Search code examples
delphidelphi-7

delphi 7 convert HTTP gets to HTTPS gets

I have a program that currently uses Delphi 7 with Indy 9 (I believe) that performs several HTTP GET requests. I need to convert them to use HTTPS now.

The server side is under my control.

I also do not want to install any external DLLs with my program.

I have done many Google searches, but to me it appears I either have to install the external OpenSSL DLLs, or upgrade to a later Delphi version, or use a 3rd party control that is not as simple as the TIdHTTP component.

Does anyone have any suggestions on where to start?

Solution

  • Unfortunately, Indy 9 requires OpenSSL DLLs for SSL/TLS, and even then it requires custom-built versions of the DLLs. Those DLLs are available on Indy's Fulgan mirror in the /SSL/Archive folder.

    To use HTTPS in TIdHTTP in Indy 9, simply assign Indy's TIdSSLIOHandlerSocket component to the TIdHTTP.IOHandler property, and then deploy the custom OpenSSL DLLs with your app. But note that the DLLs are very old (as is Indy 9 in general), so you will not be able to use modern security protocols beyond TLS 1.0.

    Indy 10, on the other hand, does not require OpenSSL specifically. OpenSSL is Indy's default SSL/TLS engine, but you can plugin another SSL/TLS engine by writing/obtaining a TIdSSLIOHandlerSocketBase-derived wrapper component for it. Some 3rd party SSL/TLS engines provide such an SSLIOHandler, such as Eldos SecureBlackbox, and there may be other 3rd party SSLIOHandler implementations floating around as well.

    In theory, Indy 10 does support Delphi versions back to 5 (though older versions are not regularly tested), so you should be able to update your Delphi 7 app to use Indy 10.

    To use HTTPS in TIdHTTP in Indy 10, simply assign a TIdSSLIOHandlerSocketBase-derived component to the TIdHTTP.IOHandler property, and then deploy the DLLs (if any) with your app.

    Indy 10's TIdSSLIOHandlerSocketOpenSSL component uses standard OpenSSL DLLs, not custom DLLs, so you can use any OpenSSL DLL distribution (there are up-to-date DLLs provided in the Fulgan mirror in the /SSL folder).

    If you are adamant about avoiding DLLs, and you don't want to pay a lot of money for a 3rd party SSL/TLS engine, you could at least write your own custom SSLIOHandler that wraps Microsoft's SChannel API, which is built-in to Windows and does not rely on distributable DLLs (an SChannel-based SSLIOHandler implementation is expected to be included in a future version of Indy).