.
Moved sslRootCACertsBundle function to OverbyteIcsSslBase.
Added CaCertLines property which returns CA PEM lines, used to create bundle with intermediate.
When creating certificates, if BasicPathLen=-1 leave out Basic Constraints pathlen so root certificates can sign intermediates.
Function CreateSelfSignCertEx has an extra argument for the file name of a root CA signing bundle, usually an intermediate bundle, that is used to create a CA signed certificate instead of self signed. Password for CA must be same as certificate. Designed for use with GSSL_INTER_FILE which defaults to an ICS signed intermediate allowing servers to issue their own certificates.
BuildICSResFiles.cmd
ICSCerts.RC
ICSCerts.RES
ICSPortList.RC
ICSPortList.RES
ICSPortList.txt
ICSRootCA.pem
ICS_Intermediate_Short-bundle.pem
nmap-mac-prefixes.RC
nmap-mac-prefixes.RES
OverbyteIcsCommonVersion.rc
OverbyteIcsCommonVersion.res
OverbyteIcsXpManifest.res
Jan 20, 20247
Added several new resource files, all build with BuildICSResFiles.cmd.
ICSCerts.RES contains ICS root and intermediate SSL certificates, that are linked into all ICS SSL applications.
ICSPortList.RES and nmap-mac-prefixes.RES contain common port descriptions and MAC vendor names for functions in the OverbyteIcsIpUtils.pas unit, and should be manually added to applications needing that unit, see OverbyteIcsNetTools1.pas.
Also updated older RES files, although CommonVersion.RES does not seem to work, old format?
ICS-OpenSSL/ExtraRootCABundle.pem
ICS-OpenSSL/ICS-Certs
ICS-OpenSSL/ICS-Certs/dhparam2048.pem
ICS-OpenSSL/ICS-Certs/ics-client-test.pem
ICS-OpenSSL/ICS-Certs/ics-client-test.pfx
ICS-OpenSSL/ICS-Certs/localhost-bundle.pem
ICS-OpenSSL/ICS-Certs/localhost.pfx
ICS-OpenSSL/ICS-RootCAs
ICS-OpenSSL/ICS-RootCAs/ICSRootCA.p12
ICS-OpenSSL/ICS-RootCAs/ICSRootCA.pem
ICS-OpenSSL/ICS-RootCAs/ICS_Intermediate.pem
ICS-OpenSSL/ICS-RootCAs/ICS_Intermediate_Short-bundle.pem
ICS-OpenSSL/ICS-RootCAs/ICS_Intermediate_Short.pfx
ICS-OpenSSL/ICS-RootCAs/RootCaCertsBundle.p12
ICS-OpenSSL/ICS-RootCAs/RootCaCertsBundle.pem
ICS-OpenSSL/ICS-RootCAs/TrustedCaBundle.p12
ICS-OpenSSL/ICS-RootCAs/TrustedCaBundle.pem
ICS-OpenSSL/ICS-RootCAs/sslRootCACertsBundle.p12
ICS-OpenSSL/ICS-RootCAs/sslRootCACertsBundle.pem
ICS-OpenSSL/RootCaCertsBundle.p12
ICS-OpenSSL/RootCaCertsBundle.pem
ICS-OpenSSL/TrustedCaBundle.p12
ICS-OpenSSL/TrustedCaBundle.pem
ICS-OpenSSL/sslRootCACertsBundle.p12
ICS-OpenSSL/sslRootCACertsBundle.pem
Older ICS versions had various SSL certificates and files mostly in the SslSamples directory, and were only accessible to applications compiled into that directory, they needed copying for use in end user applications or samples compiled into sub-directories.
ICS now places OpenSSL files into shell path CSIDL_COMMON_APPDATA and sub-directory "ICS-OpenSSL" which is usually "C:\ProgramData\ICS-OpenSSL".
There are now new sub-directories of ICS-Certs and ICS-RootCAs into which a number of old and new certificates are located.
Directory ICS-OpenSSL and it's sub-directories is part of the ICS distribution, and are copied to "C:\ProgramData\ICS-OpenSSL" when installing the Common package.
Samples/Delphi/OtherDemos/OverbyteIcsNetMon1.dfm
Samples/Delphi/OtherDemos/OverbyteIcsNetMon1.pas
Samples/Delphi/OtherDemos/OverbyteIcsNetTools1.dfm
Samples/Delphi/OtherDemos/OverbyteIcsNetTools1.pas
Jan 11, 2024 V9.1
Moved two utility functions to OverbyteIcsUtils.
Added resource nmap-mac-prefixes.RES to avoid distributing file nmap-mac-prefixes.txt to display MAC vendor names.
Added resource icsportlist.RES to avoid distributing file icsportlist.txt to display common port/service names.
Samples/Delphi/SslInternet/OverbyteIcsPemTool1.dfm
Samples/Delphi/SslInternet/OverbyteIcsPemTool1.pas
Jan 20, 2024 V9.1
When displaying an X509 certificate, show Raw Public Key in base64, should match that of a PEM file with a public key.
TOcspHttp now in OverbyteIcsSslUtils rather than OverbyteIcsSslHttpRest to ease linking.
Added OverbyteIcsSslBase which now includes TX509Base and TX509List.
Simplified displaying bundle names.
Using public IcsSslRootCAStore instead of local root store.
Allow to save PKCS12 without a private key.
Added Basic Constraints 'Root Certificate Authority' tick box that ignores pathlen, 'Certificate Authority' box is now renamed 'Self Signed or Intermediate' and sets pathlen=0 to restrict signing to top level.
Removed creating DH Params, not used nowadays with modern ciphers.
Added Create Quick Certificates, allows self signed or CA signed certificates to be created with a single button using function CreateSelfSignCertEx. Only uses CommonName, Alt DNS Names, key type and password, and a root CA bundle if the certificate is CA signed, ICS includes a bundle with the file name in GSSL_INTER_FILE. Always creates a PEM bundle with key and intermediate.
When installing certificate into the Windows Store, only install key and inter if supplied, and allow all store types, previously always MyStore.
Added button 'Install ICS Root in Windows Store' to he Quick box which calls the function IcsInstallIcsRoot to install the ICS root certificate into the Windows Root Store, needs admin rights for the Local Machine store.
Samples/Delphi/SslInternet/OverbyteIcsSslWebServ1.dfm
Samples/Delphi/SslInternet/OverbyteIcsSslWebServ1.pas
Jan 16, 2023 V9.1
Added OverbyteIcsSslBase which now includes TSslContext,TX509Base and TX509List.
TOcspHttp now in OverbyteIcsSslUtils rather than OverbyteIcsSslHttpRest to ease linking.
Replaced LoadSsl with IcsSslRootCAStore.Initialise.
New certificate location.
Samples/Delphi/SslInternet/OverbyteIcsX509CertsTst1.dfm
Samples/Delphi/SslInternet/OverbyteIcsX509CertsTst1.pas
Jan 17, 2024 V9.1
Added OverbyteIcsSslBase which now includes TSslContext,TX509Base and TX509List.
Replaced LoadSsl with IcsSslRootCAStore.Initialise and LibeayLoadProviders since this sample needs the OpenSSL Legacy provider.
OwnCA can now save intermediate and single host certificates, specifically for the ICS Root CA X1 root certificate, and save intermediates in the bundle.
====================================================================
ICS V9.1 - Part 14
IcsCommonNewRun package for Delphi 10.4, 11 and 12 now has post build event to copy ICS-OpenSSL files from install path to C:\ProgramData\ICS-OpenSSL
====================================================================
ICS pending
Add ICS-OpenSSL\ dir to ICS, add DLLs, def and extra bundles done
Tools oiu resource, done
Root bundles web pages done
ICS root cert and intermediates, done
New sample directories done
New VCL projects done
OverbyteIcsCommonVersion.rc gone
Jan 09, 2024 V9.1
9th January 2024
Jan 21, 2023 V9.1 Preliminary support for Android.
{$IFDEF MSWINDOWS}
{$ENDIF}
{$IFDEF ANDROID} overload; {$ENDIF}
==============================================================================
V9.1 package changes
Common
OverbyteIcsHtmlUtils in '..\Source\OverbyteIcsHtmlUtils.pas';
xcopy "..\ICS-OpenSSL\*.*" "C:\ProgramData\ICS-OpenSSL\" /y /s /e /c
Overbyte ICS Common Run-Time Package for Delphi
Vcl and fmx
{$R '..\Source\OverbyteIcsSslBase.dcr'}
{$R '..\Source\OverbyteIcsDnsHttps.dcr'}
{$R '..\Source\OverbyteIcsSslUtils.dcr'}
VCL
OverbyteIcsSslBase in '..\Source\OverbyteIcsSslBase.pas',
OverbyteIcsDnsHttps in '..\Source\OverbyteIcsDnsHttps.pas',
OverbyteIcsSslUtils in '..\Source\OverbyteIcsSslUtils.pas';
FMX
Ics.Fmx.OverbyteIcsDnsHttps in '..\Source\Ics.Fmx.OverbyteIcsDnsHttps.pas',
Ics.Fmx.OverbyteIcsSslBase in '..\Source\Ics.Fmx.OverbyteIcsSslBase.pas',
Ics.Fmx.OverbyteIcsSslUtils in '..\Source\Ics.Fmx.OverbyteIcsSslUtils.pas';
==============================================================================
25 Jan 2024
12 new groups
added Install/CBIcsInstallVclFmx.groupproj
added Install/D101InstallVcl.groupproj
added Install/D102InstallVcl.groupproj
added Install/D103InstallVcl.groupproj
added Install/D10SInstallVcl.groupproj
added Install/DXe2InstallVcl.groupproj
added Install/DXe3InstallVcl.groupproj
added Install/DXe4InstallVcl.groupproj
added Install/DXe5InstallVcl.groupproj
added Install/DXe6InstallVcl.groupproj
added Install/DXe7InstallVcl.groupproj
added Install/DXe8InstallVcl.groupproj
added Packages/IcsCommonCBNewDesign.cbproj
added Packages/IcsCommonCBNewDesign.cpp
added Packages/IcsCommonCBNewRun.cbproj
added Packages/IcsCommonCBNewRun.cpp
added Packages/IcsFmxCBNewDesign.cbproj
added Packages/IcsFmxCBNewDesign.cpp
added Packages/IcsFmxCBNewRun.cbproj
added Packages/IcsFmxCBNewRun.cpp
added Packages/IcsVclCBNewDesign.cbproj
added Packages/IcsVclCBNewDesign.cpp
added Packages/IcsVclCBNewRun.cbproj
added Packages/IcsVclCBNewRun.cpp
added Source/nmap-mac-prefixes.txt
deleted Install/CB102InstallVclFmx.groupproj
deleted Install/CB103InstallVclFmx.groupproj
deleted Install/CB104InstallVclFmx.groupproj
deleted Install/CB110InstallVclFmx.groupproj
deleted Install/CB2006Install.bdsgroup
deleted Install/CB2007Install.groupproj
deleted Install/CB2009Install.groupproj
deleted Install/CB2010Install.groupproj
deleted Install/CBXe2Install.groupproj
deleted Install/CBXe2InstallVclFmx.groupproj
deleted Install/CBXe3Install.groupproj
deleted Install/CBXe3InstallVclFmx.groupproj
deleted Install/CBXeInstall.groupproj
deleted Install/D101Install.groupproj
deleted Install/D102Install.groupproj
deleted Install/D103Install.groupproj
deleted Install/D104Install.groupproj
deleted Install/D104InstallVclFmx.groupproj
deleted Install/D10SInstall.groupproj
deleted Install/D110Install.groupproj
deleted Install/D110InstallFmx.groupproj
deleted Install/D110InstallVcl.groupproj
deleted Install/D110InstallVclFmx.groupproj
deleted Install/D12InstallFmx.groupproj
deleted Install/D12InstallVcl.groupproj
deleted Install/D12InstallVclFmx.groupproj
deleted Install/DXe2Install.groupproj
deleted Install/DXe3Install.groupproj
deleted Install/DXe4Install.groupproj
deleted Install/DXe5Install.groupproj
deleted Install/DXe6Install.groupproj
deleted Install/DXe7Install.groupproj
deleted Install/DXe8Install.groupproj
deleted Packages/IcsCommonCB102Design.cbproj
deleted Packages/IcsCommonCB102Design.cpp
deleted Packages/IcsCommonCB102Design.res
deleted Packages/IcsCommonCB102Run.cbproj
deleted Packages/IcsCommonCB102Run.cpp
deleted Packages/IcsCommonCB102Run.res
deleted Packages/IcsCommonCB103Design.cbproj
deleted Packages/IcsCommonCB103Design.cpp
deleted Packages/IcsCommonCB103Design.res
deleted Packages/IcsCommonCB103Run.cbproj
deleted Packages/IcsCommonCB103Run.cpp
deleted Packages/IcsCommonCB103Run.res
deleted Packages/IcsCommonCB104Design.cbproj
deleted Packages/IcsCommonCB104Design.cpp
deleted Packages/IcsCommonCB104Design.res
deleted Packages/IcsCommonCB104Run.cbproj
deleted Packages/IcsCommonCB104Run.cpp
deleted Packages/IcsCommonCB104Run.res
deleted Packages/IcsCommonCB110Design.cbproj
deleted Packages/IcsCommonCB110Design.cpp
deleted Packages/IcsCommonCB110Design.res
deleted Packages/IcsCommonCB110Run.cbproj
deleted Packages/IcsCommonCB110Run.cpp
deleted Packages/IcsCommonCB110Run.res
deleted Packages/IcsCommonCBXE2Design.cbproj
deleted Packages/IcsCommonCBXE2Design.cpp
deleted Packages/IcsCommonCBXE2Run.cbproj
deleted Packages/IcsCommonCBXE2Run.cpp
deleted Packages/IcsCommonCBXE3Design.cbproj
deleted Packages/IcsCommonCBXE3Design.cpp
deleted Packages/IcsCommonCBXE3Run.cbproj
deleted Packages/IcsCommonCBXE3Run.cpp
deleted Packages/IcsCommonD104Design.dpk
deleted Packages/IcsCommonD104Design.dproj
deleted Packages/IcsCommonD104Design.res
deleted Packages/IcsCommonD104Run.dpk
deleted Packages/IcsCommonD104Run.dproj
deleted Packages/IcsCommonD104Run.res
deleted Packages/IcsCommonD110Design.dpk
deleted Packages/IcsCommonD110Design.dproj
deleted Packages/IcsCommonD110Design.res
deleted Packages/IcsCommonD110Run.dpk
deleted Packages/IcsCommonD110Run.dproj
deleted Packages/IcsCommonD110Run.res
deleted Packages/IcsCommonD12Design.dpk
deleted Packages/IcsCommonD12Design.dproj
deleted Packages/IcsCommonD12Design.res
deleted Packages/IcsCommonD12Run.dpk
deleted Packages/IcsCommonD12Run.dproj
deleted Packages/IcsCommonD12Run.res
deleted Packages/IcsFmxCB102Design.cbproj
deleted Packages/IcsFmxCB102Design.cpp
deleted Packages/IcsFmxCB102Design.res
deleted Packages/IcsFmxCB102Run.cbproj
deleted Packages/IcsFmxCB102Run.cpp
deleted Packages/IcsFmxCB102Run.res
deleted Packages/IcsFmxCB103Design.cbproj
deleted Packages/IcsFmxCB103Design.cpp
deleted Packages/IcsFmxCB103Design.res
deleted Packages/IcsFmxCB103Run.cbproj
deleted Packages/IcsFmxCB103Run.cpp
deleted Packages/IcsFmxCB103Run.res
deleted Packages/IcsFmxCB104Design.cbproj
deleted Packages/IcsFmxCB104Design.cpp
deleted Packages/IcsFmxCB104Design.res
deleted Packages/IcsFmxCB104Run.cbproj
deleted Packages/IcsFmxCB104Run.cpp
deleted Packages/IcsFmxCB104Run.res
deleted Packages/IcsFmxCB110Design.cbproj
deleted Packages/IcsFmxCB110Design.cpp
deleted Packages/IcsFmxCB110Design.res
deleted Packages/IcsFmxCB110Run.cbproj
deleted Packages/IcsFmxCB110Run.cpp
deleted Packages/IcsFmxCB110Run.res
deleted Packages/IcsFmxCBXE2Design.cbproj
deleted Packages/IcsFmxCBXE2Design.cpp
deleted Packages/IcsFmxCBXE2Run.cbproj
deleted Packages/IcsFmxCBXE2Run.cpp
deleted Packages/IcsFmxCBXE3Design.cbproj
deleted Packages/IcsFmxCBXE3Design.cpp
deleted Packages/IcsFmxCBXE3Run.cbproj
deleted Packages/IcsFmxCBXE3Run.cpp
deleted Packages/IcsFmxD104Design.dpk
deleted Packages/IcsFmxD104Design.dproj
deleted Packages/IcsFmxD104Design.res
deleted Packages/IcsFmxD104Run.dpk
deleted Packages/IcsFmxD104Run.dproj
deleted Packages/IcsFmxD104Run.res
deleted Packages/IcsFmxD110Design.dpk
deleted Packages/IcsFmxD110Design.dproj
deleted Packages/IcsFmxD110Design.res
deleted Packages/IcsFmxD110Run.dpk
deleted Packages/IcsFmxD110Run.dproj
deleted Packages/IcsFmxD110Run.res
deleted Packages/IcsFmxD12Design.dpk
deleted Packages/IcsFmxD12Design.dproj
deleted Packages/IcsFmxD12Design.res
deleted Packages/IcsFmxD12Run.dpk
deleted Packages/IcsFmxD12Run.dproj
deleted Packages/IcsFmxD12Run.res
deleted Packages/IcsLinuxD104.dpk
deleted Packages/IcsLinuxD104.dproj
deleted Packages/IcsLinuxD110.bpi
deleted Packages/IcsLinuxD110.dpk
deleted Packages/IcsLinuxD110.dproj
deleted Packages/IcsLinuxD110.res
deleted Packages/IcsLinuxD12.dpk
deleted Packages/IcsLinuxD12.dproj
deleted Packages/IcsVclCB102Design.cbproj
deleted Packages/IcsVclCB102Design.cpp
deleted Packages/IcsVclCB102Design.res
deleted Packages/IcsVclCB102Run.cbproj
deleted Packages/IcsVclCB102Run.cpp
deleted Packages/IcsVclCB102Run.res
deleted Packages/IcsVclCB103Design.cbproj
deleted Packages/IcsVclCB103Design.cpp
deleted Packages/IcsVclCB103Design.res
deleted Packages/IcsVclCB103Run.cbproj
deleted Packages/IcsVclCB103Run.cpp
deleted Packages/IcsVclCB103Run.res
deleted Packages/IcsVclCB104Design.cbproj
deleted Packages/IcsVclCB104Design.cpp
deleted Packages/IcsVclCB104Design.res
deleted Packages/IcsVclCB104Run.cbproj
deleted Packages/IcsVclCB104Run.cpp
deleted Packages/IcsVclCB104Run.res
deleted Packages/IcsVclCB110Design.cbproj
deleted Packages/IcsVclCB110Design.cpp
deleted Packages/IcsVclCB110Design.res
deleted Packages/IcsVclCB110Run.cbproj
deleted Packages/IcsVclCB110Run.cpp
deleted Packages/IcsVclCB110Run.res
deleted Packages/IcsVclCBXE2Design.cbproj
deleted Packages/IcsVclCBXE2Design.cpp
deleted Packages/IcsVclCBXE2Run.cbproj
deleted Packages/IcsVclCBXE2Run.cpp
deleted Packages/IcsVclCBXE3Design.cbproj
deleted Packages/IcsVclCBXE3Design.cpp
deleted Packages/IcsVclCBXE3Run.cbproj
deleted Packages/IcsVclCBXE3Run.cpp
deleted Packages/IcsVclD104Design.dpk
deleted Packages/IcsVclD104Design.dproj
deleted Packages/IcsVclD104Design.res
deleted Packages/IcsVclD104Run.dpk
deleted Packages/IcsVclD104Run.dproj
deleted Packages/IcsVclD104Run.res
deleted Packages/IcsVclD110Design.dpk
deleted Packages/IcsVclD110Design.dproj
deleted Packages/IcsVclD110Design.res
deleted Packages/IcsVclD110Run.dpk
deleted Packages/IcsVclD110Run.dproj
deleted Packages/IcsVclD110Run.res
deleted Packages/IcsVclD12Design.dpk
deleted Packages/IcsVclD12Design.dproj
deleted Packages/IcsVclD12Design.res
deleted Packages/IcsVclD12Run.dpk
deleted Packages/IcsVclD12Run.dproj
deleted Packages/IcsVclD12Run.res
deleted Packages/OverbyteIcsCB2006Design.bdsproj
deleted Packages/OverbyteIcsCB2006Design.cpp
deleted Packages/OverbyteIcsCB2006Design.res
deleted Packages/OverbyteIcsCB2006Run.bdsproj
deleted Packages/OverbyteIcsCB2006Run.cpp
deleted Packages/OverbyteIcsCB2006Run.res
deleted Packages/OverbyteIcsCB2007Design.cbproj
deleted Packages/OverbyteIcsCB2007Design.cpp
deleted Packages/OverbyteIcsCB2007Design.res
deleted Packages/OverbyteIcsCB2007Run.cbproj
deleted Packages/OverbyteIcsCB2007Run.cpp
deleted Packages/OverbyteIcsCB2007Run.res
deleted Packages/OverbyteIcsCB2009Design.cbproj
deleted Packages/OverbyteIcsCB2009Design.cpp
deleted Packages/OverbyteIcsCB2009Design.res
deleted Packages/OverbyteIcsCB2009Run.cbproj
deleted Packages/OverbyteIcsCB2009Run.cpp
deleted Packages/OverbyteIcsCB2009Run.res
deleted Packages/OverbyteIcsCB2010Design.cbproj
deleted Packages/OverbyteIcsCB2010Design.cpp
deleted Packages/OverbyteIcsCB2010Design.res
deleted Packages/OverbyteIcsCB2010Run.cbproj
deleted Packages/OverbyteIcsCB2010Run.cpp
deleted Packages/OverbyteIcsCB2010Run.res
deleted Packages/OverbyteIcsCBXe2Design.cbproj
deleted Packages/OverbyteIcsCBXe2Design.cpp
deleted Packages/OverbyteIcsCBXe2Run.cbproj
deleted Packages/OverbyteIcsCBXe2Run.cpp
deleted Packages/OverbyteIcsCBXe3Design.cbproj
deleted Packages/OverbyteIcsCBXe3Design.cpp
deleted Packages/OverbyteIcsCBXe3Run.cbproj
deleted Packages/OverbyteIcsCBXe3Run.cpp
deleted Packages/OverbyteIcsCBXeDesign.cbproj
deleted Packages/OverbyteIcsCBXeDesign.cpp
deleted Packages/OverbyteIcsCBXeDesign.res
deleted Packages/OverbyteIcsCBXeRun.cbproj
deleted Packages/OverbyteIcsCBXeRun.cpp
deleted Packages/OverbyteIcsCBXeRun.res
deleted Packages/OverbyteIcsD101Design.dpk
deleted Packages/OverbyteIcsD101Design.dproj
deleted Packages/OverbyteIcsD101Run.dpk
deleted Packages/OverbyteIcsD101Run.dproj
deleted Packages/OverbyteIcsD102Design.dpk
deleted Packages/OverbyteIcsD102Design.dproj
deleted Packages/OverbyteIcsD102Run.dpk
deleted Packages/OverbyteIcsD102Run.dproj
deleted Packages/OverbyteIcsD103Design.dpk
deleted Packages/OverbyteIcsD103Design.dproj
deleted Packages/OverbyteIcsD103Run.dpk
deleted Packages/OverbyteIcsD103Run.dproj
deleted Packages/OverbyteIcsD104Design.dpk
deleted Packages/OverbyteIcsD104Design.dproj
deleted Packages/OverbyteIcsD104Run.dpk
deleted Packages/OverbyteIcsD104Run.dproj
deleted Packages/OverbyteIcsD10SDesign.dpk
deleted Packages/OverbyteIcsD10SDesign.dproj
deleted Packages/OverbyteIcsD10SRun.dpk
deleted Packages/OverbyteIcsD10SRun.dproj
deleted Packages/OverbyteIcsD110Design.dpk
deleted Packages/OverbyteIcsD110Design.dproj
deleted Packages/OverbyteIcsD110Design.res
deleted Packages/OverbyteIcsD110Run.dpk
deleted Packages/OverbyteIcsD110Run.dproj
deleted Packages/OverbyteIcsD110Run.res
deleted Packages/OverbyteIcsD12Design.dpk
deleted Packages/OverbyteIcsD12Design.dproj
deleted Packages/OverbyteIcsD12Design.res
deleted Packages/OverbyteIcsD12Run.dpk
deleted Packages/OverbyteIcsD12Run.dproj
deleted Packages/OverbyteIcsD12Run.res
deleted Packages/OverbyteIcsDXE8Run.dpk
deleted Packages/OverbyteIcsDXe2Design.dpk
deleted Packages/OverbyteIcsDXe2Design.dproj
deleted Packages/OverbyteIcsDXe2Run.dpk
deleted Packages/OverbyteIcsDXe2Run.dproj
deleted Packages/OverbyteIcsDXe3Design.dpk
deleted Packages/OverbyteIcsDXe3Design.dproj
deleted Packages/OverbyteIcsDXe3Run.dpk
deleted Packages/OverbyteIcsDXe3Run.dproj
deleted Packages/OverbyteIcsDXe4Design.dpk
deleted Packages/OverbyteIcsDXe4Design.dproj
deleted Packages/OverbyteIcsDXe4Run.dpk
deleted Packages/OverbyteIcsDXe4Run.dproj
deleted Packages/OverbyteIcsDXe5Design.dpk
deleted Packages/OverbyteIcsDXe5Design.dproj
deleted Packages/OverbyteIcsDXe5Run.dpk
deleted Packages/OverbyteIcsDXe5Run.dproj
deleted Packages/OverbyteIcsDXe6Design.dpk
deleted Packages/OverbyteIcsDXe6Design.dproj
deleted Packages/OverbyteIcsDXe6Design.res
deleted Packages/OverbyteIcsDXe6Run.dpk
deleted Packages/OverbyteIcsDXe6Run.dproj
deleted Packages/OverbyteIcsDXe6Run.res
deleted Packages/OverbyteIcsDXe7Design.dpk
deleted Packages/OverbyteIcsDXe7Design.dproj
deleted Packages/OverbyteIcsDXe7Run.dpk
deleted Packages/OverbyteIcsDXe7Run.dproj
deleted Packages/OverbyteIcsDXe8Design.dpk
deleted Packages/OverbyteIcsDXe8Design.dproj
deleted Packages/OverbyteIcsDXe8Run.dproj
modified Packages/IcsAndroid.dproj
modified Packages/IcsCommonD101Design.dproj
modified Packages/IcsCommonD101Run.dpk
modified Packages/IcsCommonD101Run.dproj
modified Packages/IcsCommonD102Design.dproj
modified Packages/IcsCommonD102Run.dpk
modified Packages/IcsCommonD102Run.dproj
modified Packages/IcsCommonD103Design.dproj
modified Packages/IcsCommonD103Run.dpk
modified Packages/IcsCommonD103Run.dproj
modified Packages/IcsCommonD10SDesign.dproj
modified Packages/IcsCommonD10SRun.dpk
modified Packages/IcsCommonD10SRun.dproj
modified Packages/IcsCommonDXE2Design.dproj
modified Packages/IcsCommonDXE2Run.dpk
modified Packages/IcsCommonDXE2Run.dproj
modified Packages/IcsCommonDXE3Design.dproj
modified Packages/IcsCommonDXE3Run.dpk
modified Packages/IcsCommonDXE3Run.dproj
modified Packages/IcsCommonDXE4Design.dproj
modified Packages/IcsCommonDXE4Run.dpk
modified Packages/IcsCommonDXE4Run.dproj
modified Packages/IcsCommonDXE5Design.dproj
modified Packages/IcsCommonDXE5Run.dpk
modified Packages/IcsCommonDXE5Run.dproj
modified Packages/IcsCommonDXE6Design.dproj
modified Packages/IcsCommonDXE6Run.dpk
modified Packages/IcsCommonDXE6Run.dproj
modified Packages/IcsCommonDXE7Design.dproj
modified Packages/IcsCommonDXE7Run.dpk
modified Packages/IcsCommonDXE7Run.dproj
modified Packages/IcsCommonDXE8Design.dproj
modified Packages/IcsCommonDXE8Run.dpk
modified Packages/IcsCommonDXE8Run.dproj
modified Packages/IcsCommonNewRun.dproj
modified Packages/IcsFmxD101Design.dproj
modified Packages/IcsFmxD101Run.dpk
modified Packages/IcsFmxD101Run.dproj
modified Packages/IcsFmxD102Design.dproj
modified Packages/IcsFmxD102Run.dpk
modified Packages/IcsFmxD102Run.dproj
modified Packages/IcsFmxD103Design.dproj
modified Packages/IcsFmxD103Run.dpk
modified Packages/IcsFmxD103Run.dproj
modified Packages/IcsFmxD10SDesign.dpk
modified Packages/IcsFmxD10SDesign.dproj
modified Packages/IcsFmxD10SRun.dpk
modified Packages/IcsFmxD10SRun.dproj
modified Packages/IcsFmxDXE2Design.dproj
modified Packages/IcsFmxDXE2Run.dpk
modified Packages/IcsFmxDXE2Run.dproj
modified Packages/IcsFmxDXE3Design.dproj
modified Packages/IcsFmxDXE3Run.dpk
modified Packages/IcsFmxDXE3Run.dproj
modified Packages/IcsFmxDXE4Design.dproj
modified Packages/IcsFmxDXE4Run.dpk
modified Packages/IcsFmxDXE4Run.dproj
modified Packages/IcsFmxDXE5Design.dproj
modified Packages/IcsFmxDXE5Run.dpk
modified Packages/IcsFmxDXE5Run.dproj
modified Packages/IcsFmxDXE6Design.dproj
modified Packages/IcsFmxDXE6Run.dpk
modified Packages/IcsFmxDXE6Run.dproj
modified Packages/IcsFmxDXE7Design.dproj
modified Packages/IcsFmxDXE7Run.dpk
modified Packages/IcsFmxDXE7Run.dproj
modified Packages/IcsFmxDXE8Design.dproj
modified Packages/IcsFmxDXE8Run.dpk
modified Packages/IcsFmxDXE8Run.dproj
modified Packages/IcsFmxNewRun.dproj
modified Packages/IcsVclD101Design.dproj
modified Packages/IcsVclD101Run.dpk
modified Packages/IcsVclD101Run.dproj
modified Packages/IcsVclD102Design.dproj
modified Packages/IcsVclD102Run.dpk
modified Packages/IcsVclD102Run.dproj
modified Packages/IcsVclD103Design.dproj
modified Packages/IcsVclD103Run.dpk
modified Packages/IcsVclD103Run.dproj
modified Packages/IcsVclD10SDesign.dproj
modified Packages/IcsVclD10SRun.dpk
modified Packages/IcsVclD10SRun.dproj
modified Packages/IcsVclDXE2Design.dproj
modified Packages/IcsVclDXE2Run.dpk
modified Packages/IcsVclDXE2Run.dproj
modified Packages/IcsVclDXE3Design.dproj
modified Packages/IcsVclDXE3Run.dpk
modified Packages/IcsVclDXE3Run.dproj
modified Packages/IcsVclDXE4Design.dproj
modified Packages/IcsVclDXE4Run.dpk
modified Packages/IcsVclDXE4Run.dproj
modified Packages/IcsVclDXE5Design.dproj
modified Packages/IcsVclDXE5Run.dpk
modified Packages/IcsVclDXE5Run.dproj
modified Packages/IcsVclDXE6Design.dproj
modified Packages/IcsVclDXE6Run.dpk
modified Packages/IcsVclDXE6Run.dproj
modified Packages/IcsVclDXE7Design.dproj
modified Packages/IcsVclDXE7Run.dpk
modified Packages/IcsVclDXE7Run.dproj
modified Packages/IcsVclDXE8Design.dproj
modified Packages/IcsVclDXE8Run.dpk
modified Packages/IcsVclDXE8Run.dproj
modified Packages/OverbyteIcsD2006Run.dpk
modified Packages/OverbyteIcsD2007Run.dpk
modified Packages/OverbyteIcsD2007Run.dproj
modified Packages/OverbyteIcsD2009Run.dpk
modified Packages/OverbyteIcsD2009Run.dproj
modified Packages/OverbyteIcsD2010Run.dpk
modified Packages/OverbyteIcsD2010Run.dproj
modified Packages/OverbyteIcsD7Run.dpk
modified Packages/OverbyteIcsDXeRun.dpk
modified Packages/OverbyteIcsDXeRun.dproj
modified Source/Ics.Posix.PXMessages.pas
modified Source/OverbyteIcsCharsetUtils.pas
modified Source/OverbyteIcsFormDataDecoder.pas
modified Source/OverbyteIcsFtpCliW.pas
modified Source/OverbyteIcsFtpMultiW.pas
modified Source/OverbyteIcsFtpSrvW.pas
modified Source/OverbyteIcsHttpMultiW.pas
modified Source/OverbyteIcsIpUtils.pas
modified Source/OverbyteIcsLIBEAY.pas
modified Source/OverbyteIcsMsSslUtils.pas
modified Source/OverbyteIcsSmtpProt.pas
modified Source/OverbyteIcsSocketUtils.pas
modified Source/OverbyteIcsSslBase.pas
modified Source/OverbyteIcsSslX509Utils.pas
modified Source/OverbyteIcsUtils.pas
modified Source/OverbyteIcsWSocket.pas
modified Source/OverbyteIcsWmi.pas
modified ZipOverbyteIcsV9.lst
==================================================================================
25 Jan 2024
ICS V9.1 - Part 15
Another massive update, mostly library related files.
Packages for all supported versions of Delphi have now been updated with the new units added to V9.1.
But about 300 old packages have been deleted, which eases updating ICS for new releases.
For Delphi and C++ 10.4 and later, there is now only a single set of non-version specific packages, using $auto suffix to
add the version to the file names automatically, So all files with versions 104, 110 and 12 have gone.
There are three new install groups, IcsInstallFmx, IcsInstallVcl and IcsInstallVclFmx which use packages with 'new'
instead of a Delphi version.
For Delphi XE2 to 10.3, that don't support the $auto suffix, there used to two different libraries that included
VCL components installed either by OverbyteIcs(X)Run or IcsVcl(X)Run and IcsCommon(X)Run, so twice as many units to update
for new releases. The OverbyteIcs(X)Run packages for XE2 and later have all now gone, as have D(X)Install project groups.
There are new project groups D(X)InstallVcl for VCL only, the existing D(X)InstallVclFmx groups remain to install both VCL and FMX.
Installation of Delphi 7 to XE is unchanged. Note Delphi 7 does not have build events so the new ICS-OpenSSL directory will need to be manually installed.
For C++, support ceased for old versions several years ago, so now only C++ 10.4 and later are supported with a new
CBIcsInstallVclFmx.groupproj and related packages, beware there are still a couple of silly errors building for C++.
The readme9 file needs a massive update, but the ICS samples are about to be re-organised so it will be done later.
This update also includes minor changes to several units that now correctly build on Delphi 2007, and more improvements
to build without errors on Posix, Linux and Android.
==================================================================================
StringToUtf8TB
function Utf8ToStringTB(const Str: TBytes): UnicodeString; { V9.1 }
function Base64EncodeA(const Input : AnsiString) : AnsiString; {V9.1 to avoid overload confusion }
function Base64EncodeTB(Input: TBytes) : String; { V9.1 }
function Base64DecodeTB(const Input : AnsiString): TBytes; { V9.1 }
function Base64DecodeTB(const Input : UniCodeString): TBytes; {$IFDEF ANDROID} overload; {$ENDIF} { V9.1 }
function IcsBase64UrlDecodeTB(const Input: String): TBytes; { V9.1 }
function IcsBase64UrlDecodeATB(const Input: AnsiString): TBytes; { V9.1 }
function IcsBase64UrlEncodeTB(const Input: TBytes): String; { V9.1 }
function IcsBase64UrlEncodeATB(const Input: TBytes): AnsiString; { V9.1 }
function IcsTBytesToString(const Buffer: TBytes; Count: Integer= 0; ACodePage: LongWord = CP_UTF8): UnicodeString; { V8.71 V9.1 added = 0 }
function IcsTBytesToStringA(const Buffer: TBytes; Count: Integer= 0): AnsiString; { V9.1 }
function IcsStringToTBytes(const Source: String; ACodePage: LongWord = CP_UTF8): TBytes; { V9.1 }
function IcsStringAToTBytes(const Source: AnsiString): TBytes; { V9.1 }
function IcsMoveStringToTBytes(const Source: AnsiString; var Buffer: TBytes; Count: Integer): integer; { V8.69 }
function IcsMoveStringToTBytes(const Source: UnicodeString; var Buffer: TBytes;
Count: Integer; ACodePage: LongWord; Bom: Boolean = false): Integer; { V8.50 }
procedure IcsMoveTBytesToString(const Buffer: TBytes; OffsetFrom: Integer;
var Dest: AnsiString; OffsetTo: Integer; Count: Integer); { V9.1 }
procedure IcsMoveTBytesToString(const Buffer: TBytes; OffsetFrom: Integer;
var Dest: UnicodeString; OffsetTo: Integer; Count: Integer; ACodePage: LongWord); { V8.50 }
function IcsHMACDigestTB(const Data, Key: TBytes; HashDigest: TEvpDigest = Digest_sha256): TBytes; { V9.1 binary arguments so use TBytes }
function IcsHMACDigestExTB(const Data, Key: TBytes; HashDigest: TEvpDigest = Digest_sha256): TBytes; { V9.1 binary arguments so use TBytes }
function IcsHMACDigestVerifyTB(const Data, Key, OldDigest: TBytes; HashDigest: TEvpDigest = Digest_sha256): Boolean; { V9.1 }
function IcsHashDigestTB(const Data: TBytes; HashDigest: TEvpDigest = Digest_sha256): TBytes; { V9.1 }
function IcsAsymSignDigestTB(const Data: TBytes; PrivateKey: PEVP_PKEY; HashDigest: TEvpDigest = Digest_sha256): TBytes; { V9.1 }
function IcsAsymVerifyDigestTB(const Data, OldDigest: TBytes; PublicKey: PEVP_PKEY; HashDigest: TEvpDigest = Digest_sha256): Boolean;
function IcsJoseGetSigTB(JoseAlg: TJoseAlg; const CombinedEn, HmacSecret: TBytes; PrivateKey: PEVP_PKEY): String; { V9.1 }
function IcsJoseCheckSigTB(JoseAlg: TJoseAlg; const CombinedEn, SignatureEn, HmacSecret: TBytes; PublicKey: PEVP_PKEY): Boolean; { V9.1 }
function IcsJoseHeaderTB(const Alg, Typ, Jwk, Kid, Nonce: string; const Url: string = ''): TBytes; { V9.1 }
==================================================================================
Samples/Delphi/SslInternet/OverbyteIcsJoseTst1.dfm
Samples/Delphi/SslInternet/OverbyteIcsJoseTst1.pas
OverbyteIcsLIBEAY.pas
OverbyteIcsSslJose.pas
OverbyteIcsSslX509Certs.pas
OverbyteIcsUrl.pas
OverbyteIcsUtils.pas
==================================================================================
28 Jan 2024
ICS V9.1 - Part 16
These changes are mostly related to Jose JWT functions, replacing AnsiStrings with TBytes in many places to handle binary data, with Base64 conversions in particular.
OverbyteIcsLIBEAY.pas
Jan 27, 2024 V9.1
Added TBytes versions of the hash and digest functions since all input and output is binary: IcsHMACDigestTB, IcsHMACDigestExTB, IcsHMACDigestVerifyTB, IcsHashDigestTB, IcsAsymSignDigestTB, IcsAsymVerifyDigestTB.
OverbyteIcsSslJose.pas
Jan 28, 2024 V9.1
Removed support for OpenSSL 1.1.1, out of maintenance, saves a lot of code.
Using new TBytes versions of many Base64 and Digest functions since these mostly use binary that we used to pass in AnsiString, which could cause confusion.
Added IcsJoseGetSigTB and IcsJoseCheckSigTB taking TBytes arguments, and IcsJoseHeaderTB returning TBytes.
OverbyteIcsSslX509Certs.pas
Jan 27, 2024 V9.1
Using TBytes Jose functions where possible.
OverbyteIcsUrl.pas
Jan 27, 2024 V9.1
Redesigned TRestParams to build parameters into ParamStream using GetParamStream, to allow parameters including very large files and since the HTTP component needs a post
stream rather than a string, mainly for multipart/form-data parameters, see below, GetParams still returns an AnsiString while GetParametersTB returns TBytes.
OverbyteIcsUtils.pas
Jan 28, 2024 V9.1
Renamed IcsToASCII to IcsPunyToAsci and IcsToUnicode to IcsPunyToUnicode so they don't get used for the wrong purpose.
Added IcsTBytesToStringA, IcsStringToTBytes and IcsStringAToTBytes for simple TBytes to/from Ansi and Unicode strings.
Added Base64EncodeTB for a TBytes buffer, Base64EncodeA for AnsiString, Base64DecodeTB to a TBytes buffer.
Added IcsBase64UrlDecodeTB and IcsBase64UrlDecodeATB to TBytes, and IcsBase64UrlEncodeTB and IcsBase64UrlEncodeATB from TBytes.
Added Utf8ToStringTB for TBytes to String.
Samples/Delphi/SslInternet/OverbyteIcsJoseTst1.pas
Jan 28, 2024 V9.1
Added OverbyteIcsSslBase which now includes TSslContext,TX509Base and TX509List.
Added tests for TBytes versions of various hash and base64 functions, better to use TBytes version instead of AnsiString for binary data.
Fixed a bug creating a new private key sometimes failed.
==================================================================================
29th January 2024
Berlin
[dcc32 Warning] OverbyteIcsWinsockImpl.inc(309): W1035 Return value of function 'GetProc' might be undefined
[dcc32 Hint] OverbyteIcsWebSockets.pas(1084): H2077 Value assigned to 'h' never used
[dcc32 Warning] IcsVclD101Run.dpk(153): W1033 Unit 'SHDocVw' implicitly imported into package 'IcsVclD101Run'
add vclie
==================================================================================
2 Feb 2024
ICS V9.1 - Part 17
Added vclie to all packages missing it, to avoid prompting for it to be added during install, bug introduced with V9.0.
Added new install group IcsInstallTestPosix which contains test Linux and Android packages, to assist in keeping ICS V9 compatible with platforms to be supported in the future.
Important Updating Information for V9.1
---------------------------------------
When upgrading from ICS V9.0 or earlier to V9.1 or later, beware hundreds of old files have been removed.
To avoid these old files confusing installation, please delete (or rename) the \install, \package and \lib directories before extracting the new V9.1 files. Otherwise you may try building old packages that are incompatible with V9.1.
If you using Delphi XE2 or later, before installing V9.1 please uninstall any OverbyteIcs(X)Run and OverbyteIcs(X)Design packages since these have all gone, they are replaced by IcsVcl(X)Run/Design and IcsCommon(X)Run/Design packages.
If you are using Delphi 10.4 or later, all existing version specific install groups and packages have gone, since that version of Delphi added a new package $auto suffix allowing the same packages to be used for future Delphi versions. So uninstall all ICS packages, and use one of the new install groups, IcsInstallFmx, IcsInstallVcl, IcsInstallVclFmx or CBIcsInstallVclFmx. These use packages IcsCommonNewRun/Design, IcsVclNewRun/Design and IcsFmxNewRun/Design, and build with the compiler version instead of a Delphi version, i.e. IcsCommonNewRun290.bpl.
The ICS samples have all be renamed and many old ones archived (not done yet!).
There are a lot of SSL/TLS changes, including new units that may need adding to existing projects, detailed elsewhere.
The OverbyteIcsDefs.inc file has several new defines that need adding manually if the existing file if not overwritten during installation, to make use of the SSL/TLS changes.
==================================================================================
5 Feb 2024
ICS V9.1 - Part 18
New OpenSSL releases 3.2.1, 3.1.5 and 3.0.13, and new resource files linked by ICS
OpenSSL has released new versions of the three active versions, 3.2.1, 3.1.5 and 3.0.13 which have three low priority security fixes.
Windows binaries are available in SVN and the overnight zip file and separately from https://wiki.overbyte.eu/wiki/index.php/ICS_Download or https://www.magsys.co.uk/delphi/magics.asp
In addition to the three DLL files, the zips include compiled RES resource files that contain the same DLLs, text files and version information, see the RC file. The RES file may be linked into application EXE files and code then used to extract the DLLs from the resource to a temporary directory to avoid distributing them separately.
ICS V9.1 and later optionally support loading the resource file, currently in SVN and the overnight zip. Beware V9.1 has a lot of other changes that may need application changes, please read the SVN change log very carefully. There will be a lot of new documentation about V9.1 over the next two weeks.
Separately, YuOpenSSL has released 3.0.13 as commercial DCUs allowing applications to be used with OpenSSL without needing separate DLLs.
==================================================================================
New samples paths
demos-delphi-vcl
demos-delphi-extra
demos-delphi-fmx
demos-delphi-mobile
demos-cpp-vcl
demos-data
Samples\Delphi\ReadMe-IcsDemos-Clients.txt
Samples\Delphi\ReadMe-IcsDemos-Misc.txt
Samples\Delphi\ReadMe-IcsDemos-Servers.txt
Samples\Delphi\ReadMe-IcsDemos-Tools.txt
"MailNewsDemos\OverbyteIcsMimeDemo.dproj"
"OtherDemos\OverbyteIcsBatchDnsLookup.dproj"
"OtherDemos\OverbyteIcsNetMon.dproj"
"OtherDemos\OverbyteIcsNetTools.dproj"
"OtherDemos\OverbyteIcsNsLookup.dproj"
"OtherDemos\OverbyteIcsPingTst.dproj"
"OtherDemos\OverbyteIcsSnmpCliTst.dproj"
"OtherDemos\OverbyteIcsSysLogClientDemo.dproj"
"OtherDemos\OverbyteIcsSysLogServerDemo.dproj"
"OtherDemos\OverbyteIcsTimeTst.dproj"
"OtherDemos\OverbyteIcsWhoisCliTst.dproj"
"OtherDemos\OverbyteIcsWmiTst.dproj"
"SocketDemos\OverbyteIcsBinCliDemo.dproj"
"SocketDemos\OverbyteIcsCliDemo.dproj"
"SocketDemos\OverbyteIcsSocksTst.dproj"
"SocketDemos\OverbyteIcsTcpSrv.dproj"
"SocketDemos\OverbyteIcsTcpSrvIPv6.dproj"
"SocketDemos\OverbyteIcsTelnetClient.dproj"
"SocketDemos\OverbyteIcsThrdSrv.dproj"
"SocketDemos\OverbyteIcsThrdSrvV2.dproj"
"SocketDemos\OverbyteIcsThrdSrvV3.dproj"
"SslInternet\OverbyteIcsHttpRestTst.dproj"
"SslInternet\OverbyteIcsHttpsTst.dproj"
"SslInternet\OverbyteIcsIpStmLogTst.dproj"
"SslInternet\OverbyteIcsJoseTst.dproj"
"SslInternet\OverbyteIcsMailQuTst.dproj"
"SslInternet\OverbyteIcsPemTool.dproj"
"SslInternet\OverbyteIcsProxySslServer.dproj"
"SslInternet\OverbyteIcsSimpleSslCli.dproj"
"SslInternet\OverbyteIcsSimpleSslServer.dproj"
"SslInternet\OverbyteIcsSnippets.dproj"
"SslInternet\OverbyteIcsSslFtpServ.dproj"
"SslInternet\OverbyteIcsSslFtpTst.dproj"
"SslInternet\OverbyteIcsSslMailRcv.dproj"
"SslInternet\OverbyteIcsSslMailSnd.dproj"
"SslInternet\OverbyteIcsSslMultiFtpServ.dproj"
"SslInternet\OverbyteIcsSslMultiWebServ.dproj"
"SslInternet\OverbyteIcsSslNewsRdr.dproj"
"SslInternet\OverbyteIcsSslSmtpServer.dproj"
"SslInternet\OverbyteIcsSslWebServ.dproj"
"SslInternet\OverbyteIcsX509CertsTst.dproj"
"SslInternet\OverbyteIcsXferTst.dproj"
"WebDemos\OverbyteIcsHttpPost.dproj"
"WebDemos\OverbyteIcsHttpTst.dproj"
"WebDemos\OverbyteIcsWebAppServer.dproj"
44 total
12 Feb 2024
12th February 2024
Feb 12, 2024 V9.1 Added OverbyteIcsHtmlUtils.
need icon files
All configurations
Output dir: bin\$(Platform)\$(Config)
Package output - blank
Search path: ..\Source;..\Source\Include
Unit output dir: dcu\$(Platform)\$(Config)
..\demos-delphi-vcl
Remove
{$R '..\..\OverbyteIcsXpManifest.res' '..\..\OverbyteIcsXpManifest.rc'}
{$R '..\..\OverbyteIcsCommonVersion.res' '..\..\OverbyteIcsCommonVersion.rc'}
"C:\DelphiComp\ics\demos-delphi-vcl\bin\Win32\Release"
"C:\DelphiComp\ics\demos-data\WebServData\wwwRoot"
..\..\..\src
..\..\..\..\demos-data\WebServData\wwwRoot
BaseDir := AbsolutisePath(BaseDir + '..\..\..\..\demos-data\WebAppServerData'); { V9.1 new data path }
"C:\DelphiComp\ics\demos-delphi-vcl\bin\Win32\Release\..\..\..\app.ini"
"C:\DelphiComp\ics\demos-delphi-vcl\app.ini"
"C:\DelphiComp\ics\demos-delphi-vcl\bin\Win32\Release\..\..\..\..\demos-data\WebServData"
"C:\DelphiComp\ics\demos-data\WebServData"
C:\ProgramData\ICS-OpenSSL\ICS-Certs
C:\ProgramData\ICS-OpenSSL\ICS-Certs\ics-client-test.pem
OverbyteIcsHttpsTst
Vcl;Vcl.Imaging;Vcl.Touch;Vcl.Samples;Vcl.Shell;System;Xml;Data;Datasnap;Web;Soap;Ics.Fmx;Winapi;$(DCC_Namespace)
2060
CompanyName=;FileDescription=;FileVersion=1.0.0.0;InternalName=;LegalCopyright=;LegalTrademarks=;OriginalFilename=;ProductName=;ProductVersion=1.0.0.0;Comments=
dcu\$(Platform)\$(Config)
bin\$(Platform)\$(Config)
..\Source;..\Source\Include;$(DCC_UnitSearchPath)
function IcsAbsolutisePath(const Path : String) : String; { V9.1 moved from HttpSrv }
if CertFileEdit.Text = '' then
CertFileEdit.Text := GSSL_CERTS_DIR + GSSL_LOCALHOST_NAME; { V9.1 sanity check }
if DocDirEdit.Text = '' then
DocDirEdit.Text := IcsAbsolutisePath(ExtractFilePath(ParamStr(0)) + '..\..\..\..\demos-data\WebServData\wwwRoot\');
C:\ProgramData\ICS-OpenSSL\ICS-Certs\localhost-bundle.pem
IcsReportOpenSSLVer
BaseDir := IncludeTrailingPathDelimiter(ExtractFilePath(ParamStr(0)));
BaseDir := IcsAbsolutisePath(BaseDir + '..\..\..\..\demos-data\'); { V9.1 new data path }
FDataDir := BaseDir + 'WebAppServerData\Data';
FName := IcsAbsolutisePath(ExtractFilePath(ParamStr(0)) + '..\..\..\' + ChangeFileExt(ExtractFileName(ParamStr(0)), '.ini')); { V9.1 lower directory }
FAccountPath := IcsAbsolutisePath(ExtractFilePath(ParamStr(0)) + '..\..\..\'); { V9.1 lower directory }
FileEdit.Text := IcsAbsolutisePath(ExtractFilePath(ParamStr(0)) + '..\..\..\..\demos-data\mime-demo1.txt'); { V9.1 new directory }
==================================================================================
9 Feb 2024
ICS V9.1 - Part 19
Removed all existing samples, in preparation for new directory structure.
==================================================================================
9 Feb 2024
ICS V9.1 - Part 20
Minor source changes.
Moved some test certificates from samples to ICS-Certs
OverbyteIcsHttpSrv.pas
Feb 08, 2024 V9.1
Moved AbsolutisePath to Utils as IcsAbsolutisePath.
OverbyteIcsUtils.pax
Added function IcsAbsolutisePath, moved from HttpSrv. Used in several samples.
OverbyteIcsWmi.pas
WbemScripting_TLB.pas
Feb 07, 2024 V9.1
Added namespace to keep Win64 happy.
added ICS-OpenSSL/3201.txt
added ICS-OpenSSL/ICS-Certs/InterCaCertsBundle.pem
added ICS-OpenSSL/ICS-Certs/jose-ec-prvkey.pem
added ICS-OpenSSL/ICS-Certs/jose-ec-pubkey.pem
added ICS-OpenSSL/ICS-Certs/jose-ed25519-prvkey.pem
added ICS-OpenSSL/ICS-Certs/jose-ed25519-pubkey.pem
added ICS-OpenSSL/ICS-Certs/jose-rsa-prvkey.pem
added ICS-OpenSSL/ICS-Certs/jose-rsa-pubkey.pem
added ICS-OpenSSL/ICS-Certs/jose-rsapss-prvkey.pem
added ICS-OpenSSL/ICS-Certs/jose-rsapss-pubkey.pem
added ReadMe-IcsDemos-Clients.txt
added ReadMe-IcsDemos-Misc.txt
added ReadMe-IcsDemos-Servers.txt
added ReadMe-IcsDemos-Tools.txt
deleted CleanAll.bat
deleted CleanSamples.bat
deleted Samples
modified ZipOverbyteIcsV9.lst
added demos-cpp-vcl
added demos-cpp-vcl/demos-cpp-vcl.groupproj
added demos-cpp-vcl/OverbyteIcsBasNntp.cbproj
added demos-cpp-vcl/OverbyteIcsBasNntp.cpp
added demos-cpp-vcl/OverbyteIcsBasNntp1.cpp
added demos-cpp-vcl/OverbyteIcsBasNntp1.dfm
added demos-cpp-vcl/OverbyteIcsBasNntp1.h
added demos-cpp-vcl/OverbyteIcsCli5.cpp
added demos-cpp-vcl/OverbyteIcsCli5.dfm
added demos-cpp-vcl/OverbyteIcsCli5.h
added demos-cpp-vcl/OverbyteIcsCli7.cpp
added demos-cpp-vcl/OverbyteIcsCli7.dfm
added demos-cpp-vcl/OverbyteIcsCli7.h
added demos-cpp-vcl/OverbyteIcsCliCertDlg.cpp
added demos-cpp-vcl/OverbyteIcsCliCertDlg.dfm
added demos-cpp-vcl/OverbyteIcsCliCertDlg.h
added demos-cpp-vcl/OverbyteIcsCliDemo.cbproj
added demos-cpp-vcl/OverbyteIcsCliDemo.cpp
added demos-cpp-vcl/OverbyteIcsCliDemo1.cpp
added demos-cpp-vcl/OverbyteIcsCliDemo1.dfm
added demos-cpp-vcl/OverbyteIcsCliDemo1.h
added demos-cpp-vcl/OverbyteIcsClient5.cbproj
added demos-cpp-vcl/OverbyteIcsClient5.cpp
added demos-cpp-vcl/OverbyteIcsClient7.cbproj
added demos-cpp-vcl/OverbyteIcsClient7.cpp
added demos-cpp-vcl/OverbyteIcsDllTst.cbproj
added demos-cpp-vcl/OverbyteIcsDllTst.cpp
added demos-cpp-vcl/OverbyteIcsDllTst1.cpp
added demos-cpp-vcl/OverbyteIcsDllTst1.dfm
added demos-cpp-vcl/OverbyteIcsDllTst1.h
added demos-cpp-vcl/OverbyteIcsFinger.cbproj
added demos-cpp-vcl/OverbyteIcsFinger.cpp
added demos-cpp-vcl/OverbyteIcsFinger1.cpp
added demos-cpp-vcl/OverbyteIcsFinger1.dfm
added demos-cpp-vcl/OverbyteIcsFinger1.h
added demos-cpp-vcl/OverbyteIcsFormPos.cpp
added demos-cpp-vcl/OverbyteIcsFormPos.h
added demos-cpp-vcl/OverbyteIcsFtpServ.cbproj
added demos-cpp-vcl/OverbyteIcsFtpServ.cpp
added demos-cpp-vcl/OverbyteIcsFtpSrv1.cpp
added demos-cpp-vcl/OverbyteIcsFtpSrv1.dfm
added demos-cpp-vcl/OverbyteIcsFtpSrv1.h
added demos-cpp-vcl/OverbyteIcsFtpTst.cbproj
added demos-cpp-vcl/OverbyteIcsFtpTst.cpp
added demos-cpp-vcl/OverbyteIcsFtpTst1.cpp
added demos-cpp-vcl/OverbyteIcsFtpTst1.dfm
added demos-cpp-vcl/OverbyteIcsFtpTst1.h
added demos-cpp-vcl/OverbyteIcsFtpTst2.cpp
added demos-cpp-vcl/OverbyteIcsFtpTst2.dfm
added demos-cpp-vcl/OverbyteIcsFtpTst2.h
added demos-cpp-vcl/OverbyteIcsHttpPg.cbproj
added demos-cpp-vcl/OverbyteIcsHttpPg.cpp
added demos-cpp-vcl/OverbyteIcsHttpPg1.cpp
added demos-cpp-vcl/OverbyteIcsHttpPg1.dfm
added demos-cpp-vcl/OverbyteIcsHttpPg1.h
added demos-cpp-vcl/OverbyteIcsHttpsTst.cbproj
added demos-cpp-vcl/OverbyteIcsHttpsTst.cpp
added demos-cpp-vcl/OverbyteIcsHttpsTst1.cpp
added demos-cpp-vcl/OverbyteIcsHttpsTst1.dfm
added demos-cpp-vcl/OverbyteIcsHttpsTst1.h
added demos-cpp-vcl/OverbyteIcsHttpTst.cbproj
added demos-cpp-vcl/OverbyteIcsHttpTst.cpp
added demos-cpp-vcl/OverbyteIcsHttpTst1.cpp
added demos-cpp-vcl/OverbyteIcsHttpTst1.dfm
added demos-cpp-vcl/OverbyteIcsHttpTst1.h
added demos-cpp-vcl/OverbyteIcsMailRcv.cbproj
added demos-cpp-vcl/OverbyteIcsMailRcv.cpp
added demos-cpp-vcl/OverbyteIcsMailRcv1.cpp
added demos-cpp-vcl/OverbyteIcsMailRcv1.dfm
added demos-cpp-vcl/OverbyteIcsMailRcv1.h
added demos-cpp-vcl/OverbyteIcsMailRcv2.cpp
added demos-cpp-vcl/OverbyteIcsMailRcv2.dfm
added demos-cpp-vcl/OverbyteIcsMailRcv2.h
added demos-cpp-vcl/OverbyteIcsMailSnd.cbproj
added demos-cpp-vcl/OverbyteIcsMailSnd.cpp
added demos-cpp-vcl/OverbyteIcsMailSnd1.cpp
added demos-cpp-vcl/OverbyteIcsMailSnd1.dfm
added demos-cpp-vcl/OverbyteIcsMailSnd1.h
added demos-cpp-vcl/OverbyteIcsMtSrv.cbproj
added demos-cpp-vcl/OverbyteIcsMtSrv.cpp
added demos-cpp-vcl/OverbyteIcsMtSrv1.cpp
added demos-cpp-vcl/OverbyteIcsMtSrv1.dfm
added demos-cpp-vcl/OverbyteIcsMtSrv1.h
added demos-cpp-vcl/OverbyteIcsMtSrv2.cpp
added demos-cpp-vcl/OverbyteIcsMtSrv2.h
added demos-cpp-vcl/OverbyteIcsNewsRdr.cbproj
added demos-cpp-vcl/OverbyteIcsNewsRdr.cpp
added demos-cpp-vcl/OverbyteIcsNewsRdr1.cpp
added demos-cpp-vcl/OverbyteIcsNewsRdr1.dfm
added demos-cpp-vcl/OverbyteIcsNewsRdr1.h
added demos-cpp-vcl/OverbyteIcsNsLook.cbproj
added demos-cpp-vcl/OverbyteIcsNsLook.cpp
added demos-cpp-vcl/OverbyteIcsNsLook1.cpp
added demos-cpp-vcl/OverbyteIcsNsLook1.dfm
added demos-cpp-vcl/OverbyteIcsNsLook1.h
added demos-cpp-vcl/OverbyteIcsPingTst.cbproj
added demos-cpp-vcl/OverbyteIcsPingTst.cpp
added demos-cpp-vcl/OverbyteIcsPingTst1.cpp
added demos-cpp-vcl/OverbyteIcsPingTst1.dfm
added demos-cpp-vcl/OverbyteIcsPingTst1.h
added demos-cpp-vcl/OverbyteIcsRecv.cbproj
added demos-cpp-vcl/OverbyteIcsRecv.cpp
added demos-cpp-vcl/OverbyteIcsRecv1.cpp
added demos-cpp-vcl/OverbyteIcsRecv1.dfm
added demos-cpp-vcl/OverbyteIcsRecv1.h
added demos-cpp-vcl/OverbyteIcsReverseDnsSync.cbproj
added demos-cpp-vcl/OverbyteIcsReverseDnsSync.cpp
added demos-cpp-vcl/OverbyteIcsReverseDnsSync1.cpp
added demos-cpp-vcl/OverbyteIcsReverseDnsSync1.dfm
added demos-cpp-vcl/OverbyteIcsReverseDnsSync1.h
added demos-cpp-vcl/OverbyteIcsSender.cbproj
added demos-cpp-vcl/OverbyteIcsSender.cpp
added demos-cpp-vcl/OverbyteIcsSender1.cpp
added demos-cpp-vcl/OverbyteIcsSender1.dfm
added demos-cpp-vcl/OverbyteIcsSender1.h
added demos-cpp-vcl/OverbyteIcsServer5.cbproj
added demos-cpp-vcl/OverbyteIcsServer5.cpp
added demos-cpp-vcl/OverbyteIcsSocks.cbproj
added demos-cpp-vcl/OverbyteIcsSocks.cpp
added demos-cpp-vcl/OverbyteIcsSocks1.cpp
added demos-cpp-vcl/OverbyteIcsSocks1.dfm
added demos-cpp-vcl/OverbyteIcsSocks1.h
added demos-cpp-vcl/OverbyteIcsSrv5.cpp
added demos-cpp-vcl/OverbyteIcsSrv5.dfm
added demos-cpp-vcl/OverbyteIcsSrv5.h
added demos-cpp-vcl/OverbyteIcsSrvDemo.cbproj
added demos-cpp-vcl/OverbyteIcsSrvDemo.cpp
added demos-cpp-vcl/OverbyteIcsSrvDemo1.cpp
added demos-cpp-vcl/OverbyteIcsSrvDemo1.dfm
added demos-cpp-vcl/OverbyteIcsSrvDemo1.h
added demos-cpp-vcl/OverbyteIcsSrvDemo2.cpp
added demos-cpp-vcl/OverbyteIcsSrvDemo2.dfm
added demos-cpp-vcl/OverbyteIcsSrvDemo2.h
added demos-cpp-vcl/OverbyteIcsTcpSrv.cbproj
added demos-cpp-vcl/OverbyteIcsTcpSrv.cpp
added demos-cpp-vcl/OverbyteIcsTcpSrv1.cpp
added demos-cpp-vcl/OverbyteIcsTcpSrv1.dfm
added demos-cpp-vcl/OverbyteIcsTcpSrv1.h
added demos-cpp-vcl/OverbyteIcsTnCli.cbproj
added demos-cpp-vcl/OverbyteIcsTnCli.cpp
added demos-cpp-vcl/OverbyteIcsTnCli1.cpp
added demos-cpp-vcl/OverbyteIcsTnCli1.dfm
added demos-cpp-vcl/OverbyteIcsTnCli1.h
added demos-cpp-vcl/OverbyteIcsTnDemo.cbproj
added demos-cpp-vcl/OverbyteIcsTnDemo.cpp
added demos-cpp-vcl/OverbyteIcsTnDemo1.cpp
added demos-cpp-vcl/OverbyteIcsTnDemo1.dfm
added demos-cpp-vcl/OverbyteIcsTnDemo1.h
added demos-cpp-vcl/OverbyteIcsTnSrv.cbproj
added demos-cpp-vcl/OverbyteIcsTnSrv.cpp
added demos-cpp-vcl/OverbyteIcsTnSrv1.cpp
added demos-cpp-vcl/OverbyteIcsTnSrv1.dfm
added demos-cpp-vcl/OverbyteIcsTnSrv1.h
added demos-cpp-vcl/OverbyteIcsTnSrv2.cpp
added demos-cpp-vcl/OverbyteIcsTnSrv2.dfm
added demos-cpp-vcl/OverbyteIcsTnSrv2.h
added demos-cpp-vcl/OverbyteIcsTwsChat.cbproj
added demos-cpp-vcl/OverbyteIcsTwsChat.cpp
added demos-cpp-vcl/OverbyteIcsTwsChat1.cpp
added demos-cpp-vcl/OverbyteIcsTwsChat1.dfm
added demos-cpp-vcl/OverbyteIcsTwsChat1.h
added demos-cpp-vcl/OverbyteIcsUdpLstn.cbproj
added demos-cpp-vcl/OverbyteIcsUdpLstn.cpp
added demos-cpp-vcl/OverbyteIcsUdpLstn1.cpp
added demos-cpp-vcl/OverbyteIcsUdpLstn1.dfm
added demos-cpp-vcl/OverbyteIcsUdpLstn1.h
added demos-cpp-vcl/OverbyteIcsUdpSend.cbproj
added demos-cpp-vcl/OverbyteIcsUdpSend.cpp
added demos-cpp-vcl/OverbyteIcsUdpSend1.cpp
added demos-cpp-vcl/OverbyteIcsUdpSend1.dfm
added demos-cpp-vcl/OverbyteIcsUdpSend1.h
added demos-cpp-vcl/OverbyteIcsWebServ.cbproj
added demos-cpp-vcl/OverbyteIcsWebServ.cpp
added demos-cpp-vcl/OverbyteIcsWebServ1.cpp
added demos-cpp-vcl/OverbyteIcsWebServ1.dfm
added demos-cpp-vcl/OverbyteIcsWebServ1.h
added demos-data
added demos-data/clients.MDX
added demos-data/hackfilterlist.txt
added demos-data/mime-demo1.txt
added demos-data/mime-demo2.txt
added demos-data/mime-demo3.txt
added demos-data/mime-demo4.txt
added demos-data/mime-demo5.txt
added demos-data/mime.types
added demos-data/WebAppServerData
added demos-data/WebAppServerData/Data
added demos-data/WebAppServerData/Data/AttemptsBlacklist.lst
added demos-data/WebAppServerData/Data/Counters.ini
added demos-data/WebAppServerData/Data/HackBlacklist.lst
added demos-data/WebAppServerData/Data/Sessions.dat
added demos-data/WebAppServerData/DWScripts
added demos-data/WebAppServerData/DWScripts/Hello.pas
added demos-data/WebAppServerData/Templates
added demos-data/WebAppServerData/Templates/Config.html
added demos-data/WebAppServerData/Templates/ConfigConfirm.html
added demos-data/WebAppServerData/Templates/CounterView.html
added demos-data/WebAppServerData/Templates/HeadForm.html
added demos-data/WebAppServerData/Templates/HomePage.html
added demos-data/WebAppServerData/Templates/JavascriptError.html
added demos-data/WebAppServerData/Templates/LoginForm.html
added demos-data/WebAppServerData/Templates/maildone.html
added demos-data/WebAppServerData/Templates/mailer.html
added demos-data/WebAppServerData/Templates/Moved.html
added demos-data/WebAppServerData/Templates/NotLogged.html
added demos-data/WebAppServerData/Templates/uploadfile.html
added demos-data/WebAppServerData/Templates/websocketclient.html
added demos-data/WebAppServerData/Uploads
added demos-data/WebAppServerData/wwwRoot
added demos-data/WebAppServerData/wwwRoot/Form.html
added demos-data/WebAppServerData/wwwRoot/HelloWorld.class
added demos-data/WebAppServerData/wwwRoot/HelloWorld.java
added demos-data/WebAppServerData/wwwRoot/Images
added demos-data/WebAppServerData/wwwRoot/Images/Logo.png
added demos-data/WebAppServerData/wwwRoot/Index.html
added demos-data/WebAppServerData/wwwRoot/Js
added demos-data/WebAppServerData/wwwRoot/Js/md5.js
added demos-data/WebAppServerData/wwwRoot/Styles
added demos-data/WebServData
added demos-data/WebServData/Template
added demos-data/WebServData/Template/FormData.html
added demos-data/WebServData/Template/FormData1.html
added demos-data/WebServData/Template/TemplateDemo.html
added demos-data/WebServData/wwwRoot
added demos-data/WebServData/wwwRoot/Applet.html
added demos-data/WebServData/wwwRoot/Form.html
added demos-data/WebServData/wwwRoot/HelloWorld.class
added demos-data/WebServData/wwwRoot/HelloWorld.java
added demos-data/WebServData/wwwRoot/Index.html
added demos-data/WebServData/wwwRoot/Styles
added demos-data/WebServData/wwwRoot/Styles/Styles.css
added demos-data/websocketclient.html
added demos-data/whiteiplist.txt
added demos-delphi-extra
added demos-delphi-extra/AuthUnit.dfm
added demos-delphi-extra/AuthUnit.pas
added demos-delphi-extra/CachUnitId.pas
added demos-delphi-extra/demos-delphi-extra.groupproj
added demos-delphi-extra/DownLoadId.dfm
added demos-delphi-extra/DownLoadId.pas
added demos-delphi-extra/fbHelp.res
added demos-delphi-extra/FBUnitIcs.dfm
added demos-delphi-extra/FBUnitIcs.pas
added demos-delphi-extra/FrameBrowserIcs.dpr
added demos-delphi-extra/FrameBrowserIcs.dproj
added demos-delphi-extra/FrameBrowserIcs.res
added demos-delphi-extra/FrameBrowserIcs_Icon.ico
added demos-delphi-extra/Gopage.dfm
added demos-delphi-extra/Gopage.pas
added demos-delphi-extra/GRID.RES
added demos-delphi-extra/HTMLAbt.dfm
added demos-delphi-extra/HTMLAbt.pas
added demos-delphi-extra/logwin.dfm
added demos-delphi-extra/logwin.pas
added demos-delphi-extra/manifest.res
added demos-delphi-extra/OverbyteIcsDDWebService.dpr
added demos-delphi-extra/OverbyteIcsDDWebService.dproj
added demos-delphi-extra/OverbyteIcsDDWebService.ini
added demos-delphi-extra/OverbyteIcsDDWebService.res
added demos-delphi-extra/OverbyteIcsDDWebService_Icon.ico
added demos-delphi-extra/OverbyteIcsDDWebServiceCtl.dfm
added demos-delphi-extra/OverbyteIcsDDWebServiceCtl.pas
added demos-delphi-extra/OverbyteIcsDDWebServiceSrv.dfm
added demos-delphi-extra/OverbyteIcsDDWebServiceSrv.pas
added demos-delphi-extra/OverbyteIcsMQTTBroker.dfm
added demos-delphi-extra/OverbyteIcsMQTTBroker.pas
added demos-delphi-extra/OverbyteIcsMQTTst.dpr
added demos-delphi-extra/OverbyteIcsMQTTst.dproj
added demos-delphi-extra/OverbyteIcsMQTTst.res
added demos-delphi-extra/OverbyteIcsMQTTst1.dfm
added demos-delphi-extra/OverbyteIcsMQTTst1.pas
added demos-delphi-extra/OverbyteIcsMQTTst_Icon.ico
added demos-delphi-extra/PreviewForm.dfm
added demos-delphi-extra/PreviewForm.pas
added demos-delphi-extra/PrintStatusForm.dfm
added demos-delphi-extra/PrintStatusForm.pas
added demos-delphi-extra/ProxyDlg.dfm
added demos-delphi-extra/ProxyDlg.pas
added demos-delphi-extra/Resources
added demos-delphi-extra/Resources/fbHelp.rc
added demos-delphi-extra/Resources/fbHelp.res
added demos-delphi-extra/Resources/Page0.htm
added demos-delphi-extra/Resources/PAGE1.HTM
added demos-delphi-extra/Resources/PAGE3.HTM
added demos-delphi-extra/Resources/PAGE4.HTM
added demos-delphi-extra/Resources/PAGE5.HTM
added demos-delphi-extra/Resources/PAGE7.HTM
added demos-delphi-extra/Resources/starcross.avi
added demos-delphi-extra/Resources/STYLE.CSS
added demos-delphi-extra/Resources/TabBot.gif
added demos-delphi-extra/Resources/TabTop.gif
added demos-delphi-extra/Resources/XLeft1.htm
added demos-delphi-extra/UrlConIcs.pas
added demos-delphi-fmx
added demos-delphi-fmx/demos-delphi-fmx.groupproj
added demos-delphi-fmx/fp_small.gif
added demos-delphi-fmx/Ics.Fmx.DemoUtils.pas
added demos-delphi-fmx/ics_logo.gif
added demos-delphi-fmx/IcsBatchDnsLookup.dpr
added demos-delphi-fmx/IcsBatchDnsLookup.dproj
added demos-delphi-fmx/IcsBatchDnsLookup.res
added demos-delphi-fmx/IcsBatchDnsLookup1.fmx
added demos-delphi-fmx/IcsBatchDnsLookup1.pas
added demos-delphi-fmx/IcsCliCertDlg.fmx
added demos-delphi-fmx/IcsCliCertDlg.pas
added demos-delphi-fmx/IcsCliDemo.dpr
added demos-delphi-fmx/IcsCliDemo.dproj
added demos-delphi-fmx/IcsCliDemo.res
added demos-delphi-fmx/IcsCliDemo1.fmx
added demos-delphi-fmx/IcsCliDemo1.pas
added demos-delphi-fmx/IcsHttpRestTst_Icon.ico
added demos-delphi-fmx/IcsHttpRestTstFmx.dpr
added demos-delphi-fmx/IcsHttpRestTstFmx.dproj
added demos-delphi-fmx/IcsHttpRestTstFmx.res
added demos-delphi-fmx/IcsHttpRestTstFmx1.fmx
added demos-delphi-fmx/IcsHttpRestTstFmx1.pas
added demos-delphi-fmx/IcsHttpRestTstFmx2.fmx
added demos-delphi-fmx/IcsHttpRestTstFmx2.pas
added demos-delphi-fmx/IcsHttpRestTstFmx_Icon.ico
added demos-delphi-fmx/IcsHttpsTst.dpr
added demos-delphi-fmx/IcsHttpsTst.dproj
added demos-delphi-fmx/IcsHttpsTst.res
added demos-delphi-fmx/IcsHttpsTst1.fmx
added demos-delphi-fmx/IcsHttpsTst1.pas
added demos-delphi-fmx/IcsLoginFMX.fmx
added demos-delphi-fmx/IcsLoginFMX.pas
added demos-delphi-fmx/IcsMailSnd.dpr
added demos-delphi-fmx/IcsMailSnd.dproj
added demos-delphi-fmx/IcsMailSnd.res
added demos-delphi-fmx/IcsMailSnd1.fmx
added demos-delphi-fmx/IcsMailSnd1.pas
added demos-delphi-fmx/IcsSslMultiWebDataModule.pas
added demos-delphi-fmx/IcsSslMultiWebServ.dpr
added demos-delphi-fmx/IcsSslMultiWebServ.dproj
added demos-delphi-fmx/IcsSslMultiWebServ.ini
added demos-delphi-fmx/IcsSslMultiWebServ.res
added demos-delphi-fmx/IcsSslMultiWebServ1.fmx
added demos-delphi-fmx/IcsSslMultiWebServ1.Macintosh.fmx
added demos-delphi-fmx/IcsSslMultiWebServ1.pas
added demos-delphi-fmx/IcsSslMultiWebServ1.Windows.fmx
added demos-delphi-fmx/IcsSslMultiWebServ_Icon.ico
added demos-delphi-fmx/IcsTcpSrv1IPv6.fmx
added demos-delphi-fmx/IcsTcpSrv1IPv6.pas
added demos-delphi-fmx/IcsTcpSrvIPv6.dpr
added demos-delphi-fmx/IcsTcpSrvIPv6.dproj
added demos-delphi-fmx/IcsTcpSrvIPv6.res
added demos-delphi-mobile
added demos-delphi-vcl
added demos-delphi-vcl/demos-delphi-vcl.groupproj
added demos-delphi-vcl/fp_small.gif
added demos-delphi-vcl/ftpaccounts-[127.0.0.1].ini
added demos-delphi-vcl/ftpaccounts-default.ini
added demos-delphi-vcl/ics_logo.gif
added demos-delphi-vcl/OverbyteIcsBatchDnsLookup.dpr
added demos-delphi-vcl/OverbyteIcsBatchDnsLookup.dproj
added demos-delphi-vcl/OverbyteIcsBatchDnsLookup.res
added demos-delphi-vcl/OverbyteIcsBatchDnsLookup1.dfm
added demos-delphi-vcl/OverbyteIcsBatchDnsLookup1.pas
added demos-delphi-vcl/OverbyteIcsBatchDnsLookup_Icon.ico
added demos-delphi-vcl/OverbyteIcsBinCliDemo.dpr
added demos-delphi-vcl/OverbyteIcsBinCliDemo.dproj
added demos-delphi-vcl/OverbyteIcsBinCliDemo.res
added demos-delphi-vcl/OverbyteIcsBinCliDemo1.dfm
added demos-delphi-vcl/OverbyteIcsBinCliDemo1.pas
added demos-delphi-vcl/OverbyteIcsBinCliDemo_Icon.ico
added demos-delphi-vcl/OverbyteIcsCliCertDlg.dfm
added demos-delphi-vcl/OverbyteIcsCliCertDlg.pas
added demos-delphi-vcl/OverbyteIcsCliDemo.dpr
added demos-delphi-vcl/OverbyteIcsCliDemo.dproj
added demos-delphi-vcl/OverbyteIcsCliDemo.res
added demos-delphi-vcl/OverbyteIcsCliDemo1.dfm
added demos-delphi-vcl/OverbyteIcsCliDemo1.pas
added demos-delphi-vcl/OverbyteIcsCliDemo_Icon.ico
added demos-delphi-vcl/OverbyteIcsCommonVersion.res
added demos-delphi-vcl/OverbyteIcsHttpPost.dpr
added demos-delphi-vcl/OverbyteIcsHttpPost.dproj
added demos-delphi-vcl/OverbyteIcsHttpPost.res
added demos-delphi-vcl/OverbyteIcsHttpPost1.dfm
added demos-delphi-vcl/OverbyteIcsHttpPost1.pas
added demos-delphi-vcl/OverbyteIcsHttpPost_Icon.ico
added demos-delphi-vcl/OverbyteIcsHttpRestTst.dpr
added demos-delphi-vcl/OverbyteIcsHttpRestTst.dproj
added demos-delphi-vcl/OverbyteIcsHttpRestTst.res
added demos-delphi-vcl/OverbyteIcsHttpRestTst1.dfm
added demos-delphi-vcl/OverbyteIcsHttpRestTst1.pas
added demos-delphi-vcl/OverbyteIcsHttpRestTst2.dfm
added demos-delphi-vcl/OverbyteIcsHttpRestTst2.pas
added demos-delphi-vcl/OverbyteIcsHttpRestTst_Icon.ico
added demos-delphi-vcl/OverbyteIcsHttpRestTst_Icon1.ico
added demos-delphi-vcl/OverbyteIcsHttpsTst.dpr
added demos-delphi-vcl/OverbyteIcsHttpsTst.dproj
added demos-delphi-vcl/OverbyteIcsHttpsTst.res
added demos-delphi-vcl/OverbyteIcsHttpsTst1.dfm
added demos-delphi-vcl/OverbyteIcsHttpsTst1.pas
added demos-delphi-vcl/OverbyteIcsHttpsTst_Icon.ico
added demos-delphi-vcl/OverbyteIcsHttpTst.dpr
added demos-delphi-vcl/OverbyteIcsHttpTst.dproj
added demos-delphi-vcl/OverbyteIcsHttpTst.res
added demos-delphi-vcl/OverbyteIcsHttpTst1.dfm
added demos-delphi-vcl/OverbyteIcsHttpTst1.pas
added demos-delphi-vcl/OverbyteIcsHttpTst_Icon.ico
added demos-delphi-vcl/OverbyteIcsIpStmLogTst.dpr
added demos-delphi-vcl/OverbyteIcsIpStmLogTst.dproj
added demos-delphi-vcl/OverbyteIcsIpStmLogTst.res
added demos-delphi-vcl/OverbyteIcsIpStmLogTst1.dfm
added demos-delphi-vcl/OverbyteIcsIpStmLogTst1.pas
added demos-delphi-vcl/OverbyteIcsIpStmLogTst_Icon.ico
added demos-delphi-vcl/OverbyteIcsJoseTst.dpr
added demos-delphi-vcl/OverbyteIcsJoseTst.dproj
added demos-delphi-vcl/OverbyteIcsJoseTst.res
added demos-delphi-vcl/OverbyteIcsJoseTst1.dfm
added demos-delphi-vcl/OverbyteIcsJoseTst1.pas
added demos-delphi-vcl/OverbyteIcsJoseTst2.dfm
added demos-delphi-vcl/OverbyteIcsJoseTst2.pas
added demos-delphi-vcl/OverbyteIcsJoseTst_Icon.ico
added demos-delphi-vcl/OverbyteIcsLogin.dfm
added demos-delphi-vcl/OverbyteIcsLogin.pas
added demos-delphi-vcl/OverbyteIcsMailQuTst.dpr
added demos-delphi-vcl/OverbyteIcsMailQuTst.dproj
added demos-delphi-vcl/OverbyteIcsMailQuTst.res
added demos-delphi-vcl/OverbyteIcsMailQuTst1.dfm
added demos-delphi-vcl/OverbyteIcsMailQuTst1.pas
added demos-delphi-vcl/OverbyteIcsMailQuTst_Icon.ico
added demos-delphi-vcl/OverbyteIcsMailQuTstdiag.dfm
added demos-delphi-vcl/OverbyteIcsMailQuTstdiag.pas
added demos-delphi-vcl/OverbyteIcsMailQuTstView.dfm
added demos-delphi-vcl/OverbyteIcsMailQuTstView.pas
added demos-delphi-vcl/OverbyteIcsMimeDemo.dpr
added demos-delphi-vcl/OverbyteIcsMimeDemo.dproj
added demos-delphi-vcl/OverbyteIcsMimeDemo.res
added demos-delphi-vcl/OverbyteIcsMimeDemo1.dfm
added demos-delphi-vcl/OverbyteIcsMimeDemo1.pas
added demos-delphi-vcl/OverbyteIcsMimeDemo_Icon.ico
added demos-delphi-vcl/OverbyteIcsNetMon.dpr
added demos-delphi-vcl/OverbyteIcsNetMon.dproj
added demos-delphi-vcl/OverbyteIcsNetMon.res
added demos-delphi-vcl/OverbyteIcsNetMon1.dfm
added demos-delphi-vcl/OverbyteIcsNetMon1.pas
added demos-delphi-vcl/OverbyteIcsNetMon2.dfm
added demos-delphi-vcl/OverbyteIcsNetMon2.pas
added demos-delphi-vcl/OverbyteIcsNetMon_Icon.ico
added demos-delphi-vcl/OverbyteIcsNetTools.dpr
added demos-delphi-vcl/OverbyteIcsNetTools.dproj
added demos-delphi-vcl/OverbyteIcsNetTools.res
added demos-delphi-vcl/OverbyteIcsNetTools1.dfm
added demos-delphi-vcl/OverbyteIcsNetTools1.pas
added demos-delphi-vcl/OverbyteIcsNetTools2.dfm
added demos-delphi-vcl/OverbyteIcsNetTools2.pas
added demos-delphi-vcl/OverbyteIcsNetTools_Icon.ico
added demos-delphi-vcl/OverbyteIcsNsLookup.dpr
added demos-delphi-vcl/OverbyteIcsNsLookup.dproj
added demos-delphi-vcl/OverbyteIcsNsLookup.res
added demos-delphi-vcl/OverbyteIcsNsLookup1.dfm
added demos-delphi-vcl/OverbyteIcsNsLookup1.pas
added demos-delphi-vcl/OverbyteIcsNsLookup_Icon.ico
added demos-delphi-vcl/OverbyteIcsPemTool.dpr
added demos-delphi-vcl/OverbyteIcsPemTool.dproj
added demos-delphi-vcl/OverbyteIcsPemTool.res
added demos-delphi-vcl/OverbyteIcsPemTool1.dfm
added demos-delphi-vcl/OverbyteIcsPemTool1.pas
added demos-delphi-vcl/OverbyteIcsPemTool2.dfm
added demos-delphi-vcl/OverbyteIcsPemTool2.pas
added demos-delphi-vcl/OverbyteIcsPemTool3.dfm
added demos-delphi-vcl/OverbyteIcsPemTool3.pas
added demos-delphi-vcl/OverbyteIcsPemTool_Icon.ico
added demos-delphi-vcl/OverbyteIcsPingTst.dpr
added demos-delphi-vcl/OverbyteIcsPingTst.dproj
added demos-delphi-vcl/OverbyteIcsPingTst.res
added demos-delphi-vcl/OverbyteIcsPingTst1.dfm
added demos-delphi-vcl/OverbyteIcsPingTst1.pas
added demos-delphi-vcl/OverbyteIcsPingTst_Icon.ico
added demos-delphi-vcl/OverbyteIcsProxySslServer.dpr
added demos-delphi-vcl/OverbyteIcsProxySslServer.dproj
added demos-delphi-vcl/OverbyteIcsProxySslServer.ini
added demos-delphi-vcl/OverbyteIcsProxySslServer.res
added demos-delphi-vcl/OverbyteIcsProxySslServer1.dfm
added demos-delphi-vcl/OverbyteIcsProxySslServer1.pas
added demos-delphi-vcl/OverbyteIcsProxySslServer_Icon.ico
added demos-delphi-vcl/OverbyteIcsSimpleSslCli.dpr
added demos-delphi-vcl/OverbyteIcsSimpleSslCli.dproj
added demos-delphi-vcl/OverbyteIcsSimpleSslCli.res
added demos-delphi-vcl/OverbyteIcsSimpleSslCli1.dfm
added demos-delphi-vcl/OverbyteIcsSimpleSslCli1.pas
added demos-delphi-vcl/OverbyteIcsSimpleSslCli_Icon.ico
added demos-delphi-vcl/OverbyteIcsSimpleSslServer.dpr
added demos-delphi-vcl/OverbyteIcsSimpleSslServer.dproj
added demos-delphi-vcl/OverbyteIcsSimpleSslServer.res
added demos-delphi-vcl/OverbyteIcsSimpleSslServer1.dfm
added demos-delphi-vcl/OverbyteIcsSimpleSslServer1.pas
added demos-delphi-vcl/OverbyteIcsSimpleSslServer_Icon.ico
added demos-delphi-vcl/OverbyteIcsSnippets.dpr
added demos-delphi-vcl/OverbyteIcsSnippets.dproj
added demos-delphi-vcl/OverbyteIcsSnippets.res
added demos-delphi-vcl/OverbyteIcsSnippets1.dfm
added demos-delphi-vcl/OverbyteIcsSnippets1.pas
added demos-delphi-vcl/OverbyteIcsSnmpCliTst.dpr
added demos-delphi-vcl/OverbyteIcsSnmpCliTst.dproj
added demos-delphi-vcl/OverbyteIcsSnmpCliTst.res
added demos-delphi-vcl/OverbyteIcsSnmpCliTst1.dfm
added demos-delphi-vcl/OverbyteIcsSnmpCliTst1.pas
added demos-delphi-vcl/OverbyteIcsSnmpCliTst_Icon.ico
added demos-delphi-vcl/OverbyteIcsSocksTst.dpr
added demos-delphi-vcl/OverbyteIcsSocksTst.dproj
added demos-delphi-vcl/OverbyteIcsSocksTst.res
added demos-delphi-vcl/OverbyteIcsSocksTst1.dfm
added demos-delphi-vcl/OverbyteIcsSocksTst1.pas
added demos-delphi-vcl/OverbyteIcsSocksTst_Icon.ico
added demos-delphi-vcl/OverbyteIcsSslFtpServ.dpr
added demos-delphi-vcl/OverbyteIcsSslFtpServ.dproj
added demos-delphi-vcl/OverbyteIcsSslFtpServ.res
added demos-delphi-vcl/OverbyteIcsSslFtpServ1.dfm
added demos-delphi-vcl/OverbyteIcsSslFtpServ1.pas
added demos-delphi-vcl/OverbyteIcsSslFtpServ_Icon.ico
added demos-delphi-vcl/OverbyteIcsSslFtpTst.dpr
added demos-delphi-vcl/OverbyteIcsSslFtpTst.dproj
added demos-delphi-vcl/OverbyteIcsSslFtpTst.res
added demos-delphi-vcl/OverbyteIcsSslFtpTst1.dfm
added demos-delphi-vcl/OverbyteIcsSslFtpTst1.pas
added demos-delphi-vcl/OverbyteIcsSslFtpTst2.dfm
added demos-delphi-vcl/OverbyteIcsSslFtpTst2.pas
added demos-delphi-vcl/OverbyteIcsSslFtpTst_Icon.ico
added demos-delphi-vcl/OverbyteIcsSslMailRcv.dpr
added demos-delphi-vcl/OverbyteIcsSslMailRcv.dproj
added demos-delphi-vcl/OverbyteIcsSslMailRcv.res
added demos-delphi-vcl/OverbyteIcsSslMailRcv1.dfm
added demos-delphi-vcl/OverbyteIcsSslMailRcv1.pas
added demos-delphi-vcl/OverbyteIcsSslMailRcv2.dfm
added demos-delphi-vcl/OverbyteIcsSslMailRcv2.pas
added demos-delphi-vcl/OverbyteIcsSslMailRcv_Icon.ico
added demos-delphi-vcl/OverbyteIcsSslMailSnd.dpr
added demos-delphi-vcl/OverbyteIcsSslMailSnd.dproj
added demos-delphi-vcl/OverbyteIcsSslMailSnd.res
added demos-delphi-vcl/OverbyteIcsSslMailSnd1.dfm
added demos-delphi-vcl/OverbyteIcsSslMailSnd1.pas
added demos-delphi-vcl/OverbyteIcsSslMailSnd_Icon.ico
added demos-delphi-vcl/OverbyteIcsSslMultiFtpServ.dpr
added demos-delphi-vcl/OverbyteIcsSslMultiFtpServ.dproj
added demos-delphi-vcl/OverbyteIcsSslMultiFtpServ.ini
added demos-delphi-vcl/OverbyteIcsSslMultiFtpServ.res
added demos-delphi-vcl/OverbyteIcsSslMultiFtpServ1.dfm
added demos-delphi-vcl/OverbyteIcsSslMultiFtpServ1.pas
added demos-delphi-vcl/OverbyteIcsSslMultiFtpServ_Icon.ico
added demos-delphi-vcl/OverbyteIcsSslMultiWebConfig.pas
added demos-delphi-vcl/OverbyteIcsSslMultiWebCounter.pas
added demos-delphi-vcl/OverbyteIcsSslMultiWebCounterView.pas
added demos-delphi-vcl/OverbyteIcsSslMultiWebDataModule.dfm
added demos-delphi-vcl/OverbyteIcsSslMultiWebDataModule.pas
added demos-delphi-vcl/OverbyteIcsSslMultiWebHead.pas
added demos-delphi-vcl/OverbyteIcsSslMultiWebHelloWorld.pas
added demos-delphi-vcl/OverbyteIcsSslMultiWebHomePage.pas
added demos-delphi-vcl/OverbyteIcsSslMultiWebHttpHandlerBase.pas
added demos-delphi-vcl/OverbyteIcsSslMultiWebLogin.pas
added demos-delphi-vcl/OverbyteIcsSslMultiWebMailer.pas
added demos-delphi-vcl/OverbyteIcsSslMultiWebServ.dpr
added demos-delphi-vcl/OverbyteIcsSslMultiWebServ.dproj
added demos-delphi-vcl/OverbyteIcsSslMultiWebServ.ini
added demos-delphi-vcl/OverbyteIcsSslMultiWebServ.res
added demos-delphi-vcl/OverbyteIcsSslMultiWebServ1.dfm
added demos-delphi-vcl/OverbyteIcsSslMultiWebServ1.pas
added demos-delphi-vcl/OverbyteIcsSslMultiWebServ_Icon.ico
added demos-delphi-vcl/OverbyteIcsSslMultiWebSessionData.pas
added demos-delphi-vcl/OverbyteIcsSslMultiWebUploads.pas
added demos-delphi-vcl/OverbyteIcsSslMultiWebUrlDefs.pas
added demos-delphi-vcl/OverbyteIcsSslNewsRdr.dpr
added demos-delphi-vcl/OverbyteIcsSslNewsRdr.dproj
added demos-delphi-vcl/OverbyteIcsSslNewsRdr.res
added demos-delphi-vcl/OverbyteIcsSslNewsRdr1.dfm
added demos-delphi-vcl/OverbyteIcsSslNewsRdr1.pas
added demos-delphi-vcl/OverbyteIcsSslNewsRdr_Icon.ico
added demos-delphi-vcl/OverbyteIcsSslSmtpServ1.dfm
added demos-delphi-vcl/OverbyteIcsSslSmtpServ1.pas
added demos-delphi-vcl/OverbyteIcsSslSmtpServer.dpr
added demos-delphi-vcl/OverbyteIcsSslSmtpServer.dproj
added demos-delphi-vcl/OverbyteIcsSslSmtpServer.res
added demos-delphi-vcl/OverbyteIcsSslSmtpServer_Icon.ico
added demos-delphi-vcl/OverbyteIcsSslWebServ.dpr
added demos-delphi-vcl/OverbyteIcsSslWebServ.dproj
added demos-delphi-vcl/OverbyteIcsSslWebServ.res
added demos-delphi-vcl/OverbyteIcsSslWebServ1.dfm
added demos-delphi-vcl/OverbyteIcsSslWebServ1.pas
added demos-delphi-vcl/OverbyteIcsSslWebServ_Icon.ico
added demos-delphi-vcl/OverbyteIcsSysLogClientDemo.dpr
added demos-delphi-vcl/OverbyteIcsSysLogClientDemo.dproj
added demos-delphi-vcl/OverbyteIcsSysLogClientDemo.res
added demos-delphi-vcl/OverbyteIcsSysLogClientDemo1.dfm
added demos-delphi-vcl/OverbyteIcsSysLogClientDemo1.pas
added demos-delphi-vcl/OverbyteIcsSysLogClientDemo_Icon.ico
added demos-delphi-vcl/OverbyteIcsSysLogServerDemo.dpr
added demos-delphi-vcl/OverbyteIcsSysLogServerDemo.dproj
added demos-delphi-vcl/OverbyteIcsSysLogServerDemo.res
added demos-delphi-vcl/OverbyteIcsSysLogServerDemo1.dfm
added demos-delphi-vcl/OverbyteIcsSysLogServerDemo1.pas
added demos-delphi-vcl/OverbyteIcsSysLogServerDemo_Icon.ico
added demos-delphi-vcl/OverbyteIcsTcpSrv.dpr
added demos-delphi-vcl/OverbyteIcsTcpSrv.dproj
added demos-delphi-vcl/OverbyteIcsTcpSrv.res
added demos-delphi-vcl/OverbyteIcsTcpSrv1.dfm
added demos-delphi-vcl/OverbyteIcsTcpSrv1.pas
added demos-delphi-vcl/OverbyteIcsTcpSrv1IPv6.dfm
added demos-delphi-vcl/OverbyteIcsTcpSrv1IPv6.pas
added demos-delphi-vcl/OverbyteIcsTcpSrv_Icon.ico
added demos-delphi-vcl/OverbyteIcsTcpSrvIPv6.dpr
added demos-delphi-vcl/OverbyteIcsTcpSrvIPv6.dproj
added demos-delphi-vcl/OverbyteIcsTcpSrvIPv6.res
added demos-delphi-vcl/OverbyteIcsTcpSrvIPv6_Icon.ico
added demos-delphi-vcl/OverbyteIcsTelnetClient.dpr
added demos-delphi-vcl/OverbyteIcsTelnetClient.dproj
added demos-delphi-vcl/OverbyteIcsTelnetClient.res
added demos-delphi-vcl/OverbyteIcsTelnetClient1.dfm
added demos-delphi-vcl/OverbyteIcsTelnetClient1.pas
added demos-delphi-vcl/OverbyteIcsTelnetClient_Icon.ico
added demos-delphi-vcl/OverbyteIcsThrdSrv.dpr
added demos-delphi-vcl/OverbyteIcsThrdSrv.dproj
added demos-delphi-vcl/OverbyteIcsThrdSrv.res
added demos-delphi-vcl/OverbyteIcsThrdSrv1.dfm
added demos-delphi-vcl/OverbyteIcsThrdSrv1.pas
added demos-delphi-vcl/OverbyteIcsThrdSrv_Icon.ico
added demos-delphi-vcl/OverbyteIcsThrdSrvV2.dpr
added demos-delphi-vcl/OverbyteIcsThrdSrvV2.dproj
added demos-delphi-vcl/OverbyteIcsThrdSrvV2.res
added demos-delphi-vcl/OverbyteIcsThrdSrvV2_1.dfm
added demos-delphi-vcl/OverbyteIcsThrdSrvV2_1.pas
added demos-delphi-vcl/OverbyteIcsThrdSrvV2_Icon.ico
added demos-delphi-vcl/OverbyteIcsThrdSrvV3.dpr
added demos-delphi-vcl/OverbyteIcsThrdSrvV3.dproj
added demos-delphi-vcl/OverbyteIcsThrdSrvV3.res
added demos-delphi-vcl/OverbyteIcsThrdSrvV3_1.dfm
added demos-delphi-vcl/OverbyteIcsThrdSrvV3_1.pas
added demos-delphi-vcl/OverbyteIcsThrdSrvV3_Icon.ico
added demos-delphi-vcl/OverbyteIcsTimeTst.dpr
added demos-delphi-vcl/OverbyteIcsTimeTst.dproj
added demos-delphi-vcl/OverbyteIcsTimeTst.res
added demos-delphi-vcl/OverbyteIcsTimeTst1.dfm
added demos-delphi-vcl/OverbyteIcsTimeTst1.pas
added demos-delphi-vcl/OverbyteIcsTimeTst_Icon.ico
added demos-delphi-vcl/OverbyteIcsWebAppServer.dpr
added demos-delphi-vcl/OverbyteIcsWebAppServer.dproj
added demos-delphi-vcl/OverbyteIcsWebAppServer.res
added demos-delphi-vcl/OverbyteIcsWebAppServer_Icon.ico
added demos-delphi-vcl/OverbyteIcsWebAppServerConfig.pas
added demos-delphi-vcl/OverbyteIcsWebAppServerCounter.pas
added demos-delphi-vcl/OverbyteIcsWebAppServerCounterView.pas
added demos-delphi-vcl/OverbyteIcsWebAppServerDataModule.dfm
added demos-delphi-vcl/OverbyteIcsWebAppServerDataModule.pas
added demos-delphi-vcl/OverbyteIcsWebAppServerDWScriptUrlHandler.pas
added demos-delphi-vcl/OverbyteIcsWebAppServerHead.pas
added demos-delphi-vcl/OverbyteIcsWebAppServerHelloWorld.pas
added demos-delphi-vcl/OverbyteIcsWebAppServerHomePage.pas
added demos-delphi-vcl/OverbyteIcsWebAppServerHttpHandlerBase.pas
added demos-delphi-vcl/OverbyteIcsWebAppServerLogin.pas
added demos-delphi-vcl/OverbyteIcsWebAppServerMailer.pas
added demos-delphi-vcl/OverbyteIcsWebAppServerMain.dfm
added demos-delphi-vcl/OverbyteIcsWebAppServerMain.pas
added demos-delphi-vcl/OverbyteIcsWebAppServerSessionData.pas
added demos-delphi-vcl/OverbyteIcsWebAppServerUrlDefs.pas
added demos-delphi-vcl/OverbyteIcsWhoisCliTst.dpr
added demos-delphi-vcl/OverbyteIcsWhoisCliTst.dproj
added demos-delphi-vcl/OverbyteIcsWhoisCliTst.res
added demos-delphi-vcl/OverbyteIcsWhoisCliTst1.dfm
added demos-delphi-vcl/OverbyteIcsWhoisCliTst1.pas
added demos-delphi-vcl/OverbyteIcsWhoisCliTst_Icon.ico
added demos-delphi-vcl/OverbyteIcsWmiTst.dpr
added demos-delphi-vcl/OverbyteIcsWmiTst.dproj
added demos-delphi-vcl/OverbyteIcsWmiTst.exe
added demos-delphi-vcl/OverbyteIcsWmiTst.res
added demos-delphi-vcl/OverbyteIcsWmiTst1.dfm
added demos-delphi-vcl/OverbyteIcsWmiTst1.pas
added demos-delphi-vcl/OverbyteIcsWmiTst_Icon.ico
added demos-delphi-vcl/OverbyteIcsX509CertsTst.dpr
added demos-delphi-vcl/OverbyteIcsX509CertsTst.dproj
added demos-delphi-vcl/OverbyteIcsX509CertsTst.res
added demos-delphi-vcl/OverbyteIcsX509CertsTst1.dfm
added demos-delphi-vcl/OverbyteIcsX509CertsTst1.pas
added demos-delphi-vcl/OverbyteIcsX509CertsTst_Icon.ico
added demos-delphi-vcl/OverbyteIcsXferTst.dpr
added demos-delphi-vcl/OverbyteIcsXferTst.dproj
added demos-delphi-vcl/OverbyteIcsXferTst.res
added demos-delphi-vcl/OverbyteIcsXferTst1.dfm
added demos-delphi-vcl/OverbyteIcsXferTst1.pas
added demos-delphi-vcl/OverbyteIcsXferTst_Icon.ico
==================================================================================
9 Feb 2024
ICS V9.1 - Part 21
Over 25 years, ICS has accumulated a large number of sample applications, used both for development and testing of ICS, and to introduce end users to the components.
The samples vary in complexity, often with duplicates for non-SSL and SSL use, many have not been tested or used for many years. The project files varied, with most samples building into the source directories which contained a mix of build platforms and configurations.
This is the first attempt to rationalise the samples, so the main ICS distribution only includes the samples actively maintained, in new directories to make them easier to find.
All these samples have the project files updated so EXE and DCU files build in specific platform and configuration paths, keeping the source directories clean. There are no OpenSSL files in the EXE directories, the {$DEFINE OpenSSL_ProgramData} is needed so the SSL/TLS samples look in the new C:\ProgramData\ICS-OpenSSL\ path. All icon files are cleaned up and the samples should all now build without warnings.
Samples that need extra data files like web servers, now mostly use a new demos-data path, for web server pages for instance. This involves some convoluted paths in the samples that use IcsAbsolutisePath to clean them up, there may be some samples not yet updated and that still look for data in the EXE path.
The samples are now split into the following paths, in the ICS root directory:
demos-delphi-vcl - 45 VCL samples for Windows.
demos-delphi-extra - four VCL samples that need third party components to build.
demos-delphi-fmx - seven FMX samples for Windows, not yet tested on MacOS.
demos-delphi-mobile - empty, for the future.
demos-cpp-vcl - all old C++ samples that have not been tested for 10 years, need help.
demos-data - data files for samples, such as web pages.
More documentation to follow, readme not updated yet.
==================================================================================
9 Feb 2024
ICS V9.1 - Part 22
Updated IcsDefs.inc so it is aware of future Delphi versions.
Zip a missing directory.
Apart from bug fixes found during continued testing and feedback, V9.1 is effectively done.
==================================================================================
14 Feb 2024
ICS V9.1 - Part 23
Just bug fixes.
OverbyteIcsSntp.pas
Feb 13, 2024 V9.1
Corrected NTP version sent to server, we have been sending v6 for 20 years, when v4 is the latest, which we now send.
Added more NTP servers from cloud providers that are more likely to be running than private ntp.org servers.
Fixed IcsGetUTCNtpTime always returning midnight due to strange rounding in newer Delphi versions, meant time server sent wrong time.
Enable WSocket more friendly exceptions.
OverbyteIcsWSocket.pas
Feb 13, 2024 V9.1
Published AddrFormat, resolved family AF_INET or AF_INET6 after connection.
Fixed AddrFormat not set properly if AddrResolved by DnsLookup.
OverbyteIcsHttpSrv.pas
OverbyteIcsWSocketS.pas
Feb 13, 2024 V9.1
Added property ListenAny returns true if any sockets are listening, ie server is running.
==================================================================================
16 Feb 2024
ICS V9.1 - Part 24
Updated CA Trusted Stores.
==================================================================================
Win64 old paths
Lib Path: $(BDSLIB)\$(Platform)\release;$(BDSUSERDIR)\Imports\$(Platform);$(BDS)\Imports;$(BDSCOMMONDIR)\Dcp\$(Platform);$(BDS)\include
Package out dir: $(BDSCOMMONDIR)\Bpl\$(Platform)
DCP putput dir: $(BDSCOMMONDIR)\Dcp\$(Platform)
Browsing: $(BDS)\OCX\Servers;$(BDS)\SOURCE\VCL;$(BDS)\source\rtl\common;$(BDS)\SOURCE\RTL\SYS;$(BDS)\source\rtl\win;$(BDS)\source\rtl\win\winrt;$(BDS)\source\ToolsAPI;$(BDS)\SOURCE\IBX;$(BDS)\source\Internet;$(BDS)\SOURCE\PROPERTY EDITORS;$(BDS)\source\soap;$(BDS)\SOURCE\XML;$(BDS)\source\Indy10\Core;$(BDS)\source\Indy10\System;$(BDS)\source\Indy10\Protocols;$(BDS)\source\fmx;$(BDS)\source\databinding\components;$(BDS)\source\databinding\engine;$(BDS)\source\databinding\graph;$(BDS)\source\data;$(BDS)\source\data\ado;$(BDS)\source\data\cloud;$(BDS)\source\data\datasnap;$(BDS)\source\data\dbx;$(BDS)\source\data\dsnap;$(BDS)\source\data\vclctrls;$(BDS)\source\data\datasnap\connectors;$(BDS)\source\data\datasnap\proxygen;$(BDS)\source\DataExplorer;$(BDS)\source\DUnit\Contrib\DUnitWizard\Source\Common;$(BDS)\source\DUnit\Contrib\DUnitWizard\Source\Common\dunit;$(BDS)\source\DUnit\Contrib\DUnitWizard\Source\DelphiExperts\Common;$(BDS)\source\DUnit\Contrib\DUnitWizard\Source\DelphiExperts\DUnitProject;$(BDS)\source\DUnit\Contrib\DUnitWizard\Source\DelphiExperts\DUnitProject\dunit;$(BDS)\source\DUnit\src;$(BDS)\source\DUnit\tests;$(BDS)\source\Experts;$(BDS)\source\indy\abstraction;$(BDS)\source\indy\implementation;$(BDS)\source\indyimpl;$(BDS)\source\Property Editors\Indy10;$(BDS)\source\soap\wsdlimporter;$(BDS)\source\Visualizers;$(BDS)\source\DUnit\Contrib\XMLReporting;$(BDS)\source\DUnit\Contrib\XPGen;$(BDS)\source\data\rest;$(BDS)\source\data\firedac;$(BDS)\source\tethering;$(BDS)\source\DUnitX;$(BDS)\source\data\ems;$(BDS)\source\rtl\net;$(BDS)\source\FlatBox2D;$(BDSCOMMONDIR)\Dcp\$(PLATFORM)
Debug DCU: $(BDSLIB)\$(Platform)\debug
==================================================================================
Packages/IcsMacOS.dpk
Packages/IcsMacOS.dproj
22 Feb 2024
ICS V9.1 - Part 25
Updated readme9 with installation information, sample update still work in progress.
Adding MacOS package to IcsInstallTestPosix group, untested.
Update ICS Intermediate Short SSL/TLS certificate.
==================================================================================
ReadMe9.txt
Source/Include/Ics.InterlockedApi.inc
Source/Include/OverbyteIcsWinsockImpl.inc
Source/OverbyteIcsOAuthFormFmx.pas
Source/OverbyteIcsOAuthFormVcl.pas
Source/OverbyteIcsWebSocketCli.pas
Source/OverbyteIcsWebSocketSrv.pas
Source/OverbyteIcsWinsock.pas
Source/OverbyteIcsWSocket.pas
ZipOverbyteIcsV9.lst
23 Feb 2024
ICS V9.1 - Part 26
More readme9.txt updates, almost done.
OverbyteIcsWinsock.pas
Feb 23, 2024 V9.1
Copied content of two include files OverbyteIcsWinsockTypes.inc and OverbyteIcsWinsockImpl.inc here to make debugging easier, proper IDE highlighting.
OverbyteIcsOAuthFormFmx.pas
OverbyteIcsOAuthFormVcl.pas
OverbyteIcsWebSocketCli.pas
OverbyteIcsWebSocketSrv.pas
All now build without USE_SSL.
OverbyteIcsSuperObject.pas
OverbyteIcsThreadTimer.pas
OverbyteIcsWebSession.pas
No longer use Ics.InterlockedApi.inc
==================================================================================
26 Feb 2024
ICS V9.1 - Part 27
readme9.txt is finally complete, installation and SSL/TLS sections total rewrite.
OverbyteIcsWebSocketS.pas
Feb 25, 2024 V9.1
If locally created certificate signed by ICS intermediate is about to expire, replace it.
Replace locally created certificate signed by ICS intermediate by Let's Encrypt certificate if automatic ordering enabled.
==================================================================================
27 Feb 2024
ICS V9.1 - Part 28
Still improving readme9.txt.
==================================================================================
28 Feb 2024
ICS V9.1 - Part 29
It seems Ics.InterlockedApi.inc is still required for ancient compilers, so restored it, so now builds on Delphi 2007 again.
Unable to open new project groups on Delphi 2007, will need to create groups for ancient compilers, next week.
Getting bored with supporting ancient compilers...
==================================================================================
5 Mar 2024
ICS V9.1 - Part 30
Manually built legacy project group demos-delphi-vcl-legacy.bpg so that Delphi 7 and later can access the VCL samples.
Beware the sample project files (.dproj) supplied are built with modern compilers, and can not be opened by legacy compilers due to new platforms and features. So for Delphi XE and earlier (and maybe some other XE versions), before opening a group or application project, you MUST delete all .dproj sample files. When you open the project, the .dproj file will be automatically recreated from the .dpr project file by Delphi. If you attempt to open a new .dproj file with a legacy Delphi compiler, it will simply give an XML error and not attempt to rebuild the project file.
Updated readme9 with more information about installing samples.
Updated some version dates and one sample so it now builds on Delphi 2007 again.
==================================================================================
7 Mar 2024
ICS V9.1 - Part 31
Final update, few dates, sample fix.
https://wiki.overbyte.eu/wiki/index.php/Updating_projects_to_V9.1
https://wiki.overbyte.eu/wiki/index.php/ICS_V9.1
==================================================================================
11 Mar 2024
ICS V9.1 - Part 32
Readme updates for samples.
==================================================================================
ICS V9.1 Highlights
ICS V9.1 is almost ready for release. Although there are no new components, there are many other SSL/TLS changes that will affect existing applications, but make ICS easier to use and support for the future.
Before the final release in a week or two, I'd appreciate some feedback from user installing V9.1 using the new packages, and update one or more old SSL/TLS applications, it may help future users if I can improve the documentation.
Please read readme9.txt and these note about V9.1 carefully when upgrading existing applications, you may get build errors that need minor code changes. But new applications should need be easier to create.
1 - Delphi 10.4 and later now use the same install groups and packages, IcsInstallFmx, IcsInstallVcl and IcsInstallVclFmx, making support a lot easier. Version specific groups remain for Delphi 10.3 and earlier, with new groups D(X)InstallVcl for VCL only replacing the old OverbyteIcs(X) groups, again to simplify support. Dozens of old packages have been removed for this release, so please delete all old groups and packages before installing V9.1, to avoid a mix of old and new packages. Only C++ 10.4 and later are now supported, but untested.
2 - The old samples directory has gone and many of the older and little used samples have been archived to a separate download. The active samples used to test and demonstrate all ICS components are now split into the following paths, in the ICS root directory:
demos-delphi-vcl - 45 VCL samples for Windows.
demos-delphi-extra - four VCL samples that need third party components to build.
demos-delphi-fmx - seven FMX samples for Windows, not yet tested on MacOS.
demos-cpp-vcl - all old C++ samples that have not been tested for 10 years, need help.
demos-data - data files for samples, such as web pages.
All these samples can now be built for Win32 and Win64 platforms.
3 - To ease development, linking and future support, some new units have been added by splitting existing units with multiple components, unfortunately this means many existing projects will need one or more of the new units adding to their uses section. Apologies for the pain, but this should have been done a long time ago. The main change is splitting out much of the SSL/TLS related code from the massive OverbyteIcsWSocket unit to a new unit OverbyteIcsSslBase.
4 - Distribution of the ICS OpenSSL files has changed. Earlier ICS versions required the OpenSSL DLLs to be distributed with applications, and a root CA bundle file to verify SSL/TLS connections, and these needed to be loaded using code. There was little standardisation over where the OpenSSL DLLs were located, applications tended to keep their own copies alongside other executables, leading to multiple DLL copies and needing the public variable GSSL_DLL_DIR set to a specific directory before OpenSSL was loaded. Likewise, root CA bundle directories had to be distributed with applications and loaded with code. ICS V9.1 allows five different ways of loading OpenSSL:
1 - DLLs linked into application as resource files
2 - DLLs loaded from common directory C:\ProgramData\ICS-OpenSSL\
3 - OpenSSL DCU linked into application using commercial YuOpenSSL
4 - DLLs loaded from location specified in public variable GSSL_DLL_DIR
5 - DLLs loaded according to path, may be found anywhere on PC
Which method ICS uses to load OpenSSL depends upon several defines in the .\Source\Include\OverbyteIcsDefs.inc file, please see the readme9.txt file for details. ICS currently includes resource files for three different OpenSSL releases, 3.0`13. 3.1.5 and 3.2.1, which version is linked is controlled by a define. If the OpenSSL DLLs are linked into the application, they are extracted to a version subdirectory, ie C:\ProgramData\ICS-OpenSSL\3012\ so different applications can use different OpenSSL versions. This happens only once if the files have not already been extracted. When updating existing projects without using any new defines, the ICS old behaviour of methods 3, 4 and 5 above remain with no changes needed.
5 - A common IcsSslRootCAStore component is now created at application start-up, to avoid different components needing their own CA stores to verify SSL/TLS certificates, and for applications to load those stores. The three different CA stores included with ICS are now supplied as resource files, with a define determining which is linked into applications.
Another define causes OpenSSL and this store to be loaded at application startup, so OpenSSL is available for all
components, without it needing to be loaded again, perhaps repeatedly. Without new defines, a CA Store can be loaded manually into IcsSslRootCAStore. The ICS servers use CA Stores now use IcsSslRootCAStore and no longer load any files specified.
6 - All SSL/TLS servers need a certificate and private key to start, even when testing. Previously ICS supplied some self signed certificates for testing, and also created such certificates automatically if they were missing or if the server was about to order a Let's Encrypt certificate. Accessing such servers for testing using browsers raised various warnings.
ICS now has it's own SSL root certificate 'ICS Root CA' and two intermediates, 'ICS Intermediate' and 'ICS Intermediate Short', the last of which includes a private key so can be used to automatically sign new certificates by ICS server applications, rather than just self signed certificates as before. If the 'ICS Root CA' certificate is installed in the Window Store and browser stores, it should stop certificate warnings appearing. ICS applications automatically trust the ICS root, so will give no warnings. The short intermediate has a maximum 100 day expiry, so new versions will be issued regularly. There is a single function CreateSelfSignCertEx that created signed certificates, and another IcsInstallIcsRoot that installs the ICS root into the Windows Store, so easy to use. It is possible to replace the ICS root with your own private root certificate and have servers create their own certificates against that root, for internal networks.
7 - The TSslHttpRest component now allows TRestParams to be created as content type 'Form-Data Body' to create MIME multipart/form-data parameters that may include new TParamType of RPTypeFile that specifies a file name whose binary content will be added to the parameters as a file upload, allowing multiple files and extra parameters. TRestParams are now built into a TStream rather than a string to allow larger parameter sizes, tested up to 8GB. The ICS web server samples have improved MIME decoding to accept massive uploads.
8 - Several client and server components have a new property NoSSL which if set will prevent those components using SSL/TLS for HTTPS or FTPS, even if the application is linked with OpenSSL code. Beware the IcsSslRootCAStore component must not be initialised by the application.
9 - Updating projects to V9.1:
Applications that have TSslContext on a form will need to be opened so the new unit OverbyteIcsSslBase is automatically added to the users clause. Units that reference TX509Base or TX509List mostly for the OnSslHandshakeDone event, may need OverbyteIcsSslBase adding manually if they don't also have TSslContext.
The other new units are OverbyteIcsHtmlUtils (for TextToHtmlText, IcsHtmlValuesToUnicode, IcsFindHtmlCharset, IcsFindHtmlCodepage, IcsContentCodepage and IcsHtmlToStr), OverbyteIcsDnsHttps (for TDnsQueryHttp and IcsDomNameCacheHttps) and OverbyteIcsSslUtils (for TOcspHttp). Applications that use IcsExtractURLEncodedValue, ExtractURLEncodedParamList or GetCookieValue may need OverbyteIcsUrl adding to projects.
When updating projects using a TSslContext component, setting the new property UseSharedCAStore to True causes the properties CAFile, CALines and CAPath to be ignored, and the new IcsSslRootCAStore component will be used instead, being automatically initialised if not done at program start-up. Don't use UseSharedCAStore for server components.
High level ICS components such as TSslHttpRest that have an internal TSslContext component all set UseSharedCAStore and ignore properties like SslRootFile to load a root CA bundle. If a specific bundle is required it may be loaded to IcsSslRootCAStore.
With V9,1, the global variables GSSLEAY_DLL_IgnoreNew and GSSLEAY_DLL_IgnoreOld are ignored since only different minor versions of OpenSSL 3 are supported.
==================================================================================
ICS V9.1 Release Highlights
Although ICS V9.1 does not contain any new components, there are many other SSL/TLS changes that will affect existing applications, but make ICS easier to use and support for the future.
1 - Delphi 10.4 and later now use the same install groups and packages, IcsInstallFmx, IcsInstallVcl and IcsInstallVclFmx, making support a lot easier. Version specific groups remain for Delphi 10.3 and earlier, with new groups D(X)InstallVcl for VCL only replacing the old OverbyteIcs(X) groups, again to simplify support. Dozens of old packages have been removed for this release, so please delete all old groups and packages before installing V9.1, to avoid a mix of old and new packages. Only C++ 10.4 and later are now supported, but untested.
2 - The old samples directory has gone and many of the older and little used samples have been archived to a separate download. The active samples used to test and demonstrate all ICS components are now split into the following paths, in the ICS root directory:
demos-delphi-vcl - 45 VCL samples for Windows.
demos-delphi-extra - four VCL samples that need third party components to build.
demos-delphi-fmx - seven FMX samples for Windows, not yet tested on MacOS.
demos-cpp-vcl - all old C++ samples that have not been tested for 10 years, need help.
demos-data - data files for samples, such as web pages.
All these samples can now be built for Win32 and Win64 platforms.
3 - To ease development, linking and future support, some new units have been added by splitting existing units with multiple components, unfortunately this means many existing projects will need one or more of the new units adding to their uses section. Apologies for the pain, but this should have been done a long time ago. The main change is splitting out much of the SSL/TLS related code from the massive OverbyteIcsWSocket unit to a new unit OverbyteIcsSslBase.
4 - Distribution of the ICS OpenSSL files has changed. Earlier ICS versions required the OpenSSL DLLs to be distributed with applications, and a root CA bundle file to verify SSL/TLS connections, and these needed to be loaded using code. There was little standardisation over where the OpenSSL DLLs were located, applications tended to keep their own copies alongside other executables, leading to multiple DLL copies and needing the public variable GSSL_DLL_DIR set to a specific directory before OpenSSL was loaded. Likewise, root CA bundle directories had to be distributed with applications and loaded with code. ICS V9.1 allows five different ways of loading OpenSSL:
1 - DLLs linked into application as resource files
2 - DLLs loaded from common directory C:\ProgramData\ICS-OpenSSL\
3 - OpenSSL DCU linked into application using commercial YuOpenSSL
4 - DLLs loaded from location specified in public variable GSSL_DLL_DIR
5 - DLLs loaded according to path, may be found anywhere on PC
Which method ICS uses to load OpenSSL depends upon several defines in the .\Source\Include\OverbyteIcsDefs.inc file, please see the readme9.txt file for details. ICS currently includes resource files for three different OpenSSL releases, 3.0`13. 3.1.5 and 3.2.1, which version is linked is controlled by a define. If the OpenSSL DLLs are linked into the application, they are extracted to a version subdirectory, ie C:\ProgramData\ICS-OpenSSL\3012\ so different applications can use different OpenSSL versions. This happens only once if the files have not already been extracted. When updating existing projects without using any new defines, the ICS old behaviour of methods 3, 4 and 5 above remain with no changes needed.
5 - A common IcsSslRootCAStore component is now created at application start-up, to avoid different components needing their own CA stores to verify SSL/TLS certificates, and for applications to load those stores. The three different CA stores included with ICS are now supplied as resource files, with a define determining which is linked into applications.
Another define causes OpenSSL and this store to be loaded at application startup, so OpenSSL is available for all
components, without it needing to be loaded again, perhaps repeatedly. Without new defines, a CA Store can be loaded manually into IcsSslRootCAStore. The ICS servers use CA Stores now use IcsSslRootCAStore and no longer load any files specified.
6 - All SSL/TLS servers need a certificate and private key to start, even when testing. Previously ICS supplied some self signed certificates for testing, and also created such certificates automatically if they were missing or if the server was about to order a Let's Encrypt certificate. Accessing such servers for testing using browsers raised various warnings.
ICS now has it's own SSL root certificate 'ICS Root CA' and two intermediates, 'ICS Intermediate' and 'ICS Intermediate Short', the last of which includes a private key so can be used to automatically sign new certificates by ICS server applications, rather than just self signed certificates as before. If the 'ICS Root CA' certificate is installed in the Window Store and browser stores, it should stop certificate warnings appearing. ICS applications automatically trust the ICS root, so will give no warnings. The short intermediate has a maximum 100 day expiry, so new versions will be issued regularly. There is a single function CreateSelfSignCertEx that created signed certificates, and another IcsInstallIcsRoot that installs the ICS root into the Windows Store, so easy to use. It is possible to replace the ICS root with your own private root certificate and have servers create their own certificates against that root, for internal networks.
7 - The TSslHttpRest component now allows TRestParams to be created as content type 'Form-Data Body' to create MIME multipart/form-data parameters that may include new TParamType of RPTypeFile that specifies a file name whose binary content will be added to the parameters as a file upload, allowing multiple files and extra parameters. TRestParams are now built into a TStream rather than a string to allow larger parameter sizes, tested up to 8GB. The ICS web server samples have improved MIME decoding to accept massive uploads.
8 - Several client and server components have a new property NoSSL which if set will prevent those components using SSL/TLS for HTTPS or FTPS, even if the application is linked with OpenSSL code. Beware the IcsSslRootCAStore component must not be initialised by the application.
9 - Updating projects to V9.1:
Applications that have TSslContext on a form will need to be opened so the new unit OverbyteIcsSslBase is automatically added to the users clause. Units that reference TX509Base or TX509List mostly for the OnSslHandshakeDone event, may need OverbyteIcsSslBase adding manually if they don't also have TSslContext.
The other new units are OverbyteIcsHtmlUtils (for TextToHtmlText, IcsHtmlValuesToUnicode, IcsFindHtmlCharset, IcsFindHtmlCodepage, IcsContentCodepage and IcsHtmlToStr), OverbyteIcsDnsHttps (for TDnsQueryHttp and IcsDomNameCacheHttps) and OverbyteIcsSslUtils (for TOcspHttp). Applications that use IcsExtractURLEncodedValue, ExtractURLEncodedParamList or GetCookieValue may need OverbyteIcsUrl adding to projects.
When updating projects using a TSslContext component, setting the new property UseSharedCAStore to True causes the properties CAFile, CALines and CAPath to be ignored, and the new IcsSslRootCAStore component will be used instead, being automatically initialised if not done at program start-up. Don't use UseSharedCAStore for server components.
High level ICS components such as TSslHttpRest that have an internal TSslContext component all set UseSharedCAStore and ignore properties like SslRootFile to load a root CA bundle. If a specific bundle is required it may be loaded to IcsSslRootCAStore.
With V9,1, the global variables GSSLEAY_DLL_IgnoreNew and GSSLEAY_DLL_IgnoreOld are ignored since only different minor versions of OpenSSL 3 are supported.
Full release notes are at https://wiki.overbyte.eu/wiki/index.php/ICS_V9.1
More detailed instructions for updating to V9.1 are at https://wiki.overbyte.eu/wiki/index.php/Updating_projects_to_V9.1
==================================================================================
Major Changes in '''ICS V9.1''':
Although ICS V9.1 does not contain any new components, there are many other SSL/TLS changes that will affect existing applications, but make ICS easier to use and support for the future.
#Delphi 10.4 and later now use the same install groups and packages, IcsInstallFmx, IcsInstallVcl and IcsInstallVclFmx, making support a lot easier. Version specific groups remain for Delphi 10.3 and earlier, with new groups D(X)InstallVcl for VCL only replacing the old OverbyteIcs(X) groups, again to simplify support. Dozens of old packages have been removed for this release, so please delete all old groups and packages before installing V9.1, to avoid a mix of old and new packages. Only C++ 10.4 and later are now supported, but untested.
#The old samples directory has gone and many of the older and little used samples have been archived to a separate download. The active samples used to test and demonstrate all ICS components are now split into the following paths, in the ICS root directory: All these samples can now be built for Win32 and Win64 platforms.
##demos-delphi-vcl - 45 VCL samples for Windows.
##demos-delphi-extra - four VCL samples that need third party components to build.
##demos-delphi-fmx - seven FMX samples for Windows, not yet tested on MacOS.
##demos-cpp-vcl - all old C++ samples that have not been tested for 10 years, need help.
##demos-data - data files for samples, such as web pages.
#To ease development, linking and future support, some new units have been added by splitting existing units with multiple components, unfortunately this means many existing projects will need one or more of the new units adding to their uses section. Apologies for the pain, but this should have been done a long time ago. The main change is splitting out much of the SSL/TLS related code from the massive OverbyteIcsWSocket unit to a new unit OverbyteIcsSslBase.
#Distribution of the ICS OpenSSL files has changed. Earlier ICS versions required the OpenSSL DLLs to be distributed with applications, and a root CA bundle file to verify SSL/TLS connections, and these needed to be loaded using code. There was little standardisation over where the OpenSSL DLLs were located, applications tended to keep their own copies alongside other executables, leading to multiple DLL copies and needing the public variable GSSL_DLL_DIR set to a specific directory before OpenSSL was loaded. Likewise, root CA bundle directories had to be distributed with applications and loaded with code. ICS V9.1 allows five different ways of loading OpenSSL: Which method ICS uses to load OpenSSL depends upon several defines in the .\Source\Include\OverbyteIcsDefs.inc file, please see the readme9.txt file for details. ICS currently includes resource files for three different OpenSSL releases, 3.0`13. 3.1.5 and 3.2.1, which version is linked is controlled by a define. If the OpenSSL DLLs are linked into the application, they are extracted to a version subdirectory, ie C:\ProgramData\ICS-OpenSSL\3012\ so different applications can use different OpenSSL versions. This happens only once if the files have not already been extracted. When updating existing projects without using any new defines, the ICS old behaviour of methods 3, 4 and 5 above remain with no changes needed.
##DLLs linked into application as resource files
##DLLs loaded from common directory C:\ProgramData\ICS-OpenSSL\
##OpenSSL DCU linked into application using commercial YuOpenSSL
##DLLs loaded from location specified in public variable GSSL_DLL_DIR
##DLLs loaded according to path, may be found anywhere on PC
#A common IcsSslRootCAStore component is now created at application start-up, to avoid different components needing their own CA stores to verify SSL/TLS certificates, and for applications to load those stores. The three different CA stores included with ICS are now supplied as resource files, with a define determining which is linked into applications.Another define causes OpenSSL and this store to be loaded at application startup, so OpenSSL is available for allcomponents, without it needing to be loaded again, perhaps repeatedly. Without new defines, a CA Store can be loaded manually into IcsSslRootCAStore. The ICS servers use CA Stores now use IcsSslRootCAStore and no longer load any files specified.
#All SSL/TLS servers need a certificate and private key to start, even when testing. Previously ICS supplied some self signed certificates for testing, and also created such certificates automatically if they were missing or if the server was about to order a Let's Encrypt certificate. Accessing such servers for testing using browsers raised various warnings.ICS now has it's own SSL root certificate 'ICS Root CA' and two intermediates, 'ICS Intermediate' and 'ICS Intermediate Short', the last of which includes a private key so can be used to automatically sign new certificates by ICS server applications, rather than just self signed certificates as before. If the 'ICS Root CA' certificate is installed in the Window Store and browser stores, it should stop certificate warnings appearing. ICS applications automatically trust the ICS root, so will give no warnings. The short intermediate has a maximum 100 day expiry, so new versions will be issued regularly. There is a single function CreateSelfSignCertEx that created signed certificates, and another IcsInstallIcsRoot that installs the ICS root into the Windows Store, so easy to use. It is possible to replace the ICS root with your own private root certificate and have servers create their own certificates against that root, for internal networks.
#The TSslHttpRest component now allows TRestParams to be created as content type 'Form-Data Body' to create MIME multipart/form-data parameters that may include new TParamType of RPTypeFile that specifies a file name whose binary content will be added to the parameters as a file upload, allowing multiple files and extra parameters. TRestParams are now built into a TStream rather than a string to allow larger parameter sizes, tested up to 8GB. The ICS web server samples have improved MIME decoding to accept massive uploads.
#Several client and server components have a new property NoSSL which if set will prevent those components using SSL/TLS for HTTPS or FTPS, even if the application is linked with OpenSSL code. Beware the IcsSslRootCAStore component must not be initialised by the application.
Full release notes are at More detailed release notes are at [[ICS_V9.1 | ICS 9.1 Release Notes]]
More detailed instructions for updating to V9.1 are at [[Updating_projects_to_V9.1 | pdating projects to V9.1]
====================================================================================
==================================================================================
Updating projects to V9.1:
Several new units have been added to ICS V9.1, mostly now containing classes and functions that were previously in other units. Classes like TSslContext that are often dropped on forms will have one or more of these new units added automatically when the form is opened in the IUE. Units that reference class likeTX509Base or TX509List in events only, such as OnSslHandshakeDone, may need OverbyteIcsSslBase adding manually.
OverbyteIcsDnsHttps.pas
OverbyteIcsHtmlUtils.pas
OverbyteIcsSslBase.pas
OverbyteIcsSslUtils.pas
Ics.Fmx.OverbyteIcsDnsHttps.pas
Ics.Fmx.OverbyteIcsSslBase.pas
Ics.Fmx.OverbyteIcsSslUtils.pas
Following is a list of the main classes and functions now in new or different units, so check here when the compiler complains it can not find a component for your application:
TX509Base from OverbyteIcsWSocket to OverbyteIcsSslBase
TSslBaseComponent from WSocket to OverbyteIcsSslBase
TX509List from WSocket to OverbyteIcsSslBase
TSslContext from OverbyteIcsWSocket to OverbyteIcsSslBase
TOcspHttp from OverbyteIcsSslHttpRest to OverbyteIcsSslUtils
TDnsQueryHttp from SslHttpRest to OverbyteIcsDnsHttps
TIcsDomNameCacheHttps from OverbyteIcsSslHttpRest to OverbyteIcsDnsHttps
TextToHtmlText from OverbyteIcsFormDataDecoder to OverbyteIcsHtmlUtils
IcsHtmlValuesToUnicode from OverbyteIcsFormDataDecoder to OverbyteIcsHtmlUtils
IcsFindHtmlCharset from OverbyteIcsCharsetUtils to OverbyteIcsHtmlUtils
IcsFindHtmlCodepage from OverbyteIcsCharsetUtils to OverbyteIcsHtmlUtils
IcsContentCodepage from OverbyteIcsCharsetUtils to OverbyteIcsHtmlUtils
IcsHtmlToStr from OverbyteIcsCharsetUtils to OverbyteIcsHtmlUtils
IcsExtractURLEncodedValue from SslHttpRest to OverbyteIcsUrl
GetCookieValue from OverbyteIcsHttpSrv to OverbyteIcsUrl
ExtractURLEncodedParamList from OverbyteIcsHttpSrv to OverbyteIcsUrl
All ICS SSL/TLS projects have a new shared IcsSslRootCAStore component created at application start-up, to avoid different components needing their own CA stores to verify SSL/TLS certificates, and for applications to load those stores. When updating projects using a TSslContext component, setting the new property UseSharedCAStore to True causes the properties CAFile, CALines and CAPath to be ignored, and the new IcsSslRootCAStore component will be used instead, being automatically initialised if not done at program start-up. Don't use UseSharedCAStore for server components. High level ICS components such as TSslHttpRest that have an internal TSslContext component all set UseSharedCAStore and ignore properties like SslRootFile to load a root CA bundle. If a specific bundle is required it may be loaded to IcsSslRootCAStore.
There are several new defines in the OverbyteIcsDefs.inc file to determine how OpenSSL is loaded. If you retain your original .inc file, application behaviour should be unchanged, but the new .inc file in the distribution has new defaults for loading OpenSSL as detailing in the release notes and readme9.txt, please read very carefully. Essentially, OpenSSL will now be linked into applications and loaded at startup by the IcsSslRootCAStore component, so any code to load OpenSSL will be ignored. The global variables GSSLEAY_DLL_IgnoreNew and GSSLEAY_DLL_IgnoreOld are ignored since only different minor versions of OpenSSL 3 are supported.
====================================================================================
==================================================================================
Subject: ICS V9.1 announced
ICS V9.1 has been released at:
https://wiki.overbyte.eu/wiki/index.php/ICS_Download
ICS is a free internet component library for Delphi 7, 2006 to 2010, XE to XE8, 10, 10.1, 10.2, 10.3, 10.4, 11 and 12 and C++ Builder 11 and 12 and 11. ICS supports VCL and FMX, Win32, Win64 and MacOS 32-bit
targets.
The distribution zip includes the latest OpenSSL xxx3.0.5 win32, with other versions of OpenSSL being available from the download page.
Changes in ICS V9.1 include:
1 - Delphi 10.4, 11, 12 and later now use the same install groups and packages, IcsInstallFmx, IcsInstallVcl and IcsInstallVclFmx, making support a lot easier. Version specific groups remain for Delphi 10.3 and earlier, with new groups D(X)InstallVcl for VCL only replacing the old OverbyteIcs(X) groups, again to simplify support. Dozens of old packages have been removed for this release, so please delete all old groups and packages before installing V9.1, to avoid a mix of old and new packages. Only C++ 10.4, 11, 12 and later are now supported, but untested.
2 - The old samples directory has gone and many of the older and little used samples have been archived to a separate download. The active samples used to test and demonstrate all ICS components are now split into the following paths, in the ICS root directory:
demos-delphi-vcl - 45 VCL samples for Windows.
demos-delphi-extra - four VCL samples that need third party components to build.
demos-delphi-fmx - seven FMX samples for Windows, not yet tested on MacOS.
demos-cpp-vcl - all old C++ samples that have not been tested for 10 years, need help.
demos-data - data files for samples, such as web pages.
All these samples can now be built for Win32 and Win64 platforms. Beware the sample project files (.dproj) supplied are built with modern compilers, and can not be opened by legacy compilers due to new platforms and features, so you MUST delete the .dproj file before opening samples in legacy compilers so the .dproj file will be automatically recreated from the .dpr project file by Delphi.
3 - To ease development, linking and future support, some new units have been added by splitting existing units with multiple components, unfortunately this means many existing projects will need one or more of the new units adding to their uses section. Apologies for the pain, but this should have been done a long time ago. The main change is splitting out much of the SSL/TLS related code from the massive OverbyteIcsWSocket unit to a new unit OverbyteIcsSslBase. Also the OverbyteIcsSslHttpRest.pas has been split with two new units OverbyteIcsDnsHttps.pas and OverbyteIcsSslUtils.pas, to ease linking avoiding circular references. Another new unit OverbyteIcsHtmlUtils.pas now contains functions designed to build HTML pages that were previously split across different units.
4 - Distribution of the ICS OpenSSL files has changed. Earlier ICS versions required the OpenSSL DLLs to be distributed with applications, and a root CA bundle file to verify SSL/TLS connections, and these needed to be loaded using code. There was little standardisation over where the OpenSSL DLLs were located, applications tended to keep their own copies alongside other executables, leading to multiple DLL copies and needing the public variable GSSL_DLL_DIR set to a specific directory before OpenSSL was loaded. Likewise, root CA bundle directories had to be distributed with applications and loaded with code. ICS V9.1 allows five different ways of loading the OpenSSL DLLs:
1 - DLLs linked into application as resource files
2 - DLLs loaded from common directory C:\ProgramData\ICS-OpenSSL\
3 - OpenSSL DCU linked into application using commercial YuOpenSSL
4 - DLLs loaded from location specified in public variable GSSL_DLL_DIR
5 - DLLs loaded according to path, may be found anywhere on PC
Which method ICS uses to load OpenSSL depends upon several defines in the .\Source\Include\OverbyteIcsDefs.inc file, please see the readme9.txt file and notes below for details. ICS currently includes resource files for three different OpenSSL releases, 3.0`13. 3.1.5 and 3.2.1, which version is linked is controlled by a define. If the OpenSSL DLLs are linked into the application, they are extracted to a version subdirectory, ie C:\ProgramData\ICS-OpenSSL\3012\ so different applications can use different OpenSSL versions. This happens only once if the files have not already been extracted. When updating existing projects without using any new defines, the ICS old behaviour of methods 3, 4 and 5 above remain with no changes needed.
5 - A common IcsSslRootCAStore component is now created at application start-up, to avoid different components needing their own CA stores to verify SSL/TLS certificates, and for applications to load those stores. The three different CA stores included with ICS are now supplied as resource files, with a define determining which is linked into applications. Another define causes OpenSSL and this store to be loaded at application startup, so OpenSSL is available for all components, without it needing to be loaded again, perhaps repeatedly. Without new defines, a CA Store can be loaded manually into IcsSslRootCAStore. The ICS servers use CA Stores now use IcsSslRootCAStore and no longer load any files specified.
6 - All SSL/TLS servers need a certificate and private key to start, even when testing. Previously ICS supplied some self signed certificates for testing, and also created such certificates automatically if they were missing or if the server was about to order a Let's Encrypt certificate. Accessing such servers for testing using browsers raised various warnings. ICS now has it's own SSL root certificate 'ICS Root CA' and two intermediates, 'ICS Intermediate' and 'ICS Intermediate Short', the last of which includes a private key so can be used to automatically sign new certificates by ICS server applications, rather than just self signed certificates as before. If the 'ICS Root CA' certificate is installed in the Window Store and browser stores, it should stop certificate warnings appearing. ICS applications automatically trust the ICS root, so will give no warnings. The short intermediate has a maximum 100 day expiry, so new versions will be issued regularly. There is a single function CreateSelfSignCertEx that created signed certificates, and another IcsInstallIcsRoot that installs the ICS root into the Windows Store, so easy to use. It is possible to replace the ICS root with your own private root certificate and have servers create their own certificates against that root, for internal networks.
7 - Several client and server components have a new property NoSSL which if set will prevent those components using SSL/TLS for HTTPS or FTPS, even if the application is linked with OpenSSL code. Beware the IcsSslRootCAStore component must not be initialised by the application.
8 - The large OverbyteIcsWSocket unit has been split, by moving TSslContext, TSslBaseComponent, TX509Base and TX509List to a new unit OverbyteIcsSslBase, with only the SslContext callbacks left here since they need access to it, now set in InitSSLConnection instead of InitContext. No longer supporting defines OPENSSL_USE_DELPHI_MM (never used), OPENSSL_NO_ENGINE (deprecated, never used), OPENSSL_USE_RESOURCE_STRINGS (never used), NO_OSSL_VERSION_CHECK (dangerous), DEFINE OPENSSL_NO_TLSEXT (TLS needed everywhere), and LOADSSL_ERROR_FILE (better debugging now). If a connection fails, don't change State to wsConnected briefly before changing it again to wsClosed. Added TSslWsocket SslAlpnProtocols property to specify a list of protocols for clients to send to servers, instead of a similar SslContext property.
9 - OverbyteIcsSslBase is a new unit with TSslContext, TSslBaseComponent, T509Base and TX509List from OverbyteIcsWSocket, also function sslRootCACertsBundle moves here from X509Utils. Added property X509PubKeyTB to TX509Base to get the certificate public in DER binary format as TBytes, from where it may be converted to hex or base64, used for Raw Public Key certificate validation. Made more TX509Base functions and variables public so they can be accessed from other units. Added DHE-RSA-CHACHA20-POLY1305 to TLS/1.2 sslCiphersMozillaSrvTLS12. Added IcsReadTBBio, IcsWriteStrBio, IcsWriteTBBio, IcsSslLoadStackFromP12TB which are internal functions for handling TBytes and certificates, to simplify code (we use too many AnsiStrings for binary data). Added function IcsReportOpenSSLVer to centralise version reporting, optionally adding number of CA root certificates loaded. Saving a private key with a PCKS12 file is now optional. Moved BuildCertFName from WSocketS as IcsIcsBuildCertFName. ICSRootCA.pem and ICS_Intermediate_Short-bundle.pem certificates linked as resources, root is added to IcsSslRootCAStore.
10 - Added new TSslRootCAStore component to OverbyteIcsSslBase derived from TX509List with an Initialise method that loads OpenSSL, then tries to load the internal certificate sslRootCACertsBundle that should be linked into the app, if missing then tries to load DefRootCABundle.pem from C:\ProgramData\ICS-OpenSSL\ or the app path. It also tries to load ExtraRootCABundle.pem which is an optional private root bundle that can be used for private customer or devel roots. Added public IcsSslRootCAStore component created and intialised when this unit is loaded so a common root store is ready for any SslContext or other components. Define OpenSSL_AutoLoad_CA_Bundle can be suppressed to stop OpenSSL and the bundled being automatically loaded, if not needed. SslContext has new property UseSharedCAStore which causes the properties CAFile, CALines and CAPath to be ignored, uses IcsSslRootCAStore instead.
11 - The TX509List class can now load and save PKCS#12 certificate bundle files, smaller than PEM files, added SaveToP12File, SaveToP12TB, LoadAllFromP12File, LoadAllFromP12TB, intended to load a certificate bundle. LoadAllFromPemFile and LoadAllFromPemTB renamed from LoadAllFromFileEx and AddAllFromFStringEx with new versions handling both PEM and PKCS#12 certificate bundle files. TX509List has new method ListCerts that returns one listing line per cert.
12 - The OverbyteIcsLIBEAY and OverbyteIcsSSLEAY units no longer support for OpenSSL 1.1.1 which is end of life. The GSSLEAY_DLL_IgnoreOld/New public variables are currently ignored since only 3.x supported. Added public variable GSSLEAY_RES_SUBDIR which defaults to "ICS-OpenSSL", where OpenSSL files will be saved and accessed if linked as a resource in the application, with a sub-directory for each different version, as mentioned earlier. Added GSSL_CERTS_DIR and GSSL_ROOTS_DIR globals where ICS looks for SSL/TLS certificates and bundles.
13 - Several new defines are added to the .\Source\Include\OverbyteIcsDefs.inc file to determine how OpenSSL is loaded, all those relevant are:
{$DEFINE USE_SSL} - default enabled, link OpenSSL into all components.
{$DEFINE OpenSSL_Resource_Files} - default enabled, link OpenSSL DLLs as resource file into applications, and extract them to shell path CSIDL_COMMON_APPDATA and sub-directory "ICS-OpenSSL" with a version subdirectory, ie C:\ProgramData\ICS-OpenSSL\3012\ . This happens only once if the files have not already been extracted. Ignored for YuOpenSSL.
{$DEFINE OpenSSL_32} - if OpenSSL_Resource_Files is enabled, determines which major and minor version of OpenSSL is linked into the application, 32 is 3.2.x, or 31 or 30. ICS is currently distributed with OpenSSL 3.0, 3.1 and 3.2, the latest patch of each version so 3.0`13. 3.1.5 and 3.2.1, the resources files are in .\Source\, LibV32OpenSSL32.RES for 3.2 Win32, total six resource files, ICS automatically links Win32 or Win64 RES files.
{$DEFINE OpenSSL_ProgramData} - default enabled, but ignored if OpenSSL_Resource_Files or YuOpenSSL enabled. Causes ICS to load OpenSSL DLLs from C:\ProgramData\ICS-OpenSSL\, an alias for C:\Users\All Users\ICS-OpenSSL. ICS is distributed with Win32 and Win64 DLLs for 3.2.1 in .\ICS-OpenSSL which are copied there when building the IcsCommonXXRun package. Note there is no version sub-directory so no version choice. If enabled, overrides the public variable GSSL_DLL_DIR which some applications set to load OpenSSL from a known directory.
{$DEFINE YuOpenSSL} - default disabled. If enabled, compiles the OpenSSL code as a DCU directly into binaries so the OpenSSL are not needed, YuOpenSSL is a commercial product from https://www.yunqa.de/. OpenSSL 3.0 and 3.2 are available for YuOpenSSL.
NOTE: if defines OpenSSL_Resource_Files, OpenSSL_ProgramData and YuOpenSSL are all disabled or missing, ICS loads OpenSSL from the directory specified in the public variable GSSL_DLL_DIR, which is typically set to the application directory. If blank, Windows will search the path for any OpenSSL 3 DLLs, anywhere.
{$DEFINE OpenSSL_CA_Bundle_Small} - default enabled, links a root certificate authority bundle as a resource file into applications, other options are Medium and Large. CA bundles are needed to verify that SSL/TLS certificates are issued by trusted authorities, the resources files are in .\Source\, sslRootCACertsBundle.RES (OpenSSL_CA_Bundle_Small), TrustedCaBundle.RES (OpenSSL_CA_Bundle_Medium) and RootCaCertsBundle.RES (OpenSSL_CA_Bundle_Large).
{$DEFINE OpenSSL_AutoLoad_CA_Bundle} - default enabled. With ICS V9.1 and later, a common IcsSslRootCAStore component is created at application start-up, if this define is enabled OpenSSL will be loaded followed by the root CA bundle RES file according to define OpenSSL_CA_Bundle_Small/Medium/Large. This means OpenSSL is available for all components, without it needing to be loaded again, perhaps repeatedly, and multiple components can share the IcsSslRootCAStore component without needing to load their own CA bundles. If this defined is not enabled, SslRootCAStore.Initialise may be called by the application to load OpenSSL and the CA bundle, which is done automatically by SslContext.InitContext if not done previously.
{$DEFINE AUTO_X509_CERTS} - default enabled. This define enables automatic SSL/TLS ordering from Let's Encrypt in SocketServer and other servers. Unfortunately this adds a lot of other units, HTTPS REST, Json, OAuth2, etc, increasing the size of server applications, so it may be disabled to make server EXE files smaller if certificates are obtained and installed manually.
Except when using the OpenSSL_AutoLoad_CA_Bundle define, OpenSSL still needs to be loaded before any SSL/TLS functionality can be used. This is done automatically by TSslContext and some other components that use OpenSSL, but this means SSL errors like the DLLs not being found may not be raised until a web page is accessed, etc. So it is generally better to load OpenSSL early on in your application, when errors are easier to handle There is a function IcsReportOpenSSLVer that returns the OpenSSL version loaded and where it was loaded from, to help debug loading problems.
When using the OpenSSL_AutoLoad_CA_Bundle define, if the OpenSSL legacy.dll is needed to support old algorithms, which includes most password protected PFX/PCS12 certificates, it must be loaded using LibeayLoadProviders(True, False); since it is not possible to set the GSSLEAY_LOAD_LEGACY global variable early enough.
14 - The TSslWSocketServer class in OverbyteIcsWSocketS has a new property NoSSL that prevents use of SSL/TLS, must be set before server is started. Replaced FX509CAList with public IcsSslRootCAStore. When creating a local SSL/TLS certificate to allow a server to start, ICS now creates a certificate with the IcsHosts.Hosts names signed by an internal ICS intermediate 'ICS Intermediate Short' signed by 'ICS Root CA' which if installed in Windows and browsers will stop certificate warnings appearing. Previously ICS only created self signed certificates. The global GSSL_INTER_FILE may be changed to an alternate intermediate bundle. The ICS bundle has the password 'password' and a maximum 100 day life, so new intermediates will be required regularly, to prevent misuse. Use the function IcsInstallIcsRoot to install the ICS root certificate into the Windows Root Store, needs admin rights for the Local Machine store. Added property ListenAny returns true if any sockets are listening, ie server is running.
15 - The TSslHttpRest component now allows TRestParams to be created as content type 'Form-Data Body' to create MIME multipart/form-data parameters that may include new TParamType of RPTypeFile that specifies a file name whose binary content will be added to the parameters as a file upload, allowing multiple files and extra parameters. File uploading with HttpUploadSimple can now use TRestParams. TRestParams are now built into a TStream rather than a string to allow larger parameter sizes. Added new property MaxLogParams to TSslHttpRest defaulting to 4,096 to restrict the length of params logged before requests with DebugLevel is DebugParams or better, there may be megabytes. Params are now line broken and binary stripped. Added progress information for file uploading, that may take a while, uploads tested to 7GB, beware preparing the form-data content stream may take a few minutes without progress information. Added new property SharedSslCtx which allows an external TSslContext component to be set to the SslContext property (just as with TSslHttpCli) rather than using the internal RestSslCtx automatically. This will be more efficient on memory when using multiple TSslHttpRest components in parallel Added new property NoSSL to TSslHttpRest that prevents use of HTTPS, must be set before any requests. HTTP redirected to HTTPS will fail.
16 - Redesigned TRestParams to build parameters into ParamStream using GetParamStream, to allow parameters including very large files and since the HTTP component needs a post stream rather than a string, mainly for multipart/form-data parameters, see below, GetParams still returns an AnsiString while GetParametersTB returns TBytes. Added new TRestParams content type of PContNone to make them easier to disable, beware ordial values have changed if this saved rather than a literal. Added new TRestParams content type PContFormData to create multipart/form-data parameters, according to RFC7578 which may include multiple binary files and _charset_ part. The TRestParams AddItem method has a new optional ContentType argument, currently used for PContFormData only. Added TParamType of RPTypeFile for binary file content. Added new TRestParams AddItemFile method that takes a full binary file name with optional file size and ContentType, the latter two will be looked up if not supplied, content from file extension and a MIME table. Added new TRestParams FormDataUtf8 property that if true will add a FormData _charset_ part with utf-8 and send all textual content as utf-8 without UrlEncoding. Added GetEstParamSize that returns Int64 estimated size of the parameters, to allow the application to allocate a TFileStream instead of TMemoryStream if massive files are included, typically more than 50MB. Added IcsPercentEncode and IcsPercentDecode to percent encode and decode any non 7-bit characters, ignore charsets. Similar to UrlEncode but does not change spaces or special chars, except %. ExtractURLEncodedParamList has new optional Values parameter than adds all values to the strings as name=value. The ResultSet2Json method of TRestParamsSrv has a new optional query parameter that is added to the Json to assist processing.
17 - The TSslHttpCli component now only call SetSslAlpnProtocols if using Https. If the Location property is cleared during the OnLocationChange event, relocation is stopped, can be used stop relocation from http to Https. When sending proxy CONNNECT request, add ALPN: header (RFC7639) which will be forwarded to target by some proxies, needed for Acme protocol.
18 - The TSslHttpAppSrv application web server has improvements for processing POST data. Added properties PostedDataTB and PostedDataStr to return posted data in easier to use types than an PAnsiChar buffer. Added MaxUploadMB defaults to 200 MBbyte to restrict maximum size of POST or PUT requests. Added MaxStreamMB defaults to 50 MBbyte as the maximum TMemoryStream size before a TFileStream is instead used with a temporary file name. Added PostedDataStream to which POST and PUT content is written which is what TFormDataAnalyser needs, PostedData pointer now points to the stream memory rather than a stack buffer. PUT requests now save uploaded data similarly to POST. These changes allows file uploads larger than memory, up to MaxUploadSize. Added new property NoSSL that prevents use of HTTPS, must be set before server is started. The INI file reads NoSSl, MaxUploadMB and MaxStreamMB. The web server samples have a new postinfo.html page that decodes and displays any parameters passed.
19 - The Web Socket Client class TSslWebSocketCli has a new property WSFullHdrs which when true causes all HTTP request headers to be sent when upgrading a connection to WebSocket, normally only the important headers are sent. Fixed a problem where multiple or partial frames might arrive together, ensure they are corrected assembled. Added new frame state wsfsIncompleteHeader when this happens.
20 - The Web Socket Server class THttpWSSrvConn now skips websocket upgrade if authentication is needed. Fixed a problem where multiple or partial frames might arrive together, ensure they are corrected assembled.
21 - In the OverbyteIcsPemTool sample, when displaying an X509 certificate, show Raw Public Key in base64, should match that of a PEM file with a public key. Allow to save PKCS12 without a private key. Added Basic Constraints 'Root Certificate Authority' tick box that ignores pathlen, 'Certificate Authority' box is now renamed 'Self Signed or Intermediate' and sets pathlen=0 to restrict signing to top level. Removed creating DH Params, not used nowadays with modern ciphers. Added Create Quick Certificates, allows self signed or CA signed certificates to be created with a single button using function CreateSelfSignCertEx. Only uses CommonName, Alt DNS Names, key type and password, and a root CA bundle if the certificate is CA signed, ICS includes a bundle with the file name in GSSL_INTER_FILE. Always creates a PEM bundle with key and intermediate. When installing certificate into the Windows Store, only install key and inter if supplied, and allow all store types, previously always MyStore. Added button 'Install ICS Root in Windows Store' to he Quick box which calls the function IcsInstallIcsRoot to install the ICS root certificate into the Windows Root Store, needs admin rights for the Local Machine store.
22 - The TRestOAuth class has a new OAuthOption of OAopAuthBasic which means use Basic Authentication with client id and secret instead of sending them as parameters.
23 - In the TIcsRestEmail class, Microsoft 365 Rest Email now supports EmailFmtRaw for both GetEmail and SendEmail to receive and send RFC822 SMTP format messages (like GMail) prepared by the TSslHtmlSmtpCli component with HTML content and attachments, and received message can be decoded using TMimeDecodeW, tested using the OverbyteIcsHttpRestTst sample. New TRestEmailType of RestEmailNone where we don't want REST email, beware ordial values changed if saved instead of literals, default now None.
24 - The TIcsFtpMulti, TIcsHttpMulti and TIcsMailQueue components have a new property NoSSL that prevents use of SSL/TLS, must be set before any requests. SslContext now uses the public IcsSslRootCAStore and ignores root bundle.
25 - The TIcsHttpProxy component now supports the CONNECT ALPN: header (RFC7659), to forward ALPN to target. If source sends SSL ALPN, forward it to target. Perhaps optional or at least remove h2 and h3 which we don't support.
26 - With the TSslX509Certs component, made sure certificate extensions are set for server certificate before creating certificate request so international domain name with accents gets processed. Validation now uses public IcsSslRootCAStore and ignores root bundle. The OwnCASign method to sign our own certificates has a new optional OwnCA that creates an intermediate certificate that can sign certificate requests.
27 - In the OverbyteIcsSslX509Utils unit, the function CreateSelfSignCertEx has an extra argument for the file name of a root CA signing bundle, usually an intermediate bundle, that is used to create a CA signed certificate instead of self signed. Password for CA must be same as certificate. Designed for use with public variable GSSL_INTER_FILE which defaults to an ICS signed intermediate allowing servers to issue their own certificates. The SslCertTools class has a new CaCertLines property which returns CA PEM lines, used to create bundle with intermediate. When creating certificates, if BasicPathLen=-1 leave out Basic Constraints pathlen so root certificates can sign intermediates.
28 - The OverbyteIcsHttpRestTst sample has a new 'No SSL/HTTPS' tick box to disable SSL and HTTPS requests, and a new 'Rest Content' type of 'Form-Data Body' to create MIME multipart/form-data parameters that may include new TParamType of RPTypeFile that specifies a file name whose binary content will be added to the parameters as a file upload, in a similar way to the existing 'Upload File' as 'Form-Data' except allowing multiple files and extra parameters. Added 'Form-Data UTF-8 Charset' tick box so form parameters are encoded as UTF-8 rather than HTML characters. TRestParams are now into a TStream rather than an AnsiString to allow larger sizes, tested up to 8GB. Websocket testing will now parse Json if returned, added Send Multi Lines to send two or more lines of text in a single message or as multiple separate messages.
29 - The TMsCertTools class method SaveToStorePfx has a new argument MsCertStore to allow loading into Windows roots store as well as MyStore. Added function IcsInstallIcsRoot to install the ICS Root CA from linked resource into the Windows Trust Store. Also a new method GetOneCert by SHA1 Digest.
30 - In the OverbyteIcsIpUtils unit, IcsLoadMacPrefixes now tries to load a MAC list file from a resource file nmap-mac-prefixes.RES if linked into application, otherwise loads file nmap-mac-prefixes.txt. Likewise the common port list is loaded from a resource file icsportlist.RES if linked, otherwise loads file icsportlist.txt. These changes avoid needing to distribute the files separately with applications, beware they are now automatically linked, in case not needed.
31 - The TIcsTimeClient SNTP component now sends the proper NTP version to the server, we have been sending v6 for 20 years, when v4 is the latest. Added more NTP servers from cloud providers that are more likely to be running than private ntp.org servers. Fixed IcsGetUTCNtpTime always returning midnight due to strange rounding in newer Delphi versions, meant time server sent wrong time.
32 - Historically, ICS has often used AnsiStrings to handle binary data, sometimes custom byte buffers. Modern versions of Delphi now use TBytes (dynamic array of bytes) for binary, so ICS had added many methods and properties using TBytes, mostly with TB added to existing names. There are now TBytes versions of the Jose, hash and digest functions since all input and output is binary: IcsHMACDigestTB, IcsHMACDigestExTB, IcsHMACDigestVerifyTB, IcsHashDigestTB, IcsAsymSignDigestTB, IcsAsymVerifyDigestTB, IcsJoseGetSigTB and IcsJoseCheckSigTB. New utility functions include IcsTBToHex, Base64EncodeTB, Base64DecodeTB, IcsTBytesToString, IcsMoveTBytesToString, IcsTBytesToStringA, IcsStringToTBytes, IcsStringAToTBytes, IcsBase64UrlDecodeTB, IcsBase64UrlDecodeATB, IcsBase64UrlEncodeTB a, IcsBase64UrlEncodeATB, Utf8ToStringTB. Renamed IcsToASCII to IcsPunyToAsci and IcsToUnicode to IcsPunyToUnicode so they don't get used for the wrong purpose. Added IcsFormatHexStr to break long hex string into groups and lines, defaulting to eight chars per group, 64 per line. Added IcsStrRemCntls to replace control codes (< space) in string with ~, optionally leaving line endings, IcsStrRemCntlsA takes an AnsiString or buffer, IcsStrRemCntlsTB is TBytes buffer. Added IcsStrBeakup to break up text into multiple lines of specified length, default 80. Added IcsTimeToZStr to convert DataTime to string hh:mm:ss:zzz. Added IcsResourceGetTB to read TBytes from a named resource. Added IcsResourceSaveFile to save a file from a named resource. Report mobile platforms to IcsBuiltWithEx. Added IcsDataSaveFile and IcsDataLoadFile to save TBytes to a file, and load it from a file, no error reporting.
New Resource Files
------------------
As mentioned above, ICS now includes several resource files that are linked into applications, to avoid distributing and loading separate files, these includes OpenSSL DLLs, certificate authority bundles, root certificates and network information lists.
It is intended to issue new ICS releases containing the latest OpenSSL DLLs shortly after new versions are released, which is typically every three months unless serious security fixes require more frequent releases.
The OpenSSL resource files included with ICS come from the OpenSSL zip distribution files at https://wiki.overbyte.eu/wiki/index.php/ICS_Download . ICS currently includes three different versions for two platforms, only one is ever linked into applications according to DEFINES, see earlier. These RES files contain all the DLLs, which are extracted once to version specific sub-directories.
LibV30OpenSSL32.RES
LibV30OpenSSL64.RES
LibV31OpenSSL32.RES
LibV31OpenSSL64.RES
LibV32OpenSSL32.RES
LibV32OpenSSL64.RES
ICS contains three root certificate authority bundle files, the latest versions of which can be downloaded from https://www.magsys.co.uk/download/software/ca-root-bundles.zip, one of which is linked into applications according to defines. The source bundle files are located in .\ICS-OpenSSL/ICS-RootCAs\, the RES files contail the P12 files which are smaller than the PEM versions.
RootCaCertsBundle.RES {$DEFINE OpenSSL_CA_Bundle_Large}
sslRootCACertsBundle.RES {$DEFINE OpenSSL_CA_Bundle_Small}
TrustedCaBundle.RES {$DEFINE OpenSSL_CA_Bundle_Medium}
There are other smaller resource files, all build with BuildICSResFiles.cmd for which the source files are part of ICS,.
ICSCerts.RES (contains ICSRootCA.pem and ICS_Intermediate_Short-bundle.pem)
ICSPortList.RES (contains ICSPortList.txt)
nmap-mac-prefixes.RES (contains nmap-mac-prefixes.txt)
=============================================================================
[[ICS_V9.1 | ICS 9.1 Release Notes]]
Changes in '''ICS V9.1''' include:
#Delphi 10.4, 11, 12 and later now use the same install groups and packages, IcsInstallFmx, IcsInstallVcl and IcsInstallVclFmx, making support a lot easier. Version specific groups remain for Delphi 10.3 and earlier, with new groups D(X)InstallVcl for VCL only replacing the old OverbyteIcs(X) groups, again to simplify support. Dozens of old packages have been removed for this release, so please delete all old groups and packages before installing V9.1, to avoid a mix of old and new packages. Only C++ 10.4, 11, 12 and later are now supported, but untested.
#The old samples directory has gone and many of the older and little used samples have been archived to a separate download. The active samples used to test and demonstrate all ICS components are now split into the following paths, in the ICS root directory. All these samples can now be built for Win32 and Win64 platforms. Beware the sample project files (.dproj) supplied are built with modern compilers, and can not be opened by legacy compilers due to new platforms and features, so you MUST delete the .dproj file before opening samples in legacy compilers so the .dproj file will be automatically recreated from the .dpr project file by Delphi.
##demos-delphi-vcl - 45 VCL samples for Windows.
##demos-delphi-extra - four VCL samples that need third party components to build.
##demos-delphi-fmx - seven FMX samples for Windows, not yet tested on MacOS.
##demos-cpp-vcl - all old C++ samples that have not been tested for 10 years, need help.
##demos-data - data files for samples, such as web pages.
#To ease development, linking and future support, some new units have been added by splitting existing units with multiple components, unfortunately this means many existing projects will need one or more of the new units adding to their uses section. Apologies for the pain, but this should have been done a long time ago. The main change is splitting out much of the SSL/TLS related code from the massive OverbyteIcsWSocket unit to a new unit OverbyteIcsSslBase. Also the OverbyteIcsSslHttpRest.pas has been split with two new units OverbyteIcsDnsHttps.pas and OverbyteIcsSslUtils.pas, to ease linking avoiding circular references. Another new unit OverbyteIcsHtmlUtils.pas now contains functions designed to build HTML pages that were previously split across different units.
#Distribution of the ICS OpenSSL files has changed. Earlier ICS versions required the OpenSSL DLLs to be distributed with applications, and a root CA bundle file to verify SSL/TLS connections, and these needed to be loaded using code. There was little standardisation over where the OpenSSL DLLs were located, applications tended to keep their own copies alongside other executables, leading to multiple DLL copies and needing the public variable GSSL_DLL_DIR set to a specific directory before OpenSSL was loaded. Likewise, root CA bundle directories had to be distributed with applications and loaded with code. ICS V9.1 allows five different ways of loading the OpenSSL DLLs: Which method ICS uses to load OpenSSL depends upon several defines in the .\Source\Include\OverbyteIcsDefs.inc file, please see the readme9.txt file and notes below for details. ICS currently includes resource files for three different OpenSSL releases, 3.0`13. 3.1.5 and 3.2.1, which version is linked is controlled by a define. If the OpenSSL DLLs are linked into the application, they are extracted to a version subdirectory, ie C:\ProgramData\ICS-OpenSSL\3012\ so different applications can use different OpenSSL versions. This happens only once if the files have not already been extracted. When updating existing projects without using any new defines, the ICS old behaviour of methods 3, 4 and 5 above remain with no changes needed.
##DLLs linked into application as resource files
##DLLs loaded from common directory C:\ProgramData\ICS-OpenSSL\
##OpenSSL DCU linked into application using commercial YuOpenSSL
##DLLs loaded from location specified in public variable GSSL_DLL_DIR
##DLLs loaded according to path, may be found anywhere on PC
#A common IcsSslRootCAStore component is now created at application start-up, to avoid different components needing their own CA stores to verify SSL/TLS certificates, and for applications to load those stores. The three different CA stores included with ICS are now supplied as resource files, with a define determining which is linked into applications. Another define causes OpenSSL and this store to be loaded at application startup, so OpenSSL is available for all components, without it needing to be loaded again, perhaps repeatedly. Without new defines, a CA Store can be loaded manually into IcsSslRootCAStore. The ICS servers use CA Stores now use IcsSslRootCAStore and no longer load any files specified.
#All SSL/TLS servers need a certificate and private key to start, even when testing. Previously ICS supplied some self signed certificates for testing, and also created such certificates automatically if they were missing or if the server was about to order a Let's Encrypt certificate. Accessing such servers for testing using browsers raised various warnings. ICS now has it's own SSL root certificate 'ICS Root CA' and two intermediates, 'ICS Intermediate' and 'ICS Intermediate Short', the last of which includes a private key so can be used to automatically sign new certificates by ICS server applications, rather than just self signed certificates as before. If the 'ICS Root CA' certificate is installed in the Window Store and browser stores, it should stop certificate warnings appearing. ICS applications automatically trust the ICS root, so will give no warnings. The short intermediate has a maximum 100 day expiry, so new versions will be issued regularly. There is a single function CreateSelfSignCertEx that created signed certificates, and another IcsInstallIcsRoot that installs the ICS root into the Windows Store, so easy to use. It is possible to replace the ICS root with your own private root certificate and have servers create their own certificates against that root, for internal networks.
#Several client and server components have a new property NoSSL which if set will prevent those components using SSL/TLS for HTTPS or FTPS, even if the application is linked with OpenSSL code. Beware the IcsSslRootCAStore component must not be initialised by the application.
#The large OverbyteIcsWSocket unit has been split, by moving TSslContext, TSslBaseComponent, TX509Base and TX509List to a new unit OverbyteIcsSslBase, with only the SslContext callbacks left here since they need access to it, now set in InitSSLConnection instead of InitContext. No longer supporting defines OPENSSL_USE_DELPHI_MM (never used), OPENSSL_NO_ENGINE (deprecated, never used), OPENSSL_USE_RESOURCE_STRINGS (never used), NO_OSSL_VERSION_CHECK (dangerous), DEFINE OPENSSL_NO_TLSEXT (TLS needed everywhere), and LOADSSL_ERROR_FILE (better debugging now). If a connection fails, don't change State to wsConnected briefly before changing it again to wsClosed. Added TSslWsocket SslAlpnProtocols property to specify a list of protocols for clients to send to servers, instead of a similar SslContext property.
#OverbyteIcsSslBase is a new unit with TSslContext, TSslBaseComponent, T509Base and TX509List from OverbyteIcsWSocket, also function sslRootCACertsBundle moves here from X509Utils. Added property X509PubKeyTB to TX509Base to get the certificate public in DER binary format as TBytes, from where it may be converted to hex or base64, used for Raw Public Key certificate validation. Made more TX509Base functions and variables public so they can be accessed from other units. Added DHE-RSA-CHACHA20-POLY1305 to TLS/1.2 sslCiphersMozillaSrvTLS12. Added IcsReadTBBio, IcsWriteStrBio, IcsWriteTBBio, IcsSslLoadStackFromP12TB which are internal functions for handling TBytes and certificates, to simplify code (we use too many AnsiStrings for binary data). Added function IcsReportOpenSSLVer to centralise version reporting, optionally adding number of CA root certificates loaded. Saving a private key with a PCKS12 file is now optional. Moved BuildCertFName from WSocketS as IcsIcsBuildCertFName. ICSRootCA.pem and ICS_Intermediate_Short-bundle.pem certificates linked as resources, root is added to IcsSslRootCAStore.
#Added new TSslRootCAStore component to OverbyteIcsSslBase derived from TX509List with an Initialise method that loads OpenSSL, then tries to load the internal certificate sslRootCACertsBundle that should be linked into the app, if missing then tries to load DefRootCABundle.pem from C:\ProgramData\ICS-OpenSSL\ or the app path. It also tries to load ExtraRootCABundle.pem which is an optional private root bundle that can be used for private customer or devel roots. Added public IcsSslRootCAStore component created and intialised when this unit is loaded so a common root store is ready for any SslContext or other components. Define OpenSSL_AutoLoad_CA_Bundle can be suppressed to stop OpenSSL and the bundled being automatically loaded, if not needed. SslContext has new property UseSharedCAStore which causes the properties CAFile, CALines and CAPath to be ignored, uses IcsSslRootCAStore instead.
#The TX509List class can now load and save PKCS#12 certificate bundle files, smaller than PEM files, added SaveToP12File, SaveToP12TB, LoadAllFromP12File, LoadAllFromP12TB, intended to load a certificate bundle. LoadAllFromPemFile and LoadAllFromPemTB renamed from LoadAllFromFileEx and AddAllFromFStringEx with new versions handling both PEM and PKCS#12 certificate bundle files. TX509List has new method ListCerts that returns one listing line per cert.
#The OverbyteIcsLIBEAY and OverbyteIcsSSLEAY units no longer support for OpenSSL 1.1.1 which is end of life. The GSSLEAY_DLL_IgnoreOld/New public variables are currently ignored since only 3.x supported. Added public variable GSSLEAY_RES_SUBDIR which defaults to "ICS-OpenSSL", where OpenSSL files will be saved and accessed if linked as a resource in the application, with a sub-directory for each different version, as mentioned earlier. Added GSSL_CERTS_DIR and GSSL_ROOTS_DIR globals where ICS looks for SSL/TLS certificates and bundles.
#Several new defines are added to the .\Source\Include\OverbyteIcsDefs.inc file to determine how OpenSSL is loaded, all those relevant are:
##[$DEFINE USE_SSL} - default enabled, link OpenSSL into all components.
##{$DEFINE OpenSSL_Resource_Files} - default enabled, link OpenSSL DLLs as resource file into applications, and extract them to shell path CSIDL_COMMON_APPDATA and sub-directory "ICS-OpenSSL" with a version subdirectory, ie C:\ProgramData\ICS-OpenSSL\3012\ . This happens only once if the files have not already been extracted. Ignored for YuOpenSSL.
##{$DEFINE OpenSSL_32} - if OpenSSL_Resource_Files is enabled, determines which major and minor version of OpenSSL is linked into the application, 32 is 3.2.x, or 31 or 30. ICS is currently distributed with OpenSSL 3.0, 3.1 and 3.2, the latest patch of each version so 3.0`13. 3.1.5 and 3.2.1, the resources files are in .\Source\, LibV32OpenSSL32.RES for 3.2 Win32, total six resource files, ICS automatically links Win32 or Win64 RES files.
##{$DEFINE OpenSSL_ProgramData} - default enabled, but ignored if OpenSSL_Resource_Files or YuOpenSSL enabled. Causes ICS to load OpenSSL DLLs from C:\ProgramData\ICS-OpenSSL\, an alias for C:\Users\All Users\ICS-OpenSSL. ICS is distributed with Win32 and Win64 DLLs for 3.2.1 in .\ICS-OpenSSL which are copied there when building the IcsCommonXXRun package. Note there is no version sub-directory so no version choice. If enabled, overrides the public variable GSSL_DLL_DIR which some applications set to load OpenSSL from a known directory.
##{$DEFINE YuOpenSSL} - default disabled. If enabled, compiles the OpenSSL code as a DCU directly into binaries so the OpenSSL are not needed, YuOpenSSL is a commercial product from https://www.yunqa.de/. OpenSSL 3.0 and 3.2 are available for YuOpenSSL.
##NOTE: if defines OpenSSL_Resource_Files, OpenSSL_ProgramData and YuOpenSSL are all disabled or missing, ICS loads OpenSSL from the directory specified in the public variable GSSL_DLL_DIR, which is typically set to the application directory. If blank, Windows will search the path for any OpenSSL 3 DLLs, anywhere.
##{$DEFINE OpenSSL_CA_Bundle_Small} - default enabled, links a root certificate authority bundle as a resource file into applications, other options are Medium and Large. CA bundles are needed to verify that SSL/TLS certificates are issued by trusted authorities, the resources files are in .\Source\, sslRootCACertsBundle.RES (OpenSSL_CA_Bundle_Small), TrustedCaBundle.RES (OpenSSL_CA_Bundle_Medium) and RootCaCertsBundle.RES (OpenSSL_CA_Bundle_Large).
##{$DEFINE OpenSSL_AutoLoad_CA_Bundle} - default enabled. With ICS V9.1 and later, a common IcsSslRootCAStore component is created at application start-up, if this define is enabled OpenSSL will be loaded followed by the root CA bundle RES file according to define OpenSSL_CA_Bundle_Small/Medium/Large. This means OpenSSL is available for all components, without it needing to be loaded again, perhaps repeatedly, and multiple components can share the IcsSslRootCAStore component without needing to load their own CA bundles. If this defined is not enabled, SslRootCAStore.Initialise may be called by the application to load OpenSSL and the CA bundle, which is done automatically by SslContext.InitContext if not done previously.
##{$DEFINE AUTO_X509_CERTS} - default enabled. This define enables automatic SSL/TLS ordering from Let's Encrypt in SocketServer and other servers. Unfortunately this adds a lot of other units, HTTPS REST, Json, OAuth2, etc, increasing the size of server applications, so it may be disabled to make server EXE files smaller if certificates are obtained and installed manually.
##Except when using the OpenSSL_AutoLoad_CA_Bundle define, OpenSSL still needs to be loaded before any SSL/TLS functionality can be used. This is done automatically by TSslContext and some other components that use OpenSSL, but this means SSL errors like the DLLs not being found may not be raised until a web page is accessed, etc. So it is generally better to load OpenSSL early on in your application, when errors are easier to handle There is a function IcsReportOpenSSLVer that returns the OpenSSL version loaded and where it was loaded from, to help debug loading problems.
##When using the OpenSSL_AutoLoad_CA_Bundle define, if the OpenSSL legacy.dll is needed to support old algorithms, which includes most password protected PFX/PCS12 certificates, it must be loaded using LibeayLoadProviders(True, False); since it is not possible to set the GSSLEAY_LOAD_LEGACY global variable early enough.
#The TSslWSocketServer class in OverbyteIcsWSocketS has a new property NoSSL that prevents use of SSL/TLS, must be set before server is started. Replaced FX509CAList with public IcsSslRootCAStore. When creating a local SSL/TLS certificate to allow a server to start, ICS now creates a certificate with the IcsHosts.Hosts names signed by an internal ICS intermediate 'ICS Intermediate Short' signed by 'ICS Root CA' which if installed in Windows and browsers will stop certificate warnings appearing. Previously ICS only created self signed certificates. The global GSSL_INTER_FILE may be changed to an alternate intermediate bundle. The ICS bundle has the password 'password' and a maximum 100 day life, so new intermediates will be required regularly, to prevent misuse. Use the function IcsInstallIcsRoot to install the ICS root certificate into the Windows Root Store, needs admin rights for the Local Machine store. Added property ListenAny returns true if any sockets are listening, ie server is running.
#The TSslHttpRest component now allows TRestParams to be created as content type 'Form-Data Body' to create MIME multipart/form-data parameters that may include new TParamType of RPTypeFile that specifies a file name whose binary content will be added to the parameters as a file upload, allowing multiple files and extra parameters. File uploading with HttpUploadSimple can now use TRestParams. TRestParams are now built into a TStream rather than a string to allow larger parameter sizes. Added new property MaxLogParams to TSslHttpRest defaulting to 4,096 to restrict the length of params logged before requests with DebugLevel is DebugParams or better, there may be megabytes. Params are now line broken and binary stripped. Added progress information for file uploading, that may take a while, uploads tested to 7GB, beware preparing the form-data content stream may take a few minutes without progress information. Added new property SharedSslCtx which allows an external TSslContext component to be set to the SslContext property (just as with TSslHttpCli) rather than using the internal RestSslCtx automatically. This will be more efficient on memory when using multiple TSslHttpRest components in parallel Added new property NoSSL to TSslHttpRest that prevents use of HTTPS, must be set before any requests. HTTP redirected to HTTPS will fail.
#Redesigned TRestParams to build parameters into ParamStream using GetParamStream, to allow parameters including very large files and since the HTTP component needs a post stream rather than a string, mainly for multipart/form-data parameters, see below, GetParams still returns an AnsiString while GetParametersTB returns TBytes. Added new TRestParams content type of PContNone to make them easier to disable, beware ordial values have changed if this saved rather than a literal. Added new TRestParams content type PContFormData to create multipart/form-data parameters, according to RFC7578 which may include multiple binary files and _charset_ part. The TRestParams AddItem method has a new optional ContentType argument, currently used for PContFormData only. Added TParamType of RPTypeFile for binary file content. Added new TRestParams AddItemFile method that takes a full binary file name with optional file size and ContentType, the latter two will be looked up if not supplied, content from file extension and a MIME table. Added new TRestParams FormDataUtf8 property that if true will add a FormData _charset_ part with utf-8 and send all textual content as utf-8 without UrlEncoding. Added GetEstParamSize that returns Int64 estimated size of the parameters, to allow the application to allocate a TFileStream instead of TMemoryStream if massive files are included, typically more than 50MB. Added IcsPercentEncode and IcsPercentDecode to percent encode and decode any non 7-bit characters, ignore charsets. Similar to UrlEncode but does not change spaces or special chars, except %. ExtractURLEncodedParamList has new optional Values parameter than adds all values to the strings as name=value. The ResultSet2Json method of TRestParamsSrv has a new optional query parameter that is added to the Json to assist processing.
#The TSslHttpCli component now only call SetSslAlpnProtocols if using Https. If the Location property is cleared during the OnLocationChange event, relocation is stopped, can be used stop relocation from http to Https. When sending proxy CONNNECT request, add ALPN: header (RFC7639) which will be forwarded to target by some proxies, needed for Acme protocol.
#The TSslHttpAppSrv application web server has improvements for processing POST data. Added properties PostedDataTB and PostedDataStr to return posted data in easier to use types than an PAnsiChar buffer. Added MaxUploadMB defaults to 200 MBbyte to restrict maximum size of POST or PUT requests. Added MaxStreamMB defaults to 50 MBbyte as the maximum TMemoryStream size before a TFileStream is instead used with a temporary file name. Added PostedDataStream to which POST and PUT content is written which is what TFormDataAnalyser needs, PostedData pointer now points to the stream memory rather than a stack buffer. PUT requests now save uploaded data similarly to POST. These changes allows file uploads larger than memory, up to MaxUploadSize. Added new property NoSSL that prevents use of HTTPS, must be set before server is started. The INI file reads NoSSl, MaxUploadMB and MaxStreamMB. The web server samples have a new postinfo.html page that decodes and displays any parameters passed.
#The Web Socket Client class TSslWebSocketCli has a new property WSFullHdrs which when true causes all HTTP request headers to be sent when upgrading a connection to WebSocket, normally only the important headers are sent. Fixed a problem where multiple or partial frames might arrive together, ensure they are corrected assembled. Added new frame state wsfsIncompleteHeader when this happens.
#The Web Socket Server class THttpWSSrvConn now skips websocket upgrade if authentication is needed. Fixed a problem where multiple or partial frames might arrive together, ensure they are corrected assembled.
#In the OverbyteIcsPemTool sample, when displaying an X509 certificate, show Raw Public Key in base64, should match that of a PEM file with a public key. Allow to save PKCS12 without a private key. Added Basic Constraints 'Root Certificate Authority' tick box that ignores pathlen, 'Certificate Authority' box is now renamed 'Self Signed or Intermediate' and sets pathlen=0 to restrict signing to top level. Removed creating DH Params, not used nowadays with modern ciphers. Added Create Quick Certificates, allows self signed or CA signed certificates to be created with a single button using function CreateSelfSignCertEx. Only uses CommonName, Alt DNS Names, key type and password, and a root CA bundle if the certificate is CA signed, ICS includes a bundle with the file name in GSSL_INTER_FILE. Always creates a PEM bundle with key and intermediate. When installing certificate into the Windows Store, only install key and inter if supplied, and allow all store types, previously always MyStore. Added button 'Install ICS Root in Windows Store' to he Quick box which calls the function IcsInstallIcsRoot to install the ICS root certificate into the Windows Root Store, needs admin rights for the Local Machine store.
#The TRestOAuth class has a new OAuthOption of OAopAuthBasic which means use Basic Authentication with client id and secret instead of sending them as parameters.
#In the TIcsRestEmail class, Microsoft 365 Rest Email now supports EmailFmtRaw for both GetEmail and SendEmail to receive and send RFC822 SMTP format messages (like GMail) prepared by the TSslHtmlSmtpCli component with HTML content and attachments, and received message can be decoded using TMimeDecodeW, tested using the OverbyteIcsHttpRestTst sample. New TRestEmailType of RestEmailNone where we don't want REST email, beware ordial values changed if saved instead of literals, default now None.
#The TIcsFtpMulti, TIcsHttpMulti and TIcsMailQueue components have a new property NoSSL that prevents use of SSL/TLS, must be set before any requests. SslContext now uses the public IcsSslRootCAStore and ignores root bundle.
#The TIcsHttpProxy component now supports the CONNECT ALPN: header (RFC7659), to forward ALPN to target. If source sends SSL ALPN, forward it to target. Perhaps optional or at least remove h2 and h3 which we don't support.
#With the TSslX509Certs component, made sure certificate extensions are set for server certificate before creating certificate request so international domain name with accents gets processed. Validation now uses public IcsSslRootCAStore and ignores root bundle. The OwnCASign method to sign our own certificates has a new optional OwnCA that creates an intermediate certificate that can sign certificate requests.
#In the OverbyteIcsSslX509Utils unit, the function CreateSelfSignCertEx has an extra argument for the file name of a root CA signing bundle, usually an intermediate bundle, that is used to create a CA signed certificate instead of self signed. Password for CA must be same as certificate. Designed for use with public variable GSSL_INTER_FILE which defaults to an ICS signed intermediate allowing servers to issue their own certificates. The SslCertTools class has a new CaCertLines property which returns CA PEM lines, used to create bundle with intermediate. When creating certificates, if BasicPathLen=-1 leave out Basic Constraints pathlen so root certificates can sign intermediates.
#The OverbyteIcsHttpRestTst sample has a new 'No SSL/HTTPS' tick box to disable SSL and HTTPS requests, and a new 'Rest Content' type of 'Form-Data Body' to create MIME multipart/form-data parameters that may include new TParamType of RPTypeFile that specifies a file name whose binary content will be added to the parameters as a file upload, in a similar way to the existing 'Upload File' as 'Form-Data' except allowing multiple files and extra parameters. Added 'Form-Data UTF-8 Charset' tick box so form parameters are encoded as UTF-8 rather than HTML characters. TRestParams are now into a TStream rather than an AnsiString to allow larger sizes, tested up to 8GB. Websocket testing will now parse Json if returned, added Send Multi Lines to send two or more lines of text in a single message or as multiple separate messages.
#The TMsCertTools class method SaveToStorePfx has a new argument MsCertStore to allow loading into Windows roots store as well as MyStore. Added function IcsInstallIcsRoot to install the ICS Root CA from linked resource into the Windows Trust Store. Also a new method GetOneCert by SHA1 Digest.
#In the OverbyteIcsIpUtils unit, IcsLoadMacPrefixes now tries to load a MAC list file from a resource file nmap-mac-prefixes.RES if linked into application, otherwise loads file nmap-mac-prefixes.txt. Likewise the common port list is loaded from a resource file icsportlist.RES if linked, otherwise loads file icsportlist.txt. These changes avoid needing to distribute the files separately with applications, beware they are now automatically linked, in case not needed.
#The TIcsTimeClient SNTP component now sends the proper NTP version to the server, we have been sending v6 for 20 years, when v4 is the latest. Added more NTP servers from cloud providers that are more likely to be running than private ntp.org servers. Fixed IcsGetUTCNtpTime always returning midnight due to strange rounding in newer Delphi versions, meant time server sent wrong time.
#Historically, ICS has often used AnsiStrings to handle binary data, sometimes custom byte buffers. Modern versions of Delphi now use TBytes (dynamic array of bytes) for binary, so ICS had added many methods and properties using TBytes, mostly with TB added to existing names. There are now TBytes versions of the Jose, hash and digest functions since all input and output is binary: IcsHMACDigestTB, IcsHMACDigestExTB, IcsHMACDigestVerifyTB, IcsHashDigestTB, IcsAsymSignDigestTB, IcsAsymVerifyDigestTB, IcsJoseGetSigTB and IcsJoseCheckSigTB. New utility functions include IcsTBToHex, Base64EncodeTB, Base64DecodeTB, IcsTBytesToString, IcsMoveTBytesToString, IcsTBytesToStringA, IcsStringToTBytes, IcsStringAToTBytes, IcsBase64UrlDecodeTB, IcsBase64UrlDecodeATB, IcsBase64UrlEncodeTB a, IcsBase64UrlEncodeATB, Utf8ToStringTB. Renamed IcsToASCII to IcsPunyToAsci and IcsToUnicode to IcsPunyToUnicode so they don't get used for the wrong purpose. Added IcsFormatHexStr to break long hex string into groups and lines, defaulting to eight chars per group, 64 per line. Added IcsStrRemCntls to replace control codes (< space) in string with ~, optionally leaving line endings, IcsStrRemCntlsA takes an AnsiString or buffer, IcsStrRemCntlsTB is TBytes buffer. Added IcsStrBeakup to break up text into multiple lines of specified length, default 80. Added IcsTimeToZStr to convert DataTime to string hh:mm:ss:zzz. Added IcsResourceGetTB to read TBytes from a named resource. Added IcsResourceSaveFile to save a file from a named resource. Report mobile platforms to IcsBuiltWithEx. Added IcsDataSaveFile and IcsDataLoadFile to save TBytes to a file, and load it from a file, no error reporting.
'''New Resource Files'''
As mentioned above, ICS now includes several resource files that are linked into applications, to avoid distributing and loading separate files, these includes OpenSSL DLLs, certificate authority bundles, root certificates and network information lists.
It is intended to issue new ICS releases containing the latest OpenSSL DLLs shortly after new versions are released, which is typically every three months unless serious security fixes require more frequent releases.
The OpenSSL resource files included with ICS come from the OpenSSL zip distribution files at https://wiki.overbyte.eu/wiki/index.php/ICS_Download . ICS currently includes three different versions for two platforms, only one is ever linked into applications according to DEFINES, see earlier. These RES files contain all the DLLs, which are extracted once to version specific sub-directories.
LibV30OpenSSL32.RES
LibV30OpenSSL64.RES
LibV31OpenSSL32.RES
LibV31OpenSSL64.RES
LibV32OpenSSL32.RES
LibV32OpenSSL64.RES
ICS contains three root certificate authority bundle files, the latest versions of which can be downloaded from https://www.magsys.co.uk/download/software/ca-root-bundles.zip, one of which is linked into applications according to defines. The source bundle files are located in .\ICS-OpenSSL/ICS-RootCAs\, the RES files contail the P12 files which are smaller than the PEM versions.
RootCaCertsBundle.RES {$DEFINE OpenSSL_CA_Bundle_Large}
sslRootCACertsBundle.RES {$DEFINE OpenSSL_CA_Bundle_Small}
TrustedCaBundle.RES {$DEFINE OpenSSL_CA_Bundle_Medium}
There are other smaller resource files, all build with BuildICSResFiles.cmd for which the source files are part of ICS,.
ICSCerts.RES (contains ICSRootCA.pem and ICS_Intermediate_Short-bundle.pem)
ICSPortList.RES (contains ICSPortList.txt)
nmap-mac-prefixes.RES (contains nmap-mac-prefixes.txt)
=============================================================================
[[Updating_projects_to V9.1 | Updating projects to V9.1]]
#Several new units have been added to ICS V9.1, mostly now containing classes and functions that were previously in other units. Classes like TSslContext that are often dropped on forms will have one or more of these new units added automatically when the form is opened in the IUE. Units that reference class likeTX509Base or TX509List in events only, such as OnSslHandshakeDone, may need OverbyteIcsSslBase adding manually.
##OverbyteIcsDnsHttps.pas
##OverbyteIcsHtmlUtils.pas
##OverbyteIcsSslBase.pas
##OverbyteIcsSslUtils.pas
##Ics.Fmx.OverbyteIcsDnsHttps.pas
##Ics.Fmx.OverbyteIcsSslBase.pas
##Ics.Fmx.OverbyteIcsSslUtils.pas
#Following is a list of the main classes and functions now in new or different units, so check here when the compiler complains it can not find a component for your application:
##TX509Base from OverbyteIcsWSocket to OverbyteIcsSslBase
##TSslBaseComponent from WSocket to OverbyteIcsSslBase
##TX509List from WSocket to OverbyteIcsSslBase
##TSslContext from OverbyteIcsWSocket to OverbyteIcsSslBase
##TOcspHttp from OverbyteIcsSslHttpRest to OverbyteIcsSslUtils
##TDnsQueryHttp from SslHttpRest to OverbyteIcsDnsHttps
##TIcsDomNameCacheHttps from OverbyteIcsSslHttpRest to OverbyteIcsDnsHttps
##TextToHtmlText from OverbyteIcsFormDataDecoder to OverbyteIcsHtmlUtils
##IcsHtmlValuesToUnicode from OverbyteIcsFormDataDecoder to OverbyteIcsHtmlUtils
##IcsFindHtmlCharset from OverbyteIcsCharsetUtils to OverbyteIcsHtmlUtils
##IcsFindHtmlCodepage from OverbyteIcsCharsetUtils to OverbyteIcsHtmlUtils
##IcsContentCodepage from OverbyteIcsCharsetUtils to OverbyteIcsHtmlUtils
##IcsHtmlToStr from OverbyteIcsCharsetUtils to OverbyteIcsHtmlUtils
##IcsExtractURLEncodedValue from SslHttpRest to OverbyteIcsUrl
##GetCookieValue from OverbyteIcsHttpSrv to OverbyteIcsUrl
##ExtractURLEncodedParamList from OverbyteIcsHttpSrv to OverbyteIcsUrl
#All ICS SSL/TLS projects have a new shared IcsSslRootCAStore component created at application start-up, to avoid different components needing their own CA stores to verify SSL/TLS certificates, and for applications to load those stores. When updating projects using a TSslContext component, setting the new property UseSharedCAStore to True causes the properties CAFile, CALines and CAPath to be ignored, and the new IcsSslRootCAStore component will be used instead, being automatically initialised if not done at program start-up. Don't use UseSharedCAStore for server components. High level ICS components such as TSslHttpRest that have an internal TSslContext component all set UseSharedCAStore and ignore properties like SslRootFile to load a root CA bundle. If a specific bundle is required it may be loaded to IcsSslRootCAStore.
#There are several new defines in the OverbyteIcsDefs.inc file to determine how OpenSSL is loaded. If you retain your original .inc file, application behaviour should be unchanged, but the new .inc file in the distribution has new defaults for loading OpenSSL as detailing in the release notes and readme9.txt, please read very carefully. Essentially, OpenSSL will now be linked into applications and loaded at startup by the IcsSslRootCAStore component, so any code to load OpenSSL will be ignored. The global variables GSSLEAY_DLL_IgnoreNew and GSSLEAY_DLL_IgnoreOld are ignored since only different minor versions of OpenSSL 3 are supported.
=============================================================================
=============================================================================