Delphi: IdHTTP+SSL does not work. No errors!

maxfax picture maxfax · Jul 14, 2011 · Viewed 22.6k times · Source

I use TidHTTP + TIdSSLIOHandlerSocketOpenSSL + 2 DLLs: ssleay32.dll and libeay32.dll from http://indy.fulgan.com/SSL.

But I can see all work of my program in HTTP Analyzer! It works as HTTP, not as HTTPS. If I use Opera I cannot see downloading with the same site (https://esta.cbp.dhs.gov/esta).

I did not set any special parameters for TidHTTP and TIdSSLIOHandlerSocketOpenSSL (may be I must but I do not know what exactly).

Must I use TIdSSLVersion(sslvSSLv23) + location of a SSL certificate? Where can I get this certificate? Or only RootCertFile?

How to change a port of idHttp to 443 (must I do it?)?

I use:

procedure TForm1.FormCreate(Sender: TObject);
var mem:tmemorystream;
begin
try
  mem:=TMemoryStream.Create();
  try
    idhttp1.Get('https://esta.cbp.dhs.gov/esta/',Mem);
  except
   on E : Exception do ShowMessage(E.Message);
  end;
finally
  mem.Free;
  idhttp1.Free;
end;
end;

Please see my video: http://liga-installer.realservers.info/ssl.mp4

Screen shots:

enter image description here enter image description here enter image description here

Thanks Thanks Thanks for help!!!

Answer

Bruce McGee picture Bruce McGee · Jul 14, 2011

This simple example works in Delphi XE out of the box, so you don't need to change ports or use a certificate on the client side. It's based on an example from RosettaCode:

Uses
  IdHttp, IdSSLOpenSSL

...

procedure TForm2.Button1Click(Sender: TObject);
var
  s: string;
  lHTTP: TIdHTTP;
begin
  lHTTP := TIdHTTP.Create(nil);
  try
    lHTTP.IOHandler := TIdSSLIOHandlerSocketOpenSSL.Create(lHTTP);
    lHTTP.HandleRedirects := True;
    s := lHTTP.Get('https://esta.cbp.dhs.gov/esta/');
    RichEdit1.Text := s;
  finally
    lHTTP.Free;
  end;
end;

The problem is probably the version of the DLLs you need to deploy. Since recent versions fix security issues, I recommend upgrading your version of Indy to the latest and using the most recent OpenSSL libraries from the fulgan site.

Update: Did you mean that you can't see the site using a web browser, or that when you do you can't see the traffic in your HTTP analyser? As Rob mentioned, if the site isn't visible using a regular web browser, then the problem likely isn't your application.