Error Connecting With Ssl Indy 10
here for a quick overview of the site Help Center Detailed answers to any questions you might have Meta Discuss the workings and policies of this site About Us Learn more about Stack Overflow the company Business Learn more about hiring developers or posting ads with us Stack Overflow Questions Jobs Documentation Tags Users Badges Ask Question x Dismiss Join the Stack Overflow Community Stack Overflow is a community of 4.7 million programmers, just like you, helping each other. Join them; it only takes a minute: Sign up Delphi 6 and Indy SSL connection not working up vote 1 down vote favorite 1 I need to consume a Web Service via SSL. In order to accomplish that I have built a web client in Delphi 6 that uses Indy to read the client certificates and write the soap request via https. The compilated version of the code is a DLL that runs in IIS 5.0. After tested the code in my local machine it works fine (I'm behind a proxy). But after the code is deployed to prod servers (not proxy) the SSL connection fails saying "Error connecting with SSL". Here is my code: var Response: TStringStream; IdHttp: TIdHTTP; IdCnxSLL: TIdConnectionInterceptOpenSSL; XmlSoapDoc: IXMLDocument; begin Response := TStringStream.Create(''); IdHttp := TIdHTTP.Create(nil); IdCnxSLL := TIdConnectionInterceptOpenSSL.Create(nil); XmlSoapDoc := TXMLDocument.Create(nil); with IdCnxSLL do begin IdCnxSLL.SSLOptions.Method := sslvSSLv23; IdCnxSLL.SSLOptions.RootCertFile := IniHttpConnectionData.Values['RootCertFile']; IdCnxSLL.SSLOptions.CertFile := IniHttpConnectionData.Values['CertFile']; IdCnxSLL.SSLOptions.KeyFile := IniHttpConnectionData.Values['KeyFile']; IdCnxSLL.OnGetPassword := IdConInterceptOpenSSLGetPassword; end; with IdHttp do begin if bUseProxy then begin Request.ProxyServer := IniHttpConnectionData.Values['ProxyServer']; Request.ProxyPort := StrToIntDef(IniHttpConnectionData.Values['ProxyPort'], 0); end else begin Host := IniHttpConnectionData.Values['HTTPHost']; Port := StrToIntDef(IniHttpConnectionData.Values['HTTPPort'], 443); end; Request.ContentType := 'text/xml'; Intercept := IdCnxSLL; InterceptEnabled := True; end; try IdHttp.Post(ServiceURL, SoapEnv, Response); except on E:EIdOSSLConnectError do LogError('SSL Connect Error: ' + E.Message); on E:Exception do LogError('Error' + E.ClassName + ' - ' + E.Message); end; I also try this code compiling into an exe program and it works. Is there something else I need to configure/add? Thanks. delphi ssl indy share|improve this question edited Sep 15 '09 at 7:10 asked Sep 14 '09 at 16:22 tecnotalk 1125 add a comment| 2 Answers 2 active oldest votes up vote 2 down vote Th
here for a quick overview of the site Help Center Detailed answers to any questions you might have Meta Discuss the workings and policies of this site About Us Learn more about Stack Overflow the company Business Learn more about hiring developers or posting ads with us Stack Overflow Questions Jobs Documentation Tags Users Badges Ask Question x Dismiss Join the Stack Overflow Community Stack Overflow is a community of 4.7 million programmers, just like you, helping each other. Join them; it only takes a http://stackoverflow.com/questions/1422586/delphi-6-and-indy-ssl-connection-not-working minute: Sign up Delphi Indy verify server certificate SSL up vote 5 down vote favorite 3 I have scoured the internet and haven't found a solution or method on how to verify the certificate when connecting over HTTPS using TIdHTTP. I have hooked up a IdSSLIOHandlerSocketOpenSSL component as the IOHandler, set the SSLModes, etc. but when I browse to https://s3.amazonaws.com it cannot http://stackoverflow.com/questions/13577706/delphi-indy-verify-server-certificate-ssl verify the certificate. OpenSSL (Indy) gives "Error connecting with SSL. SSL3_GET_SERVER_CERTIFICATE: Certificate verify failed" The OpenSSL libraries have successfully loaded (checked with WhichFailedToLoad). The OnStatusInfo event writes the following: SSL status: "before/connect initialization" SSL status: "before/connect initialization" SSL status: "SSLv2/v3 write client hello A" SSL status: "SSLv3 read server hello A" SSL status: "SSLv3 read server certificate B" SSL status: "SSLv3 read server certificate B" SSL status: "SSLv3 read server certificate B" And OnVerifyPeer, AOk = False. How can I get it to verify correctly. What's going on? Thanks for reading, Adrian delphi ssl indy share|improve this question asked Nov 27 '12 at 5:05 Adrian 102215 add a comment| 2 Answers 2 active oldest votes up vote 6 down vote accepted You have to implement a event handler for the OnVerifyPeer event of your TIdSSLIOHandlerSocketOpenSSL component. From IdSSLOpenSSL.pas: Note that you really should always implement OnVerifyPeer, otherwise the certificate of the peer you are connecting to is NOT checked to ensure it is valid. If you just want to consider valid the same certificates the Library considers also valid, you just have to
question is answered. Reply to this Thread Search Forum Back to Thread List Replies: 4 - https://forums.embarcadero.com/message.jspa?messageID=664946 Last Post: Jul 15, 2014 1:59 PM Last Post http://blog.coolsoftware.ru/2011/11/ssl-delphi.html By: Eugenio Bourlot Eugenio Bourlot Posts: 6 Registered: 7/24/14 IdCmdTCPServer with SSL - Error connecting with SSL Reply Posted: Jul 2, 2014 6:28 AM indy , ssl Hello I'm trying to connect a TIdTCPClient (developed with error connecting Delphi6) vs a TIdCmdTCPServer (developed with Delphi XE6) throw SSL. I get error "Error connecting with SSL" on TIdTCPClient.Connect. I have OpenSSL libraries on both sides. Server code (Delphi XE6) FTCPServer := TIdCmdTCPServer.Create(nil); FTCPServer.DefaultPort := FConf.port; FTCPServer.OnConnect := TCPServerConnect; FTCPServer.OnDisconnect := TCPServerDisconnect; FTCPServer.OnException := TCPServerException; FTCPServer.IOHandler := TIdServerIOHandlerSSLOpenSSL.Create(nil); with error connecting with TIdServerIOHandlerSSLOpenSSL(FTCPServer.IOHandler) do begin OnGetPassword := ServerIOHandlerGetPassword; with SSLOptions do begin CertFile := 'galbop01.cf'; RootCertFile:= 'galbop01.cf'; KeyFile := 'galbopca.key'; Method := sslvSSLv23; Mode := sslmServer; VerifyDepth := 2; end; end; FTCPServer.Active := True; Client code (Delphi 6) FTCPClient := TIdTCPClient.Create(nil); FIOHandler := TIdSSLIOHandlerSocket.Create(nil); with FIOHandler.SSLOptions do begin CertFile :='galbop01.cf'; Method :=sslvSSLv23; Mode :=sslmClient; VerifyDepth :=2; end; with FTCPClient do begin Host := fHost; Port := fPort; IOHandler := FIOHandler; MaxLineAction:=maSplit; MaxLineLength:=2097152; SendBufferSize:=1024; ReadTimeout:=30000; Connect(); //Here a get Error connecting with SSL end; Any suggest? Remy Lebeau (Te... Posts: 6,644 Registered: 12/23/01 Re: IdCmdTCPServer with SSL - Error connecting with SSL Correct Reply Posted: Jul 2, 2014 12:05 PM in response to: Eugenio Bourlot Eugenio wrote: I get error "Error connecting with SSL" on TIdTCPClient.Connect. What is the complete error message? I
в моей программе на Delphi. Эта программа была написана довольно давно, на Delphi 7 с использованием Indy 9. Вот как выглядит проверка сертификата: var IdHTTP: TIdHTTP; IdSSLIOHandlerSocket: TIdSSLIOHandlerSocket; begin IdHTTP := TIdHTTP.Create(nil); IdSSLIOHandlerSocket := TIdSSLIOHandlerSocket.Create(nil); IdHTTP.IOHandler := IdSSLIOHandlerSocket; with IdSSLIOHandlerSocket do begin SSLOptions.Method := sslvSSLv23; SSLOptions.Mode := sslmClient; SSLOptions.VerifyMode := [sslvrfPeer]; SSLOptions.VerifyDepth := 10; end; IdHTTP.Get('https://www.google.com'); FreeAndNil(IdHTTP); FreeAndNil(IdSSLIOHandlerSocket); end; Если попробовать выполнить выше приведенный код, то результат будет всегда такой: Error connecting with SSL. Проблема тут в том, что в Indy используется OpenSSL, который не умеет работать с хранилищем сертификатов Windows и не может проверить подписан ли сертификат, полученный от сервера, одним из доверенных корневых сертификатов из этого хранилища. Посмотрим в исходник модуля IdSSLOpenSSL. В нем есть такая функция: function VerifyCallback(Ok: Integer; ctx: PX509_STORE_CTX): Integer; cdecl; var hcert: PX509; Certificate: TIdX509; hSSL: PSSL; IdSSLSocket: TIdSSLSocket; // str: String; VerifiedOK: Boolean; Depth: Integer; // Error: Integer; begin LockVerifyCB.Enter; try VerifiedOK := True; try hcert := IdSslX509StoreCtxGetCurrentCert(ctx); hSSL := IdSslX509StoreCtxGetAppData(ctx); Certificate := TIdX509.Create(hcert); if hSSL <> nil then begin IdSSLSocket := TIdSSLSocket(IdSslGetAppData(hSSL)); end else begin Result := Ok; exit; end; //Error := IdSslX509StoreCtxGetError(ctx); // Depth := IdSslX509StoreCtxGetErrorDepth(ctx); // str := Format('Certificate: %s', [Certificate.Subject.OneLine]); {Do not Localize} // str := IdSSLSocket.GetSessionIDAsString; // ShowMessage(str); if (IdSSLSocket.fParent is TIdSSLIOHandlerSocket) then begin VerifiedOK := TIdSSLIOHand