Comments (7)
Native ssl implementation with schannel would be great.
from indy.
Hi Remy, I'm not sure my implementation is perfect because I don't know the internals of Indy...so I've used my units and what's needed to let idHTTP works with it.
I had to override the Connected method because the method that check for KeepAlive tries to read from the socket while the server was waiting for the next request (chunked content).
I've tried to make my code as clear as possible, hope it will be usefull.
from indy.
I haven't had a chance to really dig into it yet, but since it is a standalone implementation, it will likely end up being re-written to some extent to utilize Indy's existing SSPI functionality, which itself probably needs to be tweaked a little to make it more reusable, I think. So, your work will probably end up being more inspirational than actually integrated. Not that I'm belittling your work, by any means, as it is more than I have written so far.
from indy.
Hello, I have a problem with my implementation because of a customer with a Proxy
I've changed the code to take PassThrough into account, but when I start the TLS session, the Host property point to the Proxy name, not the target host and the negociation fails.
CERT_E_CN_NO_MATCH = $800B010F; // The certificate's CN name does not match the passed value.
procedure TIdSSLIOHandlerSocketSChannel.StartSSL;
begin
if not PassThrough then
ConnectSSL;
end;
procedure TIdSSLIOHandlerSocketSChannel.SetPassThrough(const Value: Boolean);
begin
{$IFDEF LOG}System.WriteLn('TIdSSLIOHandlerSocketSChannel.SetPassThrough (', Value,')');{$ENDIF}
if fPassThrough <> Value then begin
if not Value then begin
if BindingAllocated then begin
ConnectSSL;
end;
end;
fPassThrough := Value;
end;
end;
procedure TIdSSLIOHandlerSocketSChannel.ConnectSSL;
begin
{$IFDEF LOG}System.WriteLn('TIdSSLIOHandlerSocketSChannel.ConnectSSL (', Host,')');{$ENDIF}
FSSL := SSLStart(Binding.Handle, AnsiString(Host));
if FSSL = 0 then
raise SChannelError.Create('SChannel initialization fails'#13 + SSLError, CertStatus);
if Assigned(FOnCredentials) then
SSLCredentialsCallBack(FSSL, DoCredentials, Self);
end;
I don't know exactly how an HTTP proxy works for an HTTPS request...do you see a big mistake in my code ?
Paul
from indy.
I've changed the code to take PassThrough into account, but when I start the TLS session, the Host property point to the Proxy name, not the target host and the negociation fails.
If you are using TIdHTTP and enabling its ProxyParams, then yes (see the implementation of TIdCustomHTTP.SetHostAndPort() in IdHTTP.pas). TIdHTTP sets its own Host and Port properties to connect to the immediate listening IP/Port, which would be a proxy in your case. After the connection is established, further logic kicks in to direct the proxy to connect a tunnel to the next server. If that tunnel is successful, then TIdHTTP sends its HTTP/S request as needed (which includes initiating the SSL/TLS handshake at this time).
TIdSSLIOHandlerSocketOpenSSL takes into account that TIdHTTP fiddles with its Host property. When determining the hostname to use for SNI validation (see the implementation of TIdSSLIOHandlerSocketOpenSSL.OpenEncodedConnection() in IdSSLOpenSSL.pas), if the IOHandler's URIToCheck property is not blank (TIdHTTP assigns it for each request), then the URI is parsed and its Host portion is used. Otherwise, the IOHandler's TransparentProxy is checked, and if enabled then the last Host in the proxy chain is used. Otherwise, the IOHandler's own Host is used.
You will have to do something similar in your IOHandler when determining which Host to use for validations.
I don't know exactly how an HTTP proxy works for an HTTPS request...
The HTTP client connects to the proxy with an unencrypted connection and instructs it to open a tunnel to the target server, and then the client initiates the SSL/TLS handshake with the target server and sends the HTTP request.
from indy.
thanks ! it works ! I've updated my repository
perhaps should you add a GetTargetHost method in TIdSSLIOHandlerSocketBase to avoid code duplication
https://github.com/tothpaul/Delphi/blob/master/Indy.SChannel/lib/Execute.IdSSLSChannel.pas#L197
from indy.
Yes, that makes sense. I'll incorporate it in a future version.
from indy.
Related Issues (20)
- Can't upgrade / update XE3 10.5.9 to latest (win10) HOT 4
- IdSNMP: cannot decode oid like this: ....5.1.1.3.3232256472 it reports a negative ....5.1.1.3.-1062711029 HOT 5
- IdSNMP doesn't manage ASN_APP_COUNTER64 type $46
- icmp echo request and response automatically adds 8 bytes to the payload with a tick count HOT 3
- TIdHTTPResponseInfo.WriteContent improperly uses IOHandler.Write method HOT 4
- Add support for new FTP commands: RANG and HASH
- TIdHL7.SynchronousSend does not respect timouts
- GPF in IdASN1Coder
- Unit IdLDAPV3.pas will not compile
- Cannot compile with XE4 HOT 1
- Indy handle cookies with path HOT 6
- TIdSocksServer and TIdEventSocksServer do not honor NeedsAuthentication property HOT 2
- Remove IIdTextEncoding parameters for AnsiString input on FreePascal 3.0+
- ConnectTimeout not working HOT 1
- Service compiled with Delphi 11 (TidTCPServer) with Clients compiled with Delphi XE3 not connecting. HOT 2
- Compile error after fc3966b : an open parenthesis is missing in idHTTP line 3189
- Error reading IdSSLIOHandlerSocketOpenSSL1.SSLOptions.Method: Invalid property value HOT 2
- Make it easier to send replies in TIdEventSocksServer event handlers
- EIdOpenSSLShutdownError on TCP server shutdown after verifying SSL_shutdown result code HOT 4
- When SSL_get_error() returns SSL_ERROR_SYSCALL, include the error from GetLastError()
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from indy.