rlebeau on master
Patch from fpctuxe to make TIdS… (compare)
rlebeau on master
Updating TIdIMAP4.RetrieveHeade… (compare)
rlebeau on master
#53 adding some extra parenthes… (compare)
rlebeau on master
Fix for typo in Computil.dpr (compare)
class TIdSSLContextAccess : public TIdSSLContext { public: __property SSL_CTX* Handle = {read=fContext}; }; ... SSL_CTX_set_options(static_cast<TIdSSLContextAccess*>(IOHandler->SSLContext)->Handle, ...);
Hello, Remy. Here is my results of migration from Indy9 to Indy10 of secured email via different hosts.
Preconditions:
1) Port is hardcoded to 465
2) services to check : mailtrap.io and smtp.gmail.com
3) In our application user can manually choose which type of SSL to use. By default it is OpenSSLv23 i.e. negotiation to choose version is allowed.
Results:
Indy 9 code worked under that settings for both mailtrap.io and smtp.gmail.com.
smtp.gmail.com negotiated with client to TlSv1
under Indy10 negotiation with mailtrap.io works fine
with smtp.gmail.com negotiation doesn't work (why it doesn't negotiated to TlS at all?) but after applying 'magic line'
AIdSMTP.UseTLS := utUseImplicitTLS;
smtp.gmail.com became to understand application in negotiation mode too and negotiation is resolved to TLSv1.2.
Now the question is : is it reliable to left this line provided end user would have own mail server settings?
And why negotiation didn't work without that line?
UseTLS
appropriately, as that governs how SSL/TLS is used during the SMTP session. UseTLS=utNoTLSSupport
is the default, it means no SSL/TLS is used. UseTLS=utUseImplicitTLS
performs an SSL/TLS handshake as soon as the socket is connected, before any SMTP traffic is exchanged. UseTLS=utUseExplicitTLS
connects the socket initially unsecure and then issues an SMTP STARTTLS
comand to perform a handshake only if the server advertises support for that. Indy 9 did not support STARTTLS
at all. Indy 10 does. So you have to specify which mode to use. Not all servers support STARTTLS
, but those that do offer it for legacy clients so they don't have to use SSL/TLS if they don't want to. GMail supports both modes. Port 465 is SMTP's implicit SSL port, port 587 is the explicit TLS port.
OpenSSLVersion()
wrapper function in the IdSSLOpenSSL
unit.
IdOpenSSLSetLibPath()
function to point to it), or if you are compiling for iOS devices (Indy compiles OpenSSL statically on that platform). Indy itself is compiled directly into your app (unless you enable runtime packages, in which case you would then have to deploy those)
But pls consider https://www.openssl.org/source/license.html, for example
- Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in
- the documentation and/or other materials provided with the
distribution.
- Redistributions of any form whatsoever must retain the following
- acknowledgment:
- "This product includes software developed by the OpenSSL Project
for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- All advertising materials mentioning features or use of this software
- must display the following acknowledgement:
- "This product includes cryptographic software written by
- Eric Young (eay@cryptsoft.com)"
- The word 'cryptographic' can be left out if the rouines from the library
- being used are not cryptographic related :-).