These are chat archives for IndySockets/Indy

11th
Dec 2018
John
@JEisenheim_twitter
Dec 11 2018 00:10
@rlebeau No luck, when building with 5451 everything is ok, but 5489 fails, when the CommandOther handler is reached the TIdHTTPRequestInfo RawHTTPCommand contains garbage. Do you have an archive of Indy snapshots?
Remy Lebeau
@rlebeau
Dec 11 2018 00:11
@JEisenheim_twitter No, I do not. You would have to get them from the SVN server directly. Have you sniffed the network traffic to make sure that an SSL handshake is taking place? Do you have an OnQuerySSLPort event handler assigned? or at least have TIdTHTTPServer listening on port 443? It is hard to diagnose when I can't see your setup
John
@JEisenheim_twitter
Dec 11 2018 00:14
@rlebeau Offtopic: Does the TidHTTPServer use RootCertFile? I have CertFile and KeyFile setup correctly, don't know how RootCertFile is used by the server.
John
@JEisenheim_twitter
Dec 11 2018 00:32
The problem is in the IdCustomHTTPServer.pas unit, just copying the old version fixed the problem. I will continue to locate the problem.
Remy Lebeau
@rlebeau
Dec 11 2018 00:32
@JEisenheim_twitter yes, RootCertFile is used. If assigned, it gets passed to OpenSSL's SSL_CTX_load_verify_locations() and SSL_CTX_set_client_CA_list() functions.
@JEisenheim_twitter there have been only 2 revisions to IdCustomHTTPServer.pas since rev 5451. In rev 5461 to activate SSL on port 443 by default if no OnQuerySSLPort handler is assigned, and to add some TODO comments. In rev 5480 to add some more TODO coments only.
John
@JEisenheim_twitter
Dec 11 2018 00:40
@rlebeau That was..... DoQuerySSLPort now returns false if the port is not 443 and the QuerySSLPort hander is not defined, the old version returned true. Small change in behavior. THANK YOU for your help.
Remy Lebeau
@rlebeau
Dec 11 2018 00:43
@JEisenheim_twitter the old code was buggy, if OnQuerySSLPort was not assigned, SSL would be activated on every port, even non-HTTPS ports like the standard HTTP port 80. That was fixed so SSL would be activated only for port 443, which is the standard HTTPS port. If you want to use non-standard HTTPS ports, you have to use OnQuerySSLPort.