Search code examples
delphiopensslindy10

Delphi Indy 10 TIdHTTPServer Access Violation in IDE upon termination if Bindings supplied and using OpenSSL

Using Indy 10 (rev. 5128), I I get an access violation in the IDE upon termination if I supply bindings to TIdHTTPServer and when using OpenSSL.

The error message is the following: Project Project1.exe raised exception class EAccessViolation with message 'Access violation at address 1200DBB9 in module 'ssleay32.dll'. Write of address FEEEFFDA'.

A simple test case is below. Just create a form, add uses, and put the codes below in the form create. Run the application in the IDE and access the [https://localhost] in the browser (you will get nothing in reply), then close the application. An access violation is raised in the IDE (but the exception does not appear when running normally). Of course, you need to have the openssl dll's when running (I was using the latest 1.0.1g from indy.fulgan.com website) and also your own ssl certificate files.

uses IdHTTPServer, IdSSLOpenSSL;

{$R *.dfm}

procedure TForm1.FormCreate(Sender: TObject);
var
  HTTPServer:TIdHTTPServer;
begin
  HTTPServer := TIdHTTPServer.Create(Self);
  with HTTPServer do
  begin
    DefaultPort := 443;

    Bindings.Clear;
    with Bindings.Add do
    begin
      IP := '127.0.0.1';
    end;

    IOHandler := TIdServerIOHandlerSSLOpenSSL.Create(nil);
    with TIdServerIOHandlerSSLOpenSSL(IOHandler) do
    begin
      SSLOptions.RootCertFile := 'localhost.cer';
      SSLOptions.CertFile := 'localhost.cer';
      SSLOptions.KeyFile := 'localhost.key';
      SSLOptions.Method := sslvTLSv1;
      SSLOptions.VerifyMode := [];
      SSLOptions.VerifyDepth := 0;
    end;

    Active := True;
  end;
end;

If the bindings are not supplied, the IDE exception does not appear. It's just quite bothersome to keep getting the error while running in the IDE. I need to only bind to localhost and do not want to bind to all addresses.

UPDATE:

I have traced and added OnException and OnListenerException event handlers. I am getting an EAccessViolation exception in the OnException event upon termination with the same error message indicated in my post. The exception appears in the IDE just before it reaches the first line breakpoint on the OnException event handler. During the breakpoint, the call stack is the following: 

TForm1.HTTPServerOnException($1892CA0,$18921FC) 
:0046fa45 TIdCustomTCPServer.DoException + $19 
:0041b6bf ThreadProc + $37 
:0040400e ThreadWrapper + $2A 
:74743daa KERNEL32.BaseThreadInitThunk + 0xe 
:76ef11c1 ntdll.RtlDispatchAPC + 0xcf 
:76ef1197 ntdll.RtlDispatchAPC + 0xa5

I have tried using the older 1.0.1f, 0.9.8y, and 0.9.8x OpenSSL DLLs and I am still having the same exception.

Solution

  • I added IdGlobal in the uses and modified the bindings to have also the IPv6 localhost address and the exception no longer appears.

    Bindings.Clear;
with Bindings.Add do
begin
  IP := '127.0.0.1';
  IPVersion := Id_IPv4;
end;
with Bindings.Add do
begin
  IP := '::1';
  IPVersion := Id_IPv6;
end;

    Still weird though.