I use TidHTTP + TIdSSLIOHandlerSocketOpenSSL + 2 DLLs: ssleay32.dll and libeay32.dll from http://indy.fulgan.com/SSL.
But I can see all work of my program in HTTP Analyzer! It works as HTTP, not as HTTPS. If I use Opera I cannot see downloading with the same site (https://esta.cbp.dhs.gov/esta).
I did not set any special parameters for TidHTTP and TIdSSLIOHandlerSocketOpenSSL (may be I must but I do not know what exactly).
Must I use TIdSSLVersion(sslvSSLv23) + location of a SSL certificate? Where can I get this certificate? Or only RootCertFile?
How to change a port of idHttp to 443 (must I do it?)?
I use:
procedure TForm1.FormCreate(Sender: TObject);
var mem:tmemorystream;
begin
try
mem:=TMemoryStream.Create();
try
idhttp1.Get('https://esta.cbp.dhs.gov/esta/',Mem);
except
on E : Exception do ShowMessage(E.Message);
end;
finally
mem.Free;
idhttp1.Free;
end;
end;
Please see my video: http://liga-installer.realservers.info/ssl.mp4
Screen shots:
Thanks Thanks Thanks for help!!!
This simple example works in Delphi XE out of the box, so you don't need to change ports or use a certificate on the client side. It's based on an example from RosettaCode:
Uses
IdHttp, IdSSLOpenSSL
...
procedure TForm2.Button1Click(Sender: TObject);
var
s: string;
lHTTP: TIdHTTP;
begin
lHTTP := TIdHTTP.Create(nil);
try
lHTTP.IOHandler := TIdSSLIOHandlerSocketOpenSSL.Create(lHTTP);
lHTTP.HandleRedirects := True;
s := lHTTP.Get('https://esta.cbp.dhs.gov/esta/');
RichEdit1.Text := s;
finally
lHTTP.Free;
end;
end;
The problem is probably the version of the DLLs you need to deploy. Since recent versions fix security issues, I recommend upgrading your version of Indy to the latest and using the most recent OpenSSL libraries from the fulgan site.
Update: Did you mean that you can't see the site using a web browser, or that when you do you can't see the traffic in your HTTP analyser? As Rob mentioned, if the site isn't visible using a regular web browser, then the problem likely isn't your application.
you are using the wrong tool to check the communication. Your observation only shows the used protocol - which is HTTP 1.0 or 1.1 even if using SSL/TLS.
Try a tool like SmartSnif or Wireshark to check the real network traffic. You will see that the entire traffic is using port 443 with encrypted data.
The header response of HTTP/1.1 (or 1.0) is absolutely correct for HTTPS traffic, the SSL/TLS encryption does not change the transferred data but is a transport layer on top of HTTP traffic.
Regarding HTTP Analyzer (from their website at http://www.ieinspector.com/httpanalyzer/): "Main Features: Support HTTPS, show you unencrypted data sent over HTTPS / SSL connections as the same level of detail as HTTP."
So as I said it decodes the SSL and shows you the HTTP based, unencrypted traffic.
Regards, Arvid
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With