Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Looking for https (SSL) example with Indy

1,103 views
Skip to first unread message

David Jameson

unread,
Sep 18, 2000, 3:00:00 AM9/18/00
to
Is there anyone out there who has created a sample application that shows
how to grab pages from SSL websites using Indy? If so, would you be willing
to let me see how you did it? I haven't been able to get the one demo I
found so far to work.

Thanks,
David Jameson

Kudzu - Team Indy

unread,
Sep 18, 2000, 3:00:00 AM9/18/00
to
nos...@nospam.digiportal.com (David Jameson) wrote in <8q54ga$qc216
@bornews.borland.com>:

The NNTP demo works as Ive used it to read secure NGs as does SSL Tunnel, as
does the HTTP (Im pretty sure someone readded SSL).

Do you have the DLLs?

--
Chad Z. Hower (Kudzu) - Church Hill, TN - Team Indy
"Programming is an art form that fights back"
Forget the Y2K problem, Lets fix the W2K problem.
http://www.pbe.com/Kudzu/ - Free Delphi/CBuilder components and articles

David Jameson

unread,
Sep 18, 2000, 3:00:00 AM9/18/00
to
Chad, the NNTP demo is no use to me, I need to see how it's done for general
HTTPS sites.. Gregor Ibic did make an SSL version but I tried it and
couldn't get it to work. Yes, I have all the DLLs and they are being loaded
properly - I have traced through the code and the failure is in actual
accessing of the https site (I think) but I have idea what's wrong.

D

Gregor Ibic

unread,
Sep 18, 2000, 3:00:00 AM9/18/00
to
You are probably using those sample certificates in demos.
Remove them from properties and try again.
Certificate authentication is a feature not obligatory!

Regards,
Gregor

"David Jameson" <nos...@nospam.digiportal.com> wrote in message
news:8q5j15$1j...@bornews.borland.com...

David Jameson

unread,
Sep 18, 2000, 3:00:00 AM9/18/00
to
Yes, I was - I'll try without! I don't understand SSL well enough yet to
move forward on my own - I just ordered a book that has a very detailed
writeup on it so I'll get up to speed as soon as I can once I've got the
basics working.

D

--
_________________________
David H. Jameson, Ph.D.
DigiPortal Software

Three quarters of the information you download from
the Internet is useless --- and that's on a good day!
http://www.digiportal.com


"Gregor Ibic" <grego...@intelicom.si> wrote in message
news:8q5u0q$5p...@bornews.borland.com...

David Jameson

unread,
Sep 18, 2000, 3:00:00 AM9/18/00
to
Gregor,
The demo I downloaded from your site seems to be out of sync with the latest
Indy. For example, it contains references to a HeaderInfo property but Indy
doesn't have that....I'm assuming that the replacement is property
'request'
It also references http.PostData which also doesn't seem to be known. So I'm
not quite sure what's going on here. Obviously I can delete these but I
continue to run into other problems as follows:

1) When I try to run, I get socket errors which are clearly related to the
DNS stuff getting an empty name to resolve.
Upon investigation, I note that there's an http.host property which is
not being set anywhere. I realise that there's
a call to HTTP.Get(edURL.text) which presumably should handle things
properly but it doesn't.

2) So I put the name of the host I'm trying to reach into http.host. Now it
gets as far as trying to connect but eventually
I get an exception RSSSLConnectError (in IdSSLOpenSSL, line 945) and
the error variable has the value 0
( I did remove all the sample certificates, by the way, that didn't seem
to make any difference)
I have also set the port to 443 (it was at 80).
So, not really knowing much about SSL, I continue to be at a loss as to how
to move forward. Incidentally, the https site I'm trying to read requires a
username/password, which I'm currently hardcoding into the http.username and
http.password respectively. I'm also assuming that the SocksInfo stuff is
not being used (saNoAuthentication) so I don't need to worry about your
10.1.10.10 host etc.


Any insights you have on what I'm doing wrong would be much appreciated.

Cheers,
David


Kudzu - Team Indy

unread,
Sep 19, 2000, 3:00:00 AM9/19/00
to
nos...@nospam.digiportal.com (David Jameson) wrote in <8q5j15$1j812
@bornews.borland.com>:

>Chad, the NNTP demo is no use to me, I need to see how it's done for general
>HTTPS sites.. Gregor Ibic did make an SSL version but I tried it and

The NNTP demo from teh Indy distribution connects to SSL NNTP as is. Just
tell it in the config it is a secure server.

The old demo had the certs installed, Im pretty sure I removed them for
8.004. If not, remove them and it should work.

Gregor Ibic

unread,
Sep 19, 2000, 3:00:00 AM9/19/00
to
When did you download the demos. They were modified on 14.9.2000 and I'm
sure that there is no reference to HeaderInfo, ...
That code was from old HTTP demos (not ssl's)

Regards,
Gregor
"David Jameson" <nos...@nospam.digiportal.com> wrote in message

news:8q60jp$5s...@bornews.borland.com...

David Jameson

unread,
Sep 19, 2000, 3:00:00 AM9/19/00
to
Gregor,

I just went back and made sure I have your latest code.
In your latest example, you have the URL
https://rotel/ssl/secure.htm
in the entry field.
I compiled and ran that version. It immediately raises an exception and when
I traced through, I get to the line
Binding.IP := GStack.ResolveHost(Host);
in idTCPClient (line 73) and the value of 'Host' is blank.

Out of curiosity, I set the http.host to a bogus URL, and ran it again, with
a breakpoint on the line above. This time, "host" contained my bogus URL. So
the http.Get(edURL.text) seems to be failing.


David


Gregor Ibic

unread,
Sep 20, 2000, 3:00:00 AM9/20/00
to
There must be some simple explanation. I'm running demos without any
problems.

Regards,
Gregor

"David Jameson" <nos...@nospam.digiportal.com> wrote in message

news:8q7l6u$lm...@bornews.borland.com...

David Jameson

unread,
Sep 20, 2000, 3:00:00 AM9/20/00
to
I would hope so....I desperately need to pick an SSL solution for our
product and (in spite of the flak I'm giving Chad) Indy looks like it will
do a great job.

So the question is, how is my environment different from yours?

One possibile difference is that I am running a firewall (winproxy from
Ositas) BUT it's running in transparent mode and using SSL through netscape,
IE, etc works fine without having to configure the browsers to explicitly go
through the proxy. Therefore, your demo should work exactly the same way.

D

Kudzu - Team Indy

unread,
Sep 20, 2000, 3:00:00 AM9/20/00
to
nos...@nospam.digiportal.com (David Jameson) wrote in <8qaafo$hgr5
@bornews.borland.com>:

>One possibile difference is that I am running a firewall (winproxy from
>Ositas) BUT it's running in transparent mode and using SSL through netscape,
Here's another option - you dont need the certs.

Just take the HTTP demo, or a new project.

Drop TIdSSLIntercept on. Set the IdHTTP Intercept property to it.

IIRC thats all you need to do. Now us a get on a https:// and it should
work....

David Jameson

unread,
Sep 20, 2000, 3:00:00 AM9/20/00
to
I did remove the certs - that didn't make any difference. Incidentally,
where is the port being changed to 443?

D

Kudzu - Team Indy

unread,
Sep 20, 2000, 3:00:00 AM9/20/00
to
nos...@nospam.digiportal.com (David Jameson) wrote in <8qasa4$lrh10
@bornews.borland.com>:

>I did remove the certs - that didn't make any difference. Incidentally,
>where is the port being changed to 443?

In IdHTTP's Get.

David Jameson

unread,
Sep 20, 2000, 3:00:00 AM9/20/00
to
What is the point of the 'host' property in the http component if you have
to use http.Get in which you pass a fully qualified URL (including host)?

D

Kudzu - Team Indy

unread,
Sep 21, 2000, 3:00:00 AM9/21/00
to
nos...@nospam.digiportal.com (David Jameson) wrote in <8qbp9f$v36
@bornews.borland.com>:

>What is the point of the 'host' property in the http component if you have
>to use http.Get in which you pass a fully qualified URL (including host)?

If you use the host, you can specify partial URLs.

David Jameson

unread,
Sep 21, 2000, 3:00:00 AM9/21/00
to
OK - now that we have generated a large thread about SSL, the fact remains
that the demo doesn't work on my machine not even to access the URL that
came in the demo (and I've tried other sites as well).

Has anyone else outside of Indy team people managed to get this demo to
work?

Thanks,
David

Kudzu - Team Indy

unread,
Sep 21, 2000, 3:00:00 AM9/21/00
to
nos...@nospam.digiportal.com (David Jameson) wrote in <8qd15j$csi7
@bornews.borland.com>:

>OK - now that we have generated a large thread about SSL, the fact remains

Did you try the steps I posted?

Just on a new form creating IdHTTP and a SSL intercept, and setting the
Intercept property?

Im pretty sure thats all I did in my app to get SSL to work.

Im discussing with the team about the demo itself.

David Jameson

unread,
Sep 21, 2000, 3:00:00 AM9/21/00
to
OK - we are ALMOST working. Some of the problems I encountered are due to
(design?) bugs in Indy (sorry, guys, I'm trying to be nice :-)

The big problem I discovered was that if you use http.Get(....) AND you are
using SSL, then the actual 'fhost' property of the http component is never
assigned to the domain and that makes "Connect" fail due to DNS not being
able to resolve a blank domain.

Once I assigned the domain (but ONLY the domain) to the 'host' property of
http, I made progress

A second problem I ran into was that the demo has a callback to request a
password. As it happens, the site that I am trying to access requires a
username and password but the password that I had set in the http component
was apparently being ignored. Here is the weird part. I put a breakpoint on
the SSL password callback but it never hit. However, I then removed the
callback event completely and then the demo started working!!!

.

I'm now seeing the following in the log (I'm using Gregor's demo)

SSL status: "before/connect initialization"
SSL status: "before/connect initialization"
SSL status: "SSLv3 write client hello A"
SSL status: "SSLv3 read server hello A"
SSL status: "SSLv3 read server certificate A"
SSL status: "SSLv3 read server done A"
SSL status: "SSLv3 write client key exchange A"
SSL status: "SSLv3 write change cipher spec A"
SSL status: "SSLv3 write finished A"
SSL status: "SSLv3 flush data"
SSL status: "SSLv3 read finished A"
SSL status: "SSL negotiation finished successfully"
SSL status: "SSL negotiation finished successfully"
SSL status: "SSL negotiation finished successfully"

However, right after this, I get the message

SSL connection has dropped


and so I never see any headers displayed.


So, what would cause the connection to be dropped?

David


--
_________________________
David H. Jameson, Ph.D.
DigiPortal Software

Three quarters of the information you download from
the Internet is useless --- and that's on a good day!
http://www.digiportal.com


"Kudzu - Team Indy" <cha...@pbe.com> wrote in message
news:8FB66FD75c...@207.105.83.62...

Kudzu - Team Indy

unread,
Sep 22, 2000, 3:00:00 AM9/22/00
to
nos...@nospam.digiportal.com (David Jameson) wrote in <8qdlui$h709
@bornews.borland.com>:

>The big problem I discovered was that if you use http.Get(....) AND you are
>using SSL, then the actual 'fhost' property of the http component is never
>assigned to the domain and that makes "Connect" fail due to DNS not being
>able to resolve a blank domain.
Bug. Definintely not by design. It did not used to omit this - and Im not
sure how it snuck in.

Anyways its been logged as a bug and fixed.

>A second problem I ran into was that the demo has a callback to request a
>password. As it happens, the site that I am trying to access requires a
>username and password but the password that I had set in the http component
>was apparently being ignored. Here is the weird part. I put a breakpoint on
>the SSL password callback but it never hit. However, I then removed the
>callback event completely and then the demo started working!!!

That password is not for HTTP - that password is for SSL certs which you dont
need. For HTTP if you need a username and PW it should be the properties in
the HTTP comp itself.

>So, what would cause the connection to be dropped?

Not sure. 8.006 should be out later tonight with luck - and I've verified the
HTTP demo is up to date and working with SSL.

David Jameson

unread,
Sep 22, 2000, 3:00:00 AM9/22/00
to
I will try the new version and let you know.

THanks,
D

Anthony

unread,
Sep 24, 2000, 3:00:00 AM9/24/00
to
Gregor,

I am having similar problems. Where did you post the latest demos? I am
downloading them from:

Gregor Ibic <grego...@intelicom.si> wrote in message

news:8q6urr$h0...@bornews.borland.com...


> When did you download the demos. They were modified on 14.9.2000 and I'm
> sure that there is no reference to HeaderInfo, ...
> That code was from old HTTP demos (not ssl's)
>

> Regards,
> Gregor
>
>
> "David Jameson" <nos...@nospam.digiportal.com> wrote in message

Anthony

unread,
Sep 24, 2000, 3:00:00 AM9/24/00
to
Ooops..forgot the URL

I am downloading from:
http://www.intelicom.si/download.html

The source from the demo is dated from around June 2000.
Anthony <tech...@gforc.com> wrote in message
news:8qk157$br...@bornews.borland.com...

Anthony

unread,
Sep 24, 2000, 3:00:00 AM9/24/00
to
Gregor,

I am really fighting with the demo and the dll's. Any chance of you
bundling everything together and posting or emailing it?

TIA,

Anthony

Gregor Ibic <grego...@intelicom.si> wrote in message

news:8q8n57$1b...@bornews.borland.com...


> There must be some simple explanation. I'm running demos without any
> problems.
>

> Regards,
> Gregor
>
> "David Jameson" <nos...@nospam.digiportal.com> wrote in message

Anthony

unread,
Sep 24, 2000, 3:00:00 AM9/24/00
to
Gregor,

I finally got things straightened out and the demo is working (as well as my
test app).

Have you tried to post via SSL and get a response? My test app is posting
(at least I think so), but it is not getting the response from the server.
I have tried similar code with IP*Works SSL components and I get a response
from the server. Is there a property I need to set to make the Indy
components wait for a response?

Anthony <tech...@gforc.com> wrote in message

news:8qk2s2$js...@bornews.borland.com...

Gregor Ibic

unread,
Sep 24, 2000, 3:00:00 AM9/24/00
to
Sources are new. September round 18th.
I tested the GET command and not the POST. and GET is working properly.
But commands are HTTP layer, SSL is under it, so SSL doesn't care what
command HTTP does.
I don't really checked but demos should be in Indy source tree also.
Right Kudzu?

Gregor

"Anthony" <tech...@gforc.com> wrote in message

news:8qk1an$br...@bornews.borland.com...


> Ooops..forgot the URL
>
> I am downloading from:
> http://www.intelicom.si/download.html
>
> The source from the demo is dated from around June 2000.
>

> Anthony <tech...@gforc.com> wrote in message

> news:8qk157$br...@bornews.borland.com...
> > Gregor,
> >
> > I am having similar problems. Where did you post the latest demos? I
am
> > downloading them from:
> >
> >
> >

> > Gregor Ibic <grego...@intelicom.si> wrote in message

> > news:8q6urr$h0...@bornews.borland.com...
> > > When did you download the demos. They were modified on 14.9.2000 and
I'm
> > > sure that there is no reference to HeaderInfo, ...
> > > That code was from old HTTP demos (not ssl's)
> > >

> > > Regards,
> > > Gregor
> > >
> > >
> > > "David Jameson" <nos...@nospam.digiportal.com> wrote in message

Kudzu - Team Indy

unread,
Sep 25, 2000, 3:00:00 AM9/25/00
to
tech...@gforc.com (Anthony) wrote in <8qk157$br...@bornews.borland.com>:

>I am having similar problems. Where did you post the latest demos? I am
>downloading them from:

The HTTP demo included with 8.006 can do SSL.

Kudzu - Team Indy

unread,
Sep 25, 2000, 3:00:00 AM9/25/00
to
grego...@intelicom.si (Gregor Ibic) wrote in <8ql6ak$rmv14
@bornews.borland.com>:

>I don't really checked but demos should be in Indy source tree also.
>Right Kudzu?

Yes. The HTTP demo in there does do SSL, and I verified it personally that it
works before we built 8.006.

0 new messages