indy ssl delphi 服务器

Question

I use Delphi 10.1 Berlin and Indy 10.6.2, 32bit on a Windows Server 2012.

I implemented a server based on TIdHTTPServer . Works like a charm for many years.

Now my customer wants the traffic secured. SSL is an area I have little knowledge of.

There are several helpful pointers on the web that have helped me make CA certificate and key files with OpenSSL. And from several examples I've put together the code below, using TIdServerIOHandlerSSLOpenSSL . The cert/key files are in the exe directory and so are the OpenSSL dlls ssleay32 and libeay32.

The server responds to http://localhost:8080 but there is no response when addressing it via https://localhost . It behaves as if the TIdServerIOHandlerSSLOpenSSL is not there at all. (The IOHandler does read the cert/key files and it complains when I remove the OpenSSL DLLs). It is as if I've forgotten to throw a switch somewhere.

The analysis of Windows Network Diagnostics (in IEdge) is 'The device or resource (localhost) is not set up to accept connections on port "https".'

I tried to log a message via the OnConnect event, but that stage is never reached with HTTPS.

I have run out of ideas, and can not find relevant suggestions on the web.

Here is my code (the components are all declared in code):

procedure TServerForm.FormCreate(Sender: TObject);
var
  ServerSSLIOHandler: TIdServerIOHandlerSSLOpenSSL;
  rootdir           : string;
begin
  inherited;

  rootdir:=ExtractFilePath(Application.ExeName);

  ServerSSLIOHandler:=TIdServerIOHandlerSSLOpenSSL.Create(self);
  ServerSSLIOhandler.SSLOptions.RootCertFile:=rootdir+'ca.cert.pem';
  ServerSSLIOhandler.SSLOptions.CertFile:=rootdir+'localhost.cert.pem';
  ServerSSLIOhandler.SSLOptions.KeyFile:=rootdir+'localhost.key.pem';
  ServerSSLIOhandler.SSLOptions.Method:=sslvSSLv23;
  ServerSSLIOhandler.SSLOptions.Mode:=sslmServer;
  ServerSSLIOhandler.OnGetPassword:=NIL;
  ServerSSLIOhandler.OnVerifyPeer:=OnVerifyPeer;

  HTTPServer:=TIdHTTPServer.Create(self);
  HTTPServer.IOhandler:=ServerSSLIOHandler;
  HTTPserver.Bindings.Add.Port:=443;
  HTTPserver.Bindings.Add.Port:=8080;
  HTTPServer.Active:=True;
  HTTPServer.AutoStartSession:=True;
  HTTPServer.SessionTimeOut:=1200000;
  HTTPserver.OnQuerySSLPort:=OnQuerySSLPort;
  HTTPServer.OnCommandGet:=HTTPServerCommandGet;
  ...
end;

procedure TServerForm.OnQuerySSLPort(APort: Word; var VUseSSL: Boolean);
// This will not be called when the request is a HTTPS request
// It facilitates the use of the server for testing via HTTP://localhost:8080 (i.e. without SSL)
begin
  VUseSSL := (APort<>8080);
end;

function TServerForm.OnVerifyPeer(Certificate: TIdX509; AOk: Boolean; ADepth, AError: Integer): Boolean;
begin
  result:=AOk;
end;

Answer 1

Thank you. Remy's remark about OnConnect and his suggestion to use netstat did the trick. Ie it lead me to discover that the problem was elsewhere. In the past I had to move away from port 80 because it became in use by a Windows service. From then on I specified a port number (8080) in an ini file and acted as follows. Code:

prt:=parameters.ReadInteger('settings','port',80);
if prt<>HTTPserver.DefaultPort
   then begin HTTPserver.Active:=false;
              HTTPserver.Bindings.Clear;
              HTTPserver.DefaultPort:=prt;
              HTTPserver.Active:=true;
        end;

Since this piece of code was still there, obviously only the specified port (8080) was active. netstat revealed that immediately. Will you believe that I am very happy with your quick response!