These are chat archives for IndySockets/Indy
var LIdHTTP : TIdHTTP; LSSLIOHandler : TIdSSLIOHandlerSocketOpenSSL; LRequestStr, LResult : String; begin LRequestStr := 'https://www.google.com'; LIdHTTP := TIdHTTP.Create(nil); try // Setup of TidHTTP that supposedly works with Squid SSPINTLM authentication. LSSLIOHandler := TIdSSLIOHandlerSocketOpenSSL.Create(LIdHTTP); LSSLIOHandler.SSLOptions.Method := TIdSSLVersion.sslvTLSv1_2; LIdHTTP.IOHandler := LSSLIOHandler; LIdHTTP.HandleRedirects := True; LIdHTTP.AllowCookies := True; LIdHTTP.ConnectTimeout := 10000; LIdHTTP.ReadTimeout := 10000; LIdHTTP.Request.BasicAuthentication := True; LIdHTTP.HTTPOptions := LIdHTTP.HTTPOptions + [hoKeepOrigProtocol] + [hoInProcessAuth] + [hoNoProtocolErrorException] + [hoWantProtocolErrorContent]; LIdHTTP.ProtocolVersion := pv1_1; LIdHTTP.ProxyParams.ProxyServer := 'proxy'; LIdHTTP.ProxyParams.ProxyPort := 3128; LResult := LIdHTTP.Get(LRequestStr); CheckEquals(200, LIdHTTP.ResponseCode); finally LIdHTTP.Free; end; end;
TIdHTTP.OnSelectProxyAuthorizationevent if the
TIdHTTP.ProxyParams.Authenticationproperty is not assigned, and then the
TIdHTTP.OnProxyAuthorizationevent to ask for new credentials if needed. Neither of which you have assigned event handlers to. If authentication cannot be performed at all (unsupported auth scheme, no credentials provided, retry limit reached, etc), TIdHTTP should exit if
hoNoProtocolErrorExceptionis set, otherwise it will raise an exception. If authentication can proceed, TIdHTTP will try to perform it if
hoInProcessAuthis set, otherwise it should exit and you will have to send a new request with proxy authentication added.
CONNECTverb. And yes, it is looped, because it may take multiple HTTP requests to satisfy authentication, HTTP redirects, etc. The loop is hard-coded to "False" because the number of iterations needed is unknown. The inner body of the loop needs to decide when to exit the loop.
hoNoProtocolErrorExceptionwas never intended to be used with proxy handling. The loop in question does not look at the return value of
LLocalHTTP.ProcessResponseto break the loop if needed. A similar loop is in
TIdCustomHTTP.DoRequest(), but it does look at the return value and act accordingly. So similar logic will have to be added to
TIdCustomHTTP.ConnectToHost()when communicating with a proxy
hoWantProtocolErrorContent, and then catch the raised
EIdHTTPProtocolException. The response code will be in the exception's
ErrorCodeproperty, and any body content will be in the
Thanks for the response, very much appreciated. I only added
hoWantProtocolErrorContent) this morning as otherwise the code below the
Get() would never run etc. and when it failed, the raised exception didn't make it particularly obvious initially what had failed where (whereas having the Check like fail would've been rather more direct) so I thought I'd rather just stop the whole exception thing and check the result code, whatever it may be.
Anyway given what you've said however I'll remove these again and make do with catching the exception instead as suggested for now.
Aside from this I'm still puzzled about the test failing now with a 407 in the first place. I'm trying to understand and reconcile your explanation with the fact that this code was working previously through this proxy, and to add which works (still) with NTLMSSP via Chrome and Firefox with no problems.
So I'm slightly puzzled regarding the auth, how this worked at all in the past then, seemingly by some fluke, since if I understand you correctly you're implying that the above code could not auth properly against an NTLM proxy due to missing event handlers/properties? Or am I misunderstanding you? (I've added IdHTTPSSPI and IdHTTPNTLM units to the above code, which was previously missing to ensure these were registered but hasn't made a difference... shouldn't the presence of these units register the necessary handlers so that
hoInProcessAuth makes Indy deal with the authentication? I'm obviously being stupid about something... sorry!)