These are chat archives for IndySockets/Indy

30th
May 2017
mezen
@mezen
May 30 2017 06:42
@rlebeau if I want to use IdAuthenticationNTLM or IdAuthenticationSSPI (which also contain NTLM?), do I still have to set ProxyParams.BasicAuthentication := True; or is NTLM not considered as Basic authentication?
(My Target Platform is only Win32, maybe Win64 someday in a far future)
Mark Humphreys
@mmarquee
May 30 2017 11:24
I am trying to add client certificates to a solution using TIdTCPServer that already has SSL connections - based on an answer given in Embarcadero forums. I have setup OnVerifyPeer events, and set VerifyMode to [sslvrfPeer], but it is currently allowing connections when there is no client certificate. What have I done wrong / missed ?
mezen
@mezen
May 30 2017 11:29
sslvrPeer: A Request from a client certificate will be sent to the client. The client may opt to ignore the request, but if a certificate is sent back, it will be verified.
sslvrfFailIfNoPeerCert: only used for server when sslvrPeeris set. Use of this flag will cause the handshake to terminate immendiatly if no certificate is provided by the client.
sslvrfClientOnce: only used for server when sslvrPeeris set. Use of this flag will prevent the server from requesting a certificate from the client in the case of renegotiation. A certificate will still be requested during the initial handshake
@mmarquee so you have to set VerifyMode to [sslvrfPeer, sslvrfFailIfNoPeerCert]
mezen
@mezen
May 30 2017 11:41
Good source is https://wiki.openssl.org/index.php/Manual:SSL_CTX_set_verify(3)
SSL_VERIFY_NONE is VerifyMode := [];
Mark Humphreys
@mmarquee
May 30 2017 15:26
@mezen Super, setting those values will disable connection until a correct client certificate it sent. Been looking at this for hours working out what was wrong. Thanks
Remy Lebeau
@rlebeau
May 30 2017 17:14
@mezen BASIC is an actual authentication scheme of its own. Setting BasicAuthentication=True just means that TIdHTTP is allowed to fall back to BASIC if not using any other authentication