I need to consume a Web Service via SSL. In order to accomplish that I have built a web client in Delphi 6 that uses Indy to read the client certificates and write the soap request via https. The compilated version of the code is a DLL that runs in IIS 5.0. After tested the code in my local machine it works fine (I'm behind a proxy). But after the code is deployed to prod servers (not proxy) the SSL connection fails saying "Error connecting with SSL".
Here is my code:
var
Response: TStringStream;
IdHttp: TIdHTTP;
IdCnxSLL: TIdConnectionInterceptOpenSSL;
XmlSoapDoc: IXMLDocument;
begin
Response := TStringStream.Create('');
IdHttp := TIdHTTP.Create(nil);
IdCnxSLL := TIdConnectionInterceptOpenSSL.Create(nil);
XmlSoapDoc := TXMLDocument.Create(nil);
with IdCnxSLL do
begin
IdCnxSLL.SSLOptions.Method := sslvSSLv23;
IdCnxSLL.SSLOptions.RootCertFile := IniHttpConnectionData.Values['RootCertFile'];
IdCnxSLL.SSLOptions.CertFile := IniHttpConnectionData.Values['CertFile'];
IdCnxSLL.SSLOptions.KeyFile := IniHttpConnectionData.Values['KeyFile'];
IdCnxSLL.OnGetPassword := IdConInterceptOpenSSLGetPassword;
end;
with IdHttp do
begin
if bUseProxy then
begin
Request.ProxyServer := IniHttpConnectionData.Values['ProxyServer'];
Request.ProxyPort := StrToIntDef(IniHttpConnectionData.Values['ProxyPort'], 0);
end
else
begin
Host := IniHttpConnectionData.Values['HTTPHost'];
Port := StrToIntDef(IniHttpConnectionData.Values['HTTPPort'], 443);
end;
Request.ContentType := 'text/xml';
Intercept := IdCnxSLL;
InterceptEnabled := True;
end;
try
IdHttp.Post(ServiceURL, SoapEnv, Response);
except
on E:EIdOSSLConnectError do
LogError('SSL Connect Error: ' + E.Message);
on E:Exception do
LogError('Error' + E.ClassName + ' - ' + E.Message);
end;
I also try this code compiling into an exe program and it works. Is there something else I need to configure/add?
Thanks.
The fact that you are using TIdConnectionInterceptOpenSSL tells me that you are using a VERY old version of Indy. I am guessing Indy 8, which shipped with D6. Indy 8 and earlier are no longer officially supported by the Indy development team (which I am a member of). You really should upgrade to Indy 9, if not to Indy 10. In Indy 9, TIdConnectionInterceptOpenSSL was replaced with a new TIdSSLIOHandlerSocket component. Also, Indy 9 and earlier required custom-made OpenSSL DLLs, which may be contributing to your error as well, if you are using the wrong DLLs for your version of Indy. Indy 10, on the other hand, uses the standard DLLs from OpenSSL's website now.
Finnally It worked. Although I strongly encourage you to use a newer version of Indy as Remy suggests. I will post the steps that did the trick for me since there should be other people with the same problem.
The original code I posted is functional, it works when we need to post information via secured http (https) but the remote server requires prior authentification using a client certificate.
In order to make it work, it is necessary to verify the following:
For the first 2 steps follow the steps mentioned here link text or (in case link is expired) Google "IndySSL - using certificate authentication". It worked for me.
Hope this will help.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.