* * *

Author Topic: [SOLVED] Indy and SSL  (Read 3736 times)

DanishMale

  • New member
  • *
  • Posts: 40
[SOLVED] Indy and SSL
« on: February 23, 2017, 07:24:47 am »
Solution: I found that the DateTime handling in the DLL was mixed up and had to be rewritten to form the dynamic URL



Hi,

I am going NUTS... over Indy and their OpenSSL....

I am trying to create a DLL which collects some JSON data from a website, I have got to work perfectly on numerous of other sites, however, this sites really got got my brains out...

If I create this app an run it directly as an EXE with only this changed in the SSLOptions.Method := sslvTLSv1_2 and SSLOptions.Versions := [sslvTLSv1_2] to the IdSSLIOHandlerSocketOpenSSL  it works perfectly

but as DLL NOT:

Code: Pascal  [Select]
  1.  
  2. function CreateSSLHandler: TIdSSLIOHandlerSocketOpenSSL;
  3. var
  4.   SSL_org: TIdSSLIOHandlerSocketOpenSSL;
  5. begin
  6.   SSL_org := TIdSSLIOHandlerSocketOpenSSL.Create(nil);
  7.   SSL_org.IPVersion := Id_IPv4;
  8.   SSL_org.MaxLineAction := maException;
  9.   SSL_org.MaxLineLength := 16384;
  10.   SSL_org.Port := 0;
  11.   SSL_org.ReadTimeout := -1;
  12.   SSL_org.ReuseSocket := rsOSDependent;
  13.   SSL_org.SendBufferSize := 32768;
  14.   SSL_org.SSLOptions.Method := sslvTLSv1_2;
  15.   SSL_org.SSLOptions.Mode := sslmUnassigned;
  16.   SSL_org.SSLOPtions.SSLVersions := [sslvTLSv1_2];
  17.   SSL_org.SSLOptions.VerifyDepth := 0;
  18.   SSL_org.UseNagle := True;
  19.   CreateSSLHandler := SSL_org;
  20. end;
  21.  
  22. function CreateHTTP: TIdHTTP;
  23. var
  24.   HTTP_org: TIdHTTP;
  25. begin
  26.   HTTP_org := TIdHTTP.Create(nil);
  27.   HTTP_org.IOHandler := CreateSSLHandler;
  28.   HTTP_org.Request.ContentType := 'text/html';
  29.   HTTP_org.AllowCookies := True;
  30.   HTTP_org.ProxyParams.BasicAuthentication := False;
  31.   HTTP_org.ProxyParams.ProxyPort := 0;
  32.   HTTP_org.Request.ContentLength := -1;
  33.   HTTP_org.Request.ContentRangeEnd := -1;
  34.   HTTP_org.Request.ContentRangeStart := -1;
  35.   HTTP_org.Request.ContentRangeInstanceLength := -1;
  36.   HTTP_org.Request.Date := 0;
  37.   HTTP_org.Request.Expires := 0;
  38.   HTTP_org.Request.LastModified := 0;
  39.   HTTP_org.Request.Accept := 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8';
  40.   HTTP_org.Request.BasicAuthentication := False;
  41.   HTTP_org.Request.UserAgent := 'My Custom UserAgent';
  42.   HTTP_org.Request.Ranges.Units := 'bytes';
  43.   HTTP_org.HTTPOptions := [hoForceEncodeParams];
  44.   HTTP_org.ProtocolVersion := pv1_1;
  45.   CreateHTTP := HTTP_org;
  46. end;        
  47.  

It's exactly the same settings as in the EXE file .. which works  :o


I am getting desperate ....
« Last Edit: February 25, 2017, 01:32:31 am by DanishMale »
Lazarus 1.6 x64 | FPC 3.0.0 | Windows 10 x64 | MySQL Community Server (GPL) 5.6 x64 | MariaDB 10.1.21 x64 | Firebird 3.0.1 x64 | SQLite 3.16.2 x64|MS SQL Server 2012 x64 | PostgresSQL 9.6.1 x64 | Oracle 12.1.0.2 SE x64 |Windows Server 2008 x64

Cyrax

  • Hero Member
  • *****
  • Posts: 542
Re: Indy and SSL
« Reply #1 on: February 23, 2017, 07:30:34 am »
Which site you are trying to access?
Can you show to us your application main source code?

DanishMale

  • New member
  • *
  • Posts: 40
Re: Indy and SSL
« Reply #2 on: February 23, 2017, 07:33:25 am »
Lazarus 1.6 x64 | FPC 3.0.0 | Windows 10 x64 | MySQL Community Server (GPL) 5.6 x64 | MariaDB 10.1.21 x64 | Firebird 3.0.1 x64 | SQLite 3.16.2 x64|MS SQL Server 2012 x64 | PostgresSQL 9.6.1 x64 | Oracle 12.1.0.2 SE x64 |Windows Server 2008 x64

Cyrax

  • Hero Member
  • *****
  • Posts: 542
Re: Indy and SSL
« Reply #3 on: February 23, 2017, 07:54:46 am »
Which version of Indy you are using?

GetMem

  • Hero Member
  • *****
  • Posts: 2408
Re: Indy and SSL
« Reply #4 on: February 23, 2017, 08:19:24 am »
Quote
If I create this app an run it directly as an EXE with only this changed in the SSLOptions.Method := sslvTLSv1_2 and SSLOptions.Versions := [sslvTLSv1_2] to the IdSSLIOHandlerSocketOpenSSL  it works perfectly but as DLL NOT:
Ok and how exactly fails? What is the error message? I see in your description Lazarus 1.6 x64, are you creating 64bit application/dll? Make sure libeay32.dll and ssleay32.dll match your binary format so you don't mix 32 with 64 and vice versa. Of course this is just guessing...the problem may be something completely different.

DanishMale

  • New member
  • *
  • Posts: 40
Re: Indy and SSL
« Reply #5 on: February 23, 2017, 04:02:47 pm »
The error looks like this:

Error connecting with SSL.
error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure


I have used the  libeay32.dll and ssleay32.dll in previous x64 DLL / Apps
Lazarus 1.6 x64 | FPC 3.0.0 | Windows 10 x64 | MySQL Community Server (GPL) 5.6 x64 | MariaDB 10.1.21 x64 | Firebird 3.0.1 x64 | SQLite 3.16.2 x64|MS SQL Server 2012 x64 | PostgresSQL 9.6.1 x64 | Oracle 12.1.0.2 SE x64 |Windows Server 2008 x64

Phil

  • Hero Member
  • *****
  • Posts: 2316
Re: Indy and SSL
« Reply #6 on: February 23, 2017, 04:39:55 pm »
Error connecting with SSL.
error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure

I feel your pain.

I would spend the day searching that error message. I solved a recent Indy problem by trying various suggestions given here:

https://stackoverflow.com/questions/35987485/eidosslconnecterror-error-connecting-with-ssl-eof-was-observed#

Interestingly, FPC's HTTP client did not have this EOF problem at all. You could try FPC's just to see if there's any difference.

I've had a lot of problems keeping code that retrieves data from Web sites running, as they transition from http to https, change APIs, change handshake policies, change WSDL, etc. No two http clients in my experience work the same and they all have problems if you're hitting against enough different sites. I work with 4: Indy, FPC, Synapse and Foundation (Mac).

Also, who's responsible for freeing the TIdSSLIOHandlerSocketOpenSSL object? It looks like you're assuming that Indy is.

Edit: I've never seen a problem where it works in an executable and not in a dynamic library. In my experience, if it works in one, it will work in the other and vice versa. Make sure both the executable and the library are using the same SSL libraries.
« Last Edit: February 23, 2017, 04:42:13 pm by Phil »

Remy Lebeau

  • Sr. Member
  • ****
  • Posts: 334
    • Lebeau Software
Re: Indy and SSL
« Reply #7 on: February 24, 2017, 04:24:34 am »
I am going NUTS... over Indy and their OpenSSL....

It is not OUR OpenSSL.  OpenSSL is a 3rd party open source library independent of Indy.

To use TLS 1.2 in Indy, make sure you are using up-to-date versions of Indy and OpenSSL 1.0.2 (Indy does not support OpenSSL 1.1.0 yet).

If I create this app an run it directly as an EXE with only this changed in the SSLOptions.Method := sslvTLSv1_2 and SSLOptions.Versions := [sslvTLSv1_2] to the IdSSLIOHandlerSocketOpenSSL  it works perfectly

but as DLL NOT

Neither Indy nor OpenSSL behave differently whether used in an EXE or a DLL.  So something else is going on.

It's exactly the same settings as in the EXE file .. which works  :o

Have you tried using a packet sniffer, like Wireshark, to look at the actual TLS handshake to see if anything is different between the EXE and DLL handshakes?

Error connecting with SSL.
error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure

A TLS alert comes from the peer.  So, in this case, it means the HTTP server is rejecting the TLS handshake.  Now you need to figure out why.  And that is where Wireshark comes into play.
« Last Edit: February 24, 2017, 04:28:32 am by Remy Lebeau »
Remy Lebeau
Lebeau Software - Owner, Developer
Internet Direct (Indy) open source project - Admin, Developer

 

Recent

Get Lazarus at SourceForge.net. Fast, secure and Free Open Source software downloads Open Hub project report for Lazarus