Updating projects to V9.3
OverbyteIcsTypes consolidation
V9.3 continues the simplification of use of ICS components by consolidating many types and constants into the OverbyteIcsTypes unit, avoiding projects needing to find and add specific units before they will build. For XE2 and later, OverbyteIcsTypes and OverbyteIcsSslBase will be added automatically when components needing them are dropped on a form, or that form accessed for existing projects.
One benefit of this change is removing dependence on several units for many components and applications, it may be possible to remove OverbyteIcsWinsock, OverbyteIcsLIBEAY, OverbyteIcsSSLEAY and OverbyteIcsLogger from most applications, and OverbyteIcsWinCrypt, OverbyteIcsSslX509Utils, OverbyteIcsHttpProt, OverbyteIcsSmtpProt and OverbyteIcsFtpCli from applications using newer high level components like OverbyteIcsSslHttpRest.
Following is a list of the main types and constants now moved to OverbyteIcsTypes, note it is not exhaustive and x means many sub-options.
OverbyteIcsWinsock - IPPROTO_x, IPPORT_x, AF_x, SO_x, FD_x, WSAEx, IPV6_x, TInAddr, TSockAddrIn, TSockAddr, TSockProto, TInAddr6, TSockAddrIn6, TAddrInfoA, TAddrInfoW, TIn6Addr, sockaddr,
OverbyteIcsWSocket - TSocketFamily, TIcsIPv4Address, TSocketState, TSocketSendFlags, TSocketErrs, THttpTunnelState, TSocksAuthState, TSslState, TSslMode, SocketStateNames, SocketFamilyNames
OverbyteIcsLogger - TLogOption, TLogOptions, TLogOptionx
OverbyteIcsHttpProt - httperrx, THttpRequest, THttpState, THttpEncoding, THttpAuthType, THttpCliOption, THttpCliOptions, TWWWAuthInfo, HttpCliAuthNames
OverbyteIcsSmtpProt - TSmtpState, TSmtpRequest, TSmtpDefaultEncoding, TSmtpSendMode,
OverbyteIcsFtpCli - TFtpCliSslType, TFtpOption, TFtpOptions, TFtpExtension, TFtpExtensions. TFtpTransMode, TZStreamState, TFtpState, TFtpShareMode, TFtpConnectionType
OverbyteIcsFileCopy - TIcsFileCopyType, TIcsFileCopyRepl, TIcsFileCopyState, TIcsCopyLogLevel, TIcsTaskResult, TIcsSslCertCheck, IcsTaskResultNames, IcsTaskResultStrings, IcsSslCertCheckStrings
OverbyteIcsSSLEAY - all global variables, GSSLxx, ICS_OPESSLx, OSSL_VER_x, THttpDebugLevel, TCertVerMethod, TCertReadOpt, TChainResult, TSslSecLevel, TSslSrvSecurity, TSslCliCertMethod, sslCliSecDefault, sslSrvSecDefault, TSupplierProto, TChallengeType, TSslLoadSource, TEvpCipher, TEvpCipher, TSslPrivKeyType, TSslPrivKeyCipher, SslPrivKeyEvpCipher
OverbyteIcsLIBEAY - X509_V_x, OCSP_x, V_OCSP.x
OverbyteIcsSslX509Utils - DigestDispList, DigestListLits, SslPrivKeyTypeLits, SslPrivKeyCipherLits,SslCertFileOpenExts
OverbyteIcsWinCrypt (OverbyteIcsJwaWinCrypt insert) - CERT_TRUST_x but renamed Ics_CERT_TRUST_x
OverbyteIcsUtils - IcsCRLF, IcsCR, etc, TicksPerx, IcsxBYTE
Two classes have moved from OverbyteIcsBlacklist, TIcsBuffLogStream is now in to OverbyteIcsSslUtils, while IcsSimpleLogging is in OverbyteIcsUtils. ParseEmail has moved from OverbyteIcsSmtpProt to OverbyteIcsUtils as IcsParseEmail.
If removing OverbyteIcsLIBEAY, replace IibeayLoadProviders with IcsSslLoadProviders if support for old hashes is needed. For SSL version reporting, use IcsReportOpenSSLVer instead of various OpenSSL functions. Generally, the only function that is now required to load OpenSSL is IcsSslRootCAStore.Initialise, and this is automatically called on application start-up if define OpenSSL_AutoLoad_CA_Bundle is specified which the default in OverbyteIcsDefs.inc. LoadSsl and similar are no longer required. Nor should it be necessary to set any GSSL global variables.
Windows Certificate Store
Previously, the Windows Certificate Store was supported on Windows for all components and samples, despite it not always being required. There are three new defines that determine which components can use the store, at least one must be set or applications that need the store will fail.
Although these new defines all default to enabled in the OverbyteIcsDefs.inc supplied with V9.3 and later, unless this file is installed, Windows Certificate Store will be unavailable. These defines are disabled for non-Windows platforms and for C++ Builder which has bugs.
{$DEFINE MSCRYPT_Clients}, {$DEFINE MSCRYPT_Servers} and {$DEFINE MSCRYPT_Tools) - default enabled. Allow greater control over whether the Windows Certificate Store is available in different types of components. Undefining MSCRYPT_Clients stops client SSL handshake verification using the Windows Store (CertVerMethod = CertVerWinStore) which is not necessary since ICS now includes it's own Root CA Bundle (see above). Undefining MSCRYPT_Servers stops IcsHosts in servers accessing server certificates in the Windows Store. Undefining MSCRYPT_Tools stops TSslX509Certs saving certificates to the Windows Store, and many PemTools functions.
New SSL Defines
{$DEFINE OpenSSL_Check_Signed} and {$DEFINE OpenSSL_Check_SignCert} - default enabled. These defines check the OpenSSL DLLs are digitally signed during loading and stop if corrupted or unsigned, optionally the signing certificate can be verified as well but this requires COM to be started which may be slow. Enabled in the OverbyteIcsDefs.inc supplied with V9.3, but this must be installed.
If updating from V9.0 or earlier, please also see Updating projects to V9.1 and later