Understanding Chilkat’s SSH Tunnel Class

Before Chilkat’s SSH Tunnel, your app would need to connect to a tunnel process/service running either on the local machine or on some computer on the LAN, and then tunnel out to the remote server.  It would look like this:

App ——(1)——>  TunnelService —-(2)——> SshServer —-(3)—–> SomeDestServerSuchAsSQL

You can wrap a non-encrypted TCP connection, or a TLS connection within the SSH Tunnel.
For example, if you connect with TLS, then (1) and (3) are TLS, and (2) is TLS wrapped inside SSH.
The (1) connection is within your LAN, the (3) connection is within the LAN on the server-side, and the (2) connection is over the Internet.

With Chilkat, the TunnelService is no longer a separate service running somewhere on your LAN.
Rather, it’s a background thread of your app.  Thus.. you can run your app anywhere and tunnel without needing to pre-install some SSH tunnel service on the LAN.  (In effect, you’re app is carrying the TunnelService in it’s back pocket..)

C++ Zip Example to Append In-Memory Binary and String Data

void qa_create_zip_from_data(void)
CkZip zip;


// This is the content of the files to be added to the .zip
const char *fileContents = "The quick brown fox jumped over the lazy dog. The quick brown fox jumped over the lazy dog. The quick brown fox jumped over the lazy dog.";

// AppendString2 returns a CkZipEntry, so make sure to get it and delete it if not needed..
// If NULL is returned, then the AppendString2 failed.
CkZipEntry *ent = zip.AppendString2("quickBrownFox1.txt",fileContents,"ansi");
if (ent) { delete ent; ent = 0; }

// Another way of adding in-memory data to a .zip is by calling AppendData. This is good for binary (non-text) data.
// In this case, we'll use the bytes of fileContents.
size_t szContent = strlen(fileContents);

CkByteData binaryContent;
// It is possible to let the CkByteData "borrow" data.  This avoid copying the bytes, which is good if the amount
// of data is large.

// Add the binaryContent to the zip.
ent = zip.AppendData("quickBrownFox2.txt",binaryContent);
if (ent) { delete ent; ent = 0; }

// We now have a zip object (not yet a file on disk) that contains 2 entries: quickBrownFox1.txt and quickBrownFox2.txt
// Write the .zip to a file  (this is where the actual compression occurs)
// This writes the .zip to "qa_output/test.zip"
bool success = zip.WriteZipAndClose();
if (!success)

Chilkat v9.5.0.66 Release Notes

The v9.5.0.65 release notes are available here:  Chilkat v9.5.0.65 Release Notes

v9.5.0.66 Release Notes:

  • Added the Jwe and Jws classes for JSON Web Encryption and JSON Web Signatures.
  • The CkDateTime.SetFromOleDate method was not working correctly.  It has been fixed, and the fix will appear in the next version to be released after v9.5.0.65.
  • The CkDateTime.GetAsIso8601 interpreted the “bLocal” argument as the opposite.   This has also been fixed and the fix will appear in the next version to be released after v9.5.0.65.
  • MHT — Images with embedded data, where the IMG SRC tag looks like this:  “<img src=”data:image/jpeg;base64,/9j/4AAQ …”>  were getting dropped.  This is fixed.
  • Added the Http.S3_GenerateUrlV4 method to generate pre-signed AWS URLs using the Authenticate V4 signing method.
  • Added Compression.CompressBd and DecompressBd methods to compress/decompress the data contained in a BinData object.
  • Added PublicKey.GetJwk and PrivateKey.GetJwk to get public/private keys in JSON Web Key format.
  • Added Crypt2.AesKeyWrap and Crypt2.AesKeyUnwrap methods.
  • Added SFtp.SendIgnore method.
  • Fixed exporting ECC private keys from PFX to other formats.
  • Added the Zip.OpenBd and Zip.WriteBd methods to open from a BinData object, and to write to a BinData object.
  • Fixed issue with contents of Ftp2.LastReply property when an intermediate response is the cause of failure.
  • Improved performance for SFTP, FTP, and HTTP data transfers.
  • Added the Email.NumDigests property, and the Email.GetDigest method.
  • Fixed AWS Signature V4 issues for some cases when query params are used with S3.
  • Fixed the FileAccess.GetFilenameWithoutExtension method.
  • Fixed the Ftp2.Ccc method.
  • Fixed the Email.GetDeliveryStatusInfo method for certain cases where the body of information contained multiple blank lines.
  • Improved Xojo download so that Mac OS Carbon is supported.
  • Fixed MailMan.VerifySmtpLogin so that it returns true if the SMTP server requires no authentication.
  • Fixed Email.AddFileAttachment2 for the case when an attachment is the text/plain Content-Type.
  • Added automatic HTTP TLS session re-use (if possible) for HTTP connections.
  • Fixed various property getters/setters so they do not block (hang) when an async method is in progress.
  • Added support for chacha20 ciphers in TLS and SSH.

Chilkat ActiveX Object Creation in VB6 (Visual Basic 6.0)

Most ActiveX objects, including Chilkat, provide what is called a “dual interface”.   A dual interface allows for programs to bind at compile-time (early binding) or at runtime (late binding).

The type of binding is determined by how the object is created.  For example, compile-time binding in VB6 looks like this:

Dim cert As New ChilkatCert

Runtime binding looks like this:

Set cert = CreateObject(“Chilkat_9_5_0.Cert”)

An ActiveX class (such as ChilkatCert) has a set of properties and methods.  In the underlying COM object, these are contained in a “vTable”, which is an array of function pointers.  Each method or property (i.e. entry) is a function pointer occupying a particular position in the vTable.  For example, the function LoadPem might be the function pointer at index 12.

When compile-time binding is used, the indexes of the entries are hard-coded into  your VB6 executable.  When runtime binding is used, the entry is called by name.  The name is converted to the correct vTable index at runtime.  This means that if the positions of entries change, the application that uses runtime binding will not break.  The application that uses compile time binding must be recompiled to use the updated ActiveX.

For many years, the positions of the entries in the Chilkat ActiveX classes mostly did not change.  This was not by a deliberate action.  Recently, with the introduction of the Async versions of methods, and especially with the latest v9.5.0.64 release, the order of entries in the vTable has unintentionally changed.  This only affects programs that use compile-time (early) binding.  Most languages that provide the ability to use ActiveX classes, such as classic ASP, SQL Server, etc. only provide the ability to create objects via CreateObject (i.e. runtime/late binding), and are thus unaffected.

This leaves VB6 programs using compile-time binding in a difficult position.  If a new version of the ActiveX is registered, then the VB6 application must be recompiled.  It’s not possible to simply install the new ActiveX *if* the vtbl has changed.  Unfortunately, there is no way to fix the versions of Chilkat that have already been released.  In addition, there is no way to make the next version of Chilkat have the same vTable ordering as previous versions.  For example, if v9.5.0.59 has order A, and v9.5.0.64 has order B, then v9.5.0.65 cannot have and order that matches both A and B.

The solution is to have a scheme in place that works going forward.  The proposed scheme is this:

  1. Starting with v9.5.0.65, the vtbl order will become established.  Future versions of Chilkat (where the CLSID is the same) will have vTables with the order of entries matching v9.5.0.65.
  2. When Chilkat releases an entirely new ActiveX, where the CLSID changes and the version, for example, becomes 10.0.0, then the vTable order can change.  This is OK because effectively it’s an entirely new ActiveX.  In other words, the CreateObject statement becomes:  CreateObject(“Chilkat_10_0.Cert”) instead of CreateObject(“Chilkat_9_5_0.Cert”).  When the CLSID changes, and the names of the objects change, then it’s a new ActiveX that can be registered and coexist with the older Chilkat ActiveX.  To use the entirely new ActiveX, a VB6 program would have to remove it’s reference from the old, and add a reference to the new. (When adding a reference in VB6, you would see BOTH “Chilkat_10_0” and “Chilkat_9_5_0” and you could choose either.


Facebook OAuth2 for Classic ASP – Step 2

This is the second of a series of two posts to demonstrate implementing OAuth2 Authorization for Facebook in Classic ASP.
(Also see: Facebook OAuth2 for Classic ASP – Step 1)
This ASP is called when Facebook returns a redirect after the FB account owner either grants or denies access.

Here is the ASP source for Step 2:

' Replace with actual values.
' I'm using ngrok to callback to my web server running on localhost..
'RedirectUri = Server.URLEncode("https://www.your-website.com/fb_finishOAuth2.asp")
RedirectUri = Server.URLEncode("https://abca3bde.ngrok.io/fb_finishOAuth2.asp")

' Get the incoming query parameters.
' If access was denied/canceled, we'll get the following params:
'     error_reason=user_denied 
'     error=access_denied 
'     error_description=The+user+denied+your+request.
' If access is granted, we'll get the "state" echoed back to us,
' and we'll also get a "code".

' We'll assume it succeeded..
code = request.querystring("code")
state = request.querystring("state")

' If we wanted, we could verify that the "state" received here is equal to 
' Session("oauth2_state")   

' ------------------------------------
'  Exchanging Code for an Access Token
' ------------------------------------
'  To get an access token, make an HTTP GET request to the following OAuth endpoint:

'  GET https://graph.facebook.com/v2.8/oauth/access_token?
'     client_id={app-id}
'     &redirect_uri={redirect-uri}
'     &client_secret={app-secret}
'     &code={code-parameter}

set http = Server.CreateObject("Chilkat_9_5_0.Http")

success = http.UnlockComponent("Anything for 30-day trial")
If (success <> 1) Then
    Response.Write "<pre>" & Server.HTMLEncode( http.LastErrorText) & "</pre>"
End If

set sbUrl = Server.CreateObject("Chilkat_9_5_0.StringBuilder")
success = sbUrl.Append("https://graph.facebook.com/v2.8/oauth/access_token?client_id={app-id}&redirect_uri={redirect-uri}&client_secret={app-secret}&code={code-parameter}")
replaceCount = sbUrl.Replace("{app-id}",AppId)
replaceCount = sbUrl.Replace("{redirect-uri}",RedirectUri)
replaceCount = sbUrl.Replace("{app-secret}",AppSecret)
replaceCount = sbUrl.Replace("{code-parameter}",code)

respStr = http.QuickGetStr(sbUrl.GetAsString())
If (http.LastMethodSuccess <> 1) Then
    Response.Write "<pre>" & Server.HTMLEncode( http.LastErrorText) & "</pre>"
End If

'  The response string will contain JSON like this:
'  	{
' 	  "access_token": {access-token},
'  	  "token_type": {type},
'  	  "expires_in":	{seconds-til-expiration}
'  	}

set json = Server.CreateObject("Chilkat_9_5_0.JsonObject")
success = json.Load(respStr)

Response.Write "<p>access_token: " & json.StringOf("access_token") & "</p>"
Response.Write "<p>token_type: " & json.StringOf("token_type") & "</p>"
Response.Write "<p>expires_in: " & json.StringOf("expires_in") & "</p>"

' A sample result:
' access_token: EAAFaEtu5GRIBABb...wUXg05RFeaAZDZD
' token_type: bearer
' expires_in: 5180528

Facebook OAuth2 for Classic ASP – Step 1

This is a series of two posts to demonstrate implementing OAuth2 Authorization for Facebook in Classic ASP.
(Also see: Facebook OAuth2 for Classic ASP – Step 2)

The 1st step is to redirect to the Facebook Login Dialog where the Facebook account owner can grant access to the application.  Facebook will then return a response that redirects to your ASP page that implements Step 2.

Here is the ASP for Step 1:

AuthorizationEndpoint = "https://www.facebook.com/dialog/oauth"
TokenEndpoint = "https://graph.facebook.com/oauth/access_token"

' Replace these with actual values.

' Set the Scope to a comma-separated list of permissions the app wishes to request.
' See https://developers.facebook.com/docs/facebook-login/permissions/ for a full list of permissions.
Scope = "public_profile,user_friends,email,user_posts,user_likes,user_photos,publish_actions"

' (State) Chilkat typically uses a 32 random bytes in base64url form.
' However, it can be anything (and any length), and doesn't need to be base64url encoded.
' For this example, I typed some random chars here:
State = "dkrh345y3895hyrtyowiurh3948rhteuirth"

' I'm using ngrok to callback to my web server running on localhost..
'RedirectUri = Server.URLEncode("https://www.your-website.com/fb_finishOAuth2.asp")
RedirectUri = Server.URLEncode("https://abca3bde.ngrok.io/fb_finishOAuth2.asp")

FbAuthUrl = AuthorizationEndpoint & "?response_type=code&scope=" & Scope & "&redirect_uri=" & RedirectUri & "&client_id=" & AppId & "&state=" & State

' Let's save our random state in a session variable.
Session("oauth2_state") = State

Response.Redirect FbAuthUrl

' Note: When I first used ngrok.io, I got the following error from Facebook:
'     Can't Load URL: The domain of this URL isn't included in the app's domains. 
'     To be able to load this URL, add all domains and subdomains of your app to the App Domains field in your app settings.
' To fix, I temporarily changed my Facebook App's Site Url to https://abca3bde.ngrok.io/,
' and then added "abca3bde.ngrok.io" to the list of App Domains.

C# Streaming Decompression Example (from System.IO.Stream –> System.IO.Stream)

// Streaming decompression from System.IO.Stream --> System.IO.Stream

// In this example, the source and sink streams are files.
// However, they can be any type of System.IO.Stream, such as a System.Net.Sockets.NetworkStream
System.IO.FileStream fsSource = File.OpenRead("qa_data/image.compressed");
Chilkat.StreamConnector scSource = new Chilkat.StreamConnector();

System.IO.FileStream fsSink = File.OpenWrite("qa_data/image.bmp");
Chilkat.StreamConnector scSink = new Chilkat.StreamConnector();

Chilkat.Compression compress = new Chilkat.Compression();
compress.Algorithm = "deflate";

// Create a Chilkat.Stream object, and set the source/sink to the System.IO.Stream objects.
Chilkat.Stream stream = new Chilkat.Stream();
scSource.SetAsSource(fsSource, stream);
scSink.SetAsSink(fsSink, stream);

// Do the streaming decompress -- reading from fsSource and writing to fsSink
bool success = compress.DecompressStream(stream);

v9.5.0.65 Release Notes

  • SshTunnel – Significantly improved the background tunnel management threads.
  • JsonArray.TypeAt – Discovered that this method erroneously always returns the value 4.  This is fixed.
  • JsonObject – Added new methods: UpdateNumber, UpdateNull
  • Bug Fix: .NET Async Methods that pass in Byte Arrays  There was a memory leak specific to async .NET methods that pass in byte arrays.  See Byte Array Memory Not Freed for .NET Async Methods
  • Socket: Added new methods: SendBd, SendSb, ReceiveBd, ReceiveBdN, and ReceiveSb.  These are for sending/receiving directly from/to BinData and StringBuilder objects.
  • JsonObject: Added new methods: UpdateNull and UpdateNumber.
  • StringBuilder: Added AppendLine method.
  • FTP2:   Fixed: The following FTP2 methods returned the current date/time instead of NULL for failure:  GetLastAccessDtByName, GetLastModDtByName, GetCreateDtByName, GetLastAccessDt, GetLastModDt, GetCreateDt.  The methods now correctly return NULL (i.e. 0, null, Nothing, etc.)
  • MailMan: Fixed the GetHeaders method.  The fromIndex and toIndex arguments are inclusive.  For example, if getting headers for emails 1 to 10, then 11 emails should be returned (assuming the mailbox has at least 11 emails).  The fix had to do with the case when the fromIndex = 0.  If fetching emails 0 to 2, then only 2 emails were returned.  This is now fixed.  Fetching 0 to 2 should return 3 emails.
  • Crypt2 (PBES2) — When setting the CryptAlgorithm = “PBES2”, Chilkat was doing PBES1 encryption.  This problem started sometime after v9.5.0.45.  This is now fixed.
  • Added the CkDateTime.DiffSeconds to get the difference in seconds between two CkDateTime objects.
  • Fixed auto-create issue in JsonObject.UpdateString, UpdateInt, etc. for array paths that end in a primitive.  For example the following C++ code
    CkJsonObject json;
    std::cout << json.emit() << "\r\n";

Now correctly produces:

  "cc_emails": [
  • Turned on TCP_NODELAY socket option for HTTP.  See http://www.chilkatforum.com/questions/11570/http-is-slow
  • Updated C++ headers to avoid QT’s “emit” macro.  QT defines the word “emit” as a macro, and Chilkat’s JsonObject and JsonArray classes both have an “emit” function.  QT’s macro definition causes compile failures for any C++ source that uses any variable, function, etc. named “emit”.    To avoid the macro definition, Chilkat does the following:
#if defined(QT_VERSION)
#pragma push_macro("emit")
#undef emit
const char *emit(void);
#pragma pop_macro("emit")
const char *emit(void);
  • Added the “eda” encoding for UN/EDIFACT Syntax Level A.  See https://www.example-code.com/csharp/edifact_eda_syntax_level_A_encoding.asp. Also see: http://cknotes.com/chilkat-binary-encoding-list/
  • Added new methods to CkDateTime:  AddSeconds, GetAsUnixTimeStr, GetAsIso8601.
  • Added the AuthAzureSAS class.  (For Shared Access Signature authorization)
  • Added the Rest.SetAuthAzureSas method.  (For Shared Access Signature authorization)
  • Fixed Rest.AddQueryParams  (note that this is the plural:  AddQueryParams method, not AddQueryParam).   If values in the param string were URL encoded, the AddQueryParams did not properly URL decode each value.  This would result in query params being doubly URL encoded when the actual request was sent.
  • Added Crypt.BcryptWorkFactor, BCryptHash, and BCryptVerify to support BCrypt password hashing and verification.
  • Fixed an Android issue w/ IMAP ProgressInfo callbacks.  The problem only occurred when a ProgressInfo callback happened for Login where the username includes a non-usascii char, such as one with an umlaut.
  • Socket.TlsRenegotiate — fixed a problem that occurred under certain conditions when the SslAllowedCiphers property is set to restrict TLS cipher suite choices.
  • Ftp2 – Fixed problem with “Unix Cway” servers where 0-byte files were getting downloaded (instead of the full file).  This was caused because the FTP server inaccurately reports that the file is “0 bytes” in the intermediate reply to the RETR command.  Chilkat now ignores what this particular server says.
  • (Email) Fixed: An incoming email’s header specifies the sender as this:From: "FAXG3/+5554555920"@faxsrv.intraThe email is loaded into a CkEmail object using the C++ edition of Chilkat.Problem is, the CkEmail.get_FromAddress() method returns @faxsrv.intra as the email address instead of FAXG3/+5554555920@faxsrv.intra
  • ActiveX LastStringResultLen property incorrectly returned the size of the string in bytes (utf-16) rather than in number of characters. This is fixed to return the number of characters.  (Note: this is a property that only exists in ActiveX classes, and is only useful for certain programming languages such as SQL Server to help programs determine if temp tables are required..)
  • SSH – Added the following methods: QuickShell, QuickCommand, QuickCmdSend, and QuickCmdCheck.   These methods help simplify executing remote commands running shell sessions.



Running VBScript 32-bit or 64-bit

When running a VBScript, on a 64-bit Windows system it is possible to run either as a 32-bit process, or a 64-bit process. If running 32-bit, then you need the 32-bit ActiveX. If running 64-bit, then you need the 64-bit ActiveX.

To run a 32-bit VBScript on a 64-bit system, you do this:

REM This is the 32-bit cscript.
C:\windows\sysWOW64\cscript jsonTest.vbs

To run a 64-bit VBScript, you do this:

REM This is the 64-bit cscript.
C:\windows\system32\cscript jsonTest.vbs

or simply this:

cscript jsonTest.vbs

If you double-click on the .vbs to run it from Windows Explorer, then you’ll be running as a 64-bit process. The default, unless you took care to explicitly run as 32-bit by invoking the cscript.exe under sysWOW64, is that you’ll be running as a 64-bit process, and in that case you’ll need the 64-bit Chilkat ActiveX registered on your system.

v9.5.0.64 Release Notes

Starting now, Chilkat is going to log the changes, fixes, and new features for the next release as the work is completed.  Pre-release  builds can be requested for most programming languages and operating systems.  Many builds are quick and easy to provide: .NET, ActiveX, C++, Java, Perl, Python, PHP, and others.  Some however, are time-consuming and a request for one of the following builds may take as many as several days: WinRT, Node.js, Mono, Xojo, PureBasic, and .NET Core.    Send email to support@chilkatsoft.com if a pre-release build is desired.

(Chilkat is currently working on implementing Xero API examples, and many of the new features are related to making life easier to implement these examples.  The new features are general and apply to any programming task. )

v9.5.0.64 Updates

  • Modified the ActiveX DLLs to automatically do per-user ActiveX registration if administrative privileges are not available.  This will allow non-administrators to register the ActiveX.  However, when per-user registration happens, other user accounts on the same Windows computer will not find the ActiveX registered.  Therefore, to properly register the ActiveX for ASP, a Windows Service, or for a SQL Server database, the ActiveX would still need to be registered with admin privileges.
  • .NET ToString Method:  Chilkat avoids naming any of its methods “ToString”, because all .NET objects by default have a ToString method.  Chilkat v9.5.0.64 now automatically implements ToString for all classes in the Chilkat .NET API (although it won’t be publicly documented).  (This does not yet apply to the Mono, .NET Core, or WinRT Chilkat API.)   The ToString method maps to the already-existing Chilkat method that makes most sense.  (For example, Chilkat.Xml.ToString returns the same as Chilkat.Xml.GetXml.)   For objects where it makes no sense to have a ToString method, then ToString returns an empty string.
  • Added a number of methods and properties to the Chilkat.Xml API.  These new methods are related to the “path” and I,J,K techniques that were found to be so handy w/ the Chilkat JSON API.  (These new methods will be heavily used in the Xero examples, because Xero requests and responses are in XML, and these new features greatly simplify the coding.)  The new methods/properties are:
    • EmitCompact (property)
    • I, J, K (properties)
    • UpdateAt
    • UpdateAttrAt
    • NumChildrenAt

    The following methods are updated to accept either a tag or “tag path”:

    • NewChild2
    • NewChildInt2
    • GetChildContent
    • GetChildIntValue
    • GetChildBoolValue
    • many other methods are updated.  These methods will be noted in the reference documentation.  The 1st argument will be named “tagPath”, and a note in the documentation will indicate that the 1st arg can be either a tag or tagPath, and that support for tag paths began in v9.5.0.64
  • The Xml.ChilkatPath method was updated to allow for “[i]”, “[j]”, and “[k]” to be used in path strings.  When used, each is substituted with the current value of the I, J, and K properties.
  • Added the Http.QuickGetSb method.
  • Added the Imap.MoveMessages method (to move email messages from one mailbox to another on the same IMAP server in the same session).  Requires the IMAP server to support the MOVE extension.  (Most IMAP servers support the MOVE extension.)
  • Fixed: The Task.Cancel method was not working in the ActiveX.
  • Fixed: The Global.FinalizeThreadPool method will now cancel any asynchronous methods that are still running and causes all async background threads to exit.  There are certain problems that can happen if the main thread of a program exits while background threads remain running:
    • If the program is a VBScript, then I’ve found that AVG Anti-Virus will alert the user of a General Behavioral Threat. Making sure that all async method calls have finished, and that all thread pool threads have exited, should prevent this problem.
    • If running a VB6 program from the IDE, the IDE will hang on program exit until all threads have exited.
    • It is likely that existing the main UI thread while background threads remain will cause problems in many other programming environments.
  • Modified: The Global.FinalizeThreadPool method returns the software to the pristine initial state — where no background threads are running, and the thread pool thread is not yet started.  Previously, after FinalizeThreadPool was called, it was not possible to continue using asynchronous Chilkat methods (without restarting the application).  Now the FinalizeThreadPool method returns the application to the initial pristine state.  A subsequent asynchronous method call will cause the thread pool thread to automatically restart, and everything proceeds as usual.   (This is needed for cases where the ActiveX is used in debugging sessions within an IDE, because the ActiveX DLL is not loaded/unloaded between each debug run.)
  • OAuth1 — Added the SetRsaKey method and now supports “RSA-SHA1” and “RSA-SHA2”.
  • Rest — Added the ClearAllParts method.  This is needed if a new REST request is to be sent just after sending a multipart request.
  • FileAccess — Added methods: FileReadBd, FileWriteBd, GetFileName, GetDirectoryName, GetExtension, GetFileNameWithoutExtension
  • JsonArray — Added the Load and LoadSb methods.  Added the EmitCompact and EmitCrlf properties.  A JsonArray object can now be created by an application and loaded directly with a JSON array string, such as “[ 1, 2, 3, 4]”.