Major changes in ICS V8.50 include:
- Two new components, TIcsProxy may be used to proxy any TCP protocol, TIcsHttpProxy is a full forward and reverse HTTP/HTTPS proxy with header and body parsing and processing.
- Multiple SSL host support to TSslWSocketServer and other servers through IcsHosts property, each with one or two IP addresses and non-SSL and SSL port bindings, SSL certificates, private key and security level, and host name.
- Support for both OpenSSL 1.0.2 and 1.1.0 versions, with the DLLs digitally signed and checked during loading.
- ICS applications can now use PKCS12 (PFX), PKCS8 and DER binary SSL certificates to avoid manual conversions to PEM. The server certificate chain can be validated and reported before the server starts.
- SSL certificates and requests can be created using ECC keys which use less bandwidth than RSA keys (but which few CAs support, yet) and alternate DNS names may be used as may other extended properties.
- HTML content code page detection and character set conversion to Delphi unicode strings, including converting entities (like ☍).
New Proxy Components
TIcsProxy may be used to proxy any TCP protocol, the sample includes SMTP, POP3, NNTP and telnet. TIcsHttpProxy is a full forward and reverse HTTP/HTTPS proxy with header and body parsing and processing host names and URLs to match the source and destination, ie changing http:// to https:// or vice versa. There is a new non-interactive proxy server sample application illustrating use of the components.
Multiple SSL host support with IcsHosts
Added multiple SSL host support to TSslWSocketServer and to TSslHttpServer and TSslHttpAppSrv and TIcsProxy. Previously, although the servers supported multiple IP addresses and ports, a lot of application code was needed to support multiple hosts, SSL certificates and separate directories for separate sites.
There is a new IcsHosts property which allows multiple hosts to be specified, each with one or two IP addresses and non-SSL and SSL port bindings, SSL certificates and private key, SSL context and security level, and other web server host related properties, requiring minimal extra application code for SSL support. Includes .well-known directory support.
The new Multi Web Server sample combines features of the existing web server samples adding multiple host support using the new IcsHosts collection, as a simple non-interactive servers supporting up to 100 different SSL hosts.
OpenSSL 1.1.0 Support
ICS supports both OpenSSL 1.0.2 and 1.1.0 versions, with the OpenSSL DLLs digitally signed and checked during loading to ensure unauthorised versions are not used. Most of the new functionality in 1.1.0 is supported including security levels.
PKCS12 (PFX), PKCS8 and DER binary SSL certificates
ICS applications can now use PKCS12 (PFX), PKCS8 and DER binary SSL certificates to avoid manual conversions. The server certificate chain can be validated and reported before the server starts, to avoid certificate errors. Certificates and keys can be loaded from strings as well as files so they can be built into applications.
Support for EC Certificate Keys
SSL certificates and requests can be created using EC keys which use less bandwidth than RSA keys and alternate DNS names may be used as may other extended properties. ICS will now sign certificate requests as a CA and create certificate bundles (PEM or PKCS12) with private key, certificate and intermediates to simplify distribution.
The OverbyteIcsPemTool GUI sample application illustrates all the new SSL certificate functionality and will create private RSA and EC keys, create DH keys, certificate requests, sign requests as a CA, create self signed certificates, convert certificates between different forms, create bundles and report what is in bundles.
HTML Content Unicode Conversion
ICS adds new functions to assist with determining the character set and codepage for HTML content received from HTTP servers, and to convert to Delphi unicode strings, including checking header charset, meta data, BOM and optionally converting entities (like ☍).