Recent

Author Topic: handling https with managed lazarus http server  (Read 1205 times)

mr-highball

  • Full Member
  • ***
  • Posts: 211
    • Highball Github
handling https with managed lazarus http server
« on: September 30, 2019, 06:43:12 am »
Hello all, hoping I could get some advice. I need to be able to handle http & https requests from a web server built with the web server project of fpweb.
this topic seemed similar, but it didn't get many responses.
https://forum.lazarus.freepascal.org/index.php/topic,46496.msg331480.html#msg331480

what I've done is include the opensslsockets in my project and try to shoot a https request over to my server, however it simply "freezes" until I kill the web request from my terminal (using powershell). Once the request is killed, lazarus reports back an exception shown below.

I'd like to avoid setting up a reverse proxy or using an alternative web framework if possible, since I've already gone down this route, and wanted it to have as little dependencies as possible. FYI, regular http web calls work just fine, thanks!

Thaddy

  • Hero Member
  • *****
  • Posts: 10526
Re: handling https with managed lazarus http server
« Reply #1 on: September 30, 2019, 10:30:40 am »
Of course you need a certificate on the server! Don't forget to generate and install one. Or obtain one from LetsEncrypt. Or Buy one...

mr-highball

  • Full Member
  • ***
  • Posts: 211
    • Highball Github
Re: handling https with managed lazarus http server
« Reply #2 on: September 30, 2019, 03:17:55 pm »
Thanks thaddy, I should've tried that first ...  :-[
Once I go down that route I'll post back if I run into anything else (just wanted to make sure there wasn't some property I had to toggle on, or set cert info in)

mr-highball

  • Full Member
  • ***
  • Posts: 211
    • Highball Github
Re: handling https with managed lazarus http server
« Reply #3 on: September 30, 2019, 04:34:36 pm »
Ok, so the "secret sauce" I was looking for appears to be setting the Application.UseSSL := True; additionally, the cert info needs to set and can automatically be created if a customized "default handler" is set via TSSLSocketHandler.SetDefaultHandlerClass(aClass : TSSLSocketHandlerClass);

hope this helps someone else, cheers

mr-highball

  • Full Member
  • ***
  • Posts: 211
    • Highball Github
Re: handling https with managed lazarus http server
« Reply #4 on: September 30, 2019, 08:20:14 pm »
Alright, so it was a bit more involved than just toggling on the UseSSL since I had to define a custom TSSLSocketHandlerClass that overrode:
  • function CreateCertificateData: TCertificateData; override;
  • function CreateCertGenerator: TX509Certificate; override;


and then a custom TX509Certificate class that can read the bytes of private/public key (needs to already be created with openssl).

Now that I've done that though, I no longer get SSL errors, but after sending an https request, the server "hangs" indefinitely until I close the client connection, at which point I get Missing HTTP protocol version in request error

this was the only forum post I saw that had some relevance, but the OP changed some source... and I'm hoping not do that (I also don't think they were trying https).
https://forum.lazarus.freepascal.org/index.php?topic=40511.0

I'm still going down the rabbit hole, but if anyone else knows of some pointers to try, I'm all ears.

edit:
this does appear to be hanging inside of procedure fphttpserver.ParseStartLine(Request : TFPHTTPConnectionRequest; AStartLine : String);

trunk:
Code: Pascal  [Select][+][-]
  1. procedure ParseStartLine(Request : TFPHTTPConnectionRequest; AStartLine : String);
  2.  
  3.   Function GetNextWord(Var S : String) : string;
  4.  
  5.   Var
  6.     P : Integer;
  7.  
  8.   begin
  9.     P:=Pos(' ',S);
  10.     If (P=0) then
  11.       P:=Length(S)+1;
  12.     Result:=Copy(S,1,P-1);
  13.     Delete(S,1,P);
  14.   end;
  15.  
  16. Var
  17.   S : String;
  18.   I : Integer;
  19.  
  20. begin
  21.   Request.Method:=GetNextWord(AStartLine);
  22.   Request.URL:=GetNextWord(AStartLine);
  23.   S:=Request.URL;
  24.   I:=Pos('?',S);
  25.   if (I>0) then
  26.     S:=Copy(S,1,I-1);
  27.   If (Length(S)>1) and (S[1]<>'/') then
  28.     S:='/'+S
  29.   else if S='/' then
  30.     S:='';
  31.   Request.PathInfo:=S;
  32.   S:=GetNextWord(AStartLine);
  33.   If (Pos('HTTP/',S)<>1) then
  34.     Raise EHTTPServer.CreateHelp(SErrMissingProtocol,400);
  35.   Delete(S,1,5);
  36.   Request.ProtocolVersion:=trim(S);
  37. end;
  38.  
« Last Edit: September 30, 2019, 08:41:21 pm by mr-highball »

jaffa

  • Newbie
  • Posts: 3
Re: handling https with managed lazarus http server
« Reply #5 on: September 26, 2020, 03:29:04 pm »
have you managed to solve this?

mr-highball

  • Full Member
  • ***
  • Posts: 211
    • Highball Github
Re: handling https with managed lazarus http server
« Reply #6 on: September 26, 2020, 04:41:16 pm »
Unfortunately, I did not. I couldn't figure out how to use a custom certificate. I ended up installing a free signed certificate, installing nginx, configuring nginx to use my certificate and routing all traffic to my web service through regular http. It was more involved than I hoped, but it did work.
If someone else has managed to do this or if fpweb has been updated to easily support it, it would be great for someone to provide an example.

Looked back at the project I was working on, and here's the line where my ssl handling was attempted (may or may not help)
https://github.com/mr-highball/dcl-hackathon-2019/blob/e6e5e621e56fc0453c81a60fd11b998c85e0ee43/services/common/controller.base.pas#L52

And
https://github.com/mr-highball/dcl-hackathon-2019/blob/e6e5e621e56fc0453c81a60fd11b998c85e0ee43/services/common/controller.base.pas#L213
« Last Edit: September 26, 2020, 04:50:58 pm by mr-highball »

jaffa

  • Newbie
  • Posts: 3
Re: handling https with managed lazarus http server
« Reply #7 on: September 28, 2020, 10:42:00 am »
laz_synapse package seems to handle ssl well....
« Last Edit: September 28, 2020, 10:45:44 am by jaffa »

 

TinyPortal © 2005-2018