ICS V8.62

From Overbyte
Jump to: navigation, search

Changes in ICS V8.62 include:

  1. The HTTP client has new properties. There is a new THttpAuthType of httpAuthJWT which uses the AuthBearerToken property for Json Web Token authentication. A new ProxyURL property combines four proxy properties as a URL for simplicity, ie http://[user[:password]@]host:port. This means applications only need to supply a single proxy property rather than four. The new AlpnProtocols property is a request list sent when an SSL connection starts, once connected GetAlpnProtocol returns which protocol the server wants to uses. ALPN is mainly used for HTTP/2 but also ACME certificate authorisation. The OverbyteIcsHttpsTst sample illustrates use of ProxyURL and also SSL security level. The OverbyteIcsHttpRestTst sample uses ProxyURL and AlpnProtocols.
  2. Various improvements for automatic 509 SSL certificate ordering to support final ACME RFC8555. AcmeV2 now supports POST-as-GET, GET alone being removed later in 2019. Added Proxy URL support, might be needed for servers behind NAT firewalls for public access. Removed Acme V1 protocol support (withdrawn from Nov 2019). CertCenter AlwaysOn is discontinued and removed. Comodo is now called Sectigo, sometimes old name still used. Check can create certificate directories before order starts. Added ChallFileApp and ChallAlpnApp which mean SocketServer checks the challenge database using an event rather than writing files. Added support tls-alpn-01 challenge for local web server on 443, but not working yet, wrong certificate is sent to client by OpenSSL.
  3. SocketServer now uses a separate local web server for servers not using ports 80 or 443 such as FTP, SMTP, proxies, etc, When ordering X509 SSL certificate using ChallFileSrv challenge. If the IcsHosts SslCert file is not found but has a valid directory, now try to open the default certificate file name based on Common Name instead, ie www_domain_com.pfx. Ideally application should check if SslCert changes during ValidateHosts and update persistent storage.
  4. TWsocket now raises a background exception for user exceptions in the OnDataAvailable event rather than silently ignoring them. If IcsLogger is being used, HandleBackGroundException now logs exceptions and their source to make them easier to find. Exceptions in AllocateHWnd now show the windows error description, probably out of memory. DHParams only needed for servers, don't use if using client security to avoid issues with high security levels. SSL ALPN now properly tested, for client SslAlpnProtocol property returns what the server selects (if anything), for server the selected protocol is now correctly sent.
  5. In the TSslHttpRest component, TRestParams can add Json parameters as PContJson which means arrays and nested Json can be added. Added a new SslAllowSelfSign property to connect OK to sites with self signed SSL certificates which would normally fail validation.
  6. TSimpleWebSrv now supports SSL, with certificate bundle and host name, and supports the SSL ALPN extension for automatic X509 SSL certificate ordering.
  7. The new TIcsSms component sends SMS text messages via an HTTP bureau, you will need an account. Added support for SMS Works bureau at https://thesmsworks.co.uk/ to send SMS messages, cheaper than Kapow, and allows sender ID to be freely changed. Added AsyncReq to TIcsSms methods for flexibility.
  8. Updated all .dproj files for all samples to add the ICS source folder to the search path of each project.
  9. Added Time Zone support for date string conversions, to UTC time with a time zone, and back to local time using a time zone, primarily for SMTP email headers which otherwise show UTC time. RFC3339_DateToStr and RFC1123_Date add time zone bias if AddTZ=True, ie -0700. Added RFC3339_DateToUtcStr and RFC1123_UtcDate which convert local time to UTC and format it per RFC3339 with time zone bias. RFC3339_StrToDate and RFC1123_StrToDate now recognises time zone bias and adjusts result if UseTZ=True.
  10. TIcsIpStrmLog using TCP sever now uses the root bundle correctly and reports the certificate chain and bindings. Ensure all listeners started for TCP Server, if more than one.