ICS V8.38 is now available in SVN and the overnight zip.
It includes changes to support checking of the authenticode code
signing digital certificates on the latest versions of the ICS built
OpenSSL DLLs. The new IcsVerifyTrust function can also be used to self
test digitally signed end user applications to check they are not
corrupted or maliciously altered.
To ensure only the latest signed OpenSSL DLLs are used from the local
directory, all applications should add the following lines in
FormCreate or at least before any calls that may cause OpenSSL to be
initialised:
GSSLEAY_DLL_IgnoreNew := False; { V8.38 don't ignore OpenSSL 1.1.0 and
later }
GSSLEAY_DLL_IgnoreOld := True; { V8.38 ignore OpenSSL 1.0.2 and
earlier }
GSSL_DLL_DIR := ExtractFilePath(ParamStr(0)); { V8.38 only from our
directory }
GSSL_SignTest_Check := True; { V8.38 check digitally signed }
GSSL_SignTest_Certificate := True; { V8.38 check digital certificate }
Without these lines, your application may load old OpenSSL versions
found in the Windows path, with unpredictable results.
Note that currently information from the digital certificate can not be
accessed, so you can not easily ensure it's our signed DLL, this needs
several more Windows certificate APIs or new OpenSSL functionality
(which I'll attempt first).
The OverbyteIcsPemTool sample has been updated to stop use of unsigned
OpenSSL DLLs. It also adds a Check Signed button that allows a single
file to be selected and it's digital certificate tested, which may be
useful for those interested in using the new IcsVerifyTrust function in
their own digitally signed applications.
Other recent ICS changes include:
A new property SocketErrs added to most major components that may be
set to wsErrFriendly (default is wsErrTech) for more friendly low level
wsocket exceptions without numbers. Note this is a work in progress,
exceptions are generated in numerous places in various formats, and
it's a lot of work to standardise and clean them all up. There is a new
ESocketException that has extra properties for low level exceptions.
A new property ExclusiveAddr for servers to stop other applications
trying to listen on same socket, defaults to True.
The HTTP Client component has another POST relocation fix.
The HTTP Client component also fixes a long term bug that meant many
wsocket exceptions were suppressed and only partially reported in the
OnSocketError event was used (and the exception description was still
lost). Beware this fix means more exceptions may need to be handled in
HTTP Client applications, so please do some simple functional testing
after using this new ICS version. Several of my own applications
failed because I was trying to increase the socket buffer size before
the socket was connected, which now raised an exception which was
previously hidden.
Angus
--
To unsubscribe or change your settings for TWSocket mailing list
please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be
