Search code examples
delphisslindy

Delphi Indy SSL Error after migrating to 10.4 Sydney

After compiling my win32 client/server application (using INDY and TMS Sparkle) with Delphi 10.4 I get an ssl error. I use Indy with and a self signed certificate on the server side and indy on the client side. The error message is (translated from german):

Error connection with SSL. EOF encountered violating the protocol.

I did not change any code or environment from 10.3 where it ran perfectly. I can break it down to the server side as the old server (compiled in 10.3) runs with the new client (compiled with 10.4) but the old client also breaks when trying to connect to the new server.

This is how I initialize SSL:

    SecureServer := TIndySparkleHTTPServer.create(nil);
    SecureServer.DefaultPort := SecurePort;
    // Initialize SSL with self signed certificate
    SSLHandler := TIdServerIOHandlerSSLOpenSSL.create(SecureServer);
    SSLHandler.SSLOptions.CertFile := SharedVals.ServerPath + 'appcert.pem';
    SSLHandler.SSLOptions.RootCertFile := SharedVals.ServerPath + 'approot.pem';
    SSLHandler.SSLOptions.KeyFile := SharedVals.ServerPath + 'appkey.pem';
    SSLHandler.SSLOptions.Method := sslvSSLv23;
    SecureServer.IOHandler := SSLHandler;

Emba managed to break Indy in 10.3, perhaps this is an other case like this?

Solution

  • The credit belongs to Remy Lebau who pointed me in the correct direction. But I want to answer my question by supplying the code that made it work again in Delphi 10.4. As the change in Indy was done 2018(!) I still have no idea why it worked perfectly in 10.3 until the upgrade to 10.4.

    Since I use the TMS Sparke Server for Indy directly in a service/daemon project I supply a small class to connect the OnQuerySSLPort Method that expects an object method.

    type
  TSSLHelper = class
  // This helper class is neccessary to set ssl true
  // as it defaults to false on non standard ssl ports
    procedure QuerySSLPort(APort: Word; var VUseSSL: boolean);
  end;

...

procedure TSSLHelper.QuerySSLPort(APort: Word; var VUseSSL: boolean);
begin
  VUseSSL := true;
end;

...

SecureServer := TIndySparkleHTTPServer.create(nil);
SecureServer.DefaultPort := SecurePort;
// Initialize SSL with self signed certificate
SSLHandler := TIdServerIOHandlerSSLOpenSSL.create(SecureServer);
SSLHandler.SSLOptions.CertFile := SharedVals.ServerPath + 'appcert.pem';
SSLHandler.SSLOptions.RootCertFile := SharedVals.ServerPath + 'approot.pem';
SSLHandler.SSLOptions.KeyFile := SharedVals.ServerPath + 'appkey.pem';
SSLHandler.SSLOptions.SSLVersions := [sslvTLSv1, sslvTLSv1_1, sslvTLSv1_2];
SecureServer.IOHandler := SSLHandler;
SSLHelper := TSSLHelper.Create;
SecureServer.OnQuerySSLPort := SSLHelper.QuerySSLPort;
...

    Now it works like before.