Search the Community

After upgrade to Delphi 12, my multidevice app have trouble connecting to DSRestServer app Regarding server side ... I can execute TEST CONNECTION in DSRestConnection, I can CREATE CLIENT CLASSES UNIT in designer, but when I start app, it cannot connect Server app has not been changed. IOS version - everything works fine. Certificate checked - not expired. I use DigiCert one Old version of the app which is on GooglePLay works fine also. But when I run newly Android build-ed Version I get exception Project ccclient.apk raised exception class EJNIException with message 'javax.net.ssl.SSLHandshakeException: Read error: ssl=0xb400007b9e3f3cc8: Failure in SSL library, usually a protocol error error:100000f0:SSL routines:OPENSSL_internal:UNSUPPORTED_PROTOCOL (external/boringssl/src/ssl/handshake_client.cc:713 0x7c35c4f803:0x00000000)'. First chance exception at $BE81BED3. Exception class ENetHTTPCertificateException with message 'javax.net.ssl.SSLHandshakeException: Read error: ssl=0xeadc39c8: Failure in SSL library, usually a protocol error error:100000f0:SSL routines:OPENSSL_internal:UNSUPPORTED_PROTOCOL (external/boringssl/src/ssl/handshake_client.cc:713 0xd07d1357:0x00000000)'. Process ccclient.apk (30412) I use Samsung a71 as target with OneUI version 5.1 and android 13. All SSL protocols checkboxes in DSRestConnection are checked. I try to check one by one I got same error on all protocols. I saw some post with howto put OpenSSL libs in app but idk how (and I cant find him again). Any help will be appreciated...

Hello everyone, I'm working on a Delphi project that requires signing a request signature with RSASSA-PSS algorithm. In my implementation, I initialize the signing context with EVP_DigestSignInit using SHA-256. However, when I attempt to set the salt length with EVP_PKEY_CTX_set_rsa_pss_saltlen(PSSCtx, 32), it consistently returns an error. I'm using the OverByteIcsLIBEAY.pas functions. Params I need to use for the signature: Hash algorithm: SHA-256 Mask generation function: MGF1 Mask generation algorithm: SHA-256 Salt length: 32 bytes (= 256 bits, same as the hash length) Trailer field: 1 Has anyone here encountered similar issues with RSASSA-PSS in OpenSSL, particularly with setting the salt length? Any advice on handling this setup in Delphi would be greatly appreciated! Thanks in advance! function TIsabelData.SignData(const AData: TBytes; APrivateKey: PEVP_PKEY): string; var SignCtx: PEVP_MD_CTX; PSSCtx: PEVP_PKEY_CTX; Sig: TBytes; SigLen: Cardinal; ErrCode: Cardinal; begin if EVP_PKEY_base_id(APrivateKey) <> EVP_PKEY_RSA then raise Exception.Create('The provided key is not an RSA key'); SignCtx := EVP_MD_CTX_create; PSSCtx := nil; try if EVP_DigestSignInit(SignCtx, @PSSCtx, EVP_sha256, nil, APrivateKey) <> 1 then raise Exception.Create('Error initializing digest sign'); if EVP_PKEY_CTX_set_rsa_padding(PSSCtx, RSA_PKCS1_PSS_PADDING) <= 0 then raise Exception.Create('Error setting RSA PSS padding'); if EVP_PKEY_CTX_set_rsa_pss_saltlen(PSSCtx, 32) <= 0 then begin ErrCode := ERR_get_error; raise Exception.Create('Error setting RSA PSS salt length: ' + string(ERR_reason_error_string(ErrCode))); end; if EVP_PKEY_CTX_set_rsa_mgf1_md(PSSCtx, EVP_sha256) <= 0 then raise Exception.Create('Error setting MGF1 to SHA256'); if EVP_DigestSignUpdate(SignCtx, @AData[0], Length(AData)) <> 1 then raise Exception.Create('Error updating digest sign'); SigLen := 0; if EVP_DigestSignFinal(SignCtx, nil, @SigLen) <> 1 then raise Exception.Create('Error finalizing digest sign'); SetLength(Sig, SigLen); if EVP_DigestSignFinal(SignCtx, @Sig[0], @SigLen) <> 1 then raise Exception.Create('Error finalizing digest sign'); Result := TNetEncoding.Base64.EncodeBytesToString(Sig); finally EVP_MD_CTX_free(SignCtx); EVP_PKEY_CTX_free(PSSCtx); end; end;

Hello everyone, I' trying to understand where I get the certificate files for the SSL certificate and CA certificate from. I have to specify them in the FireDAC connection component. With the component I want to connect to the Azure cosmos DB for MongoDB (vCore). Do I need to get them from somewhere like " www.digicert.com " or do I get them from Azure itsself? Connection parameter: SSLPEMKeyFile -- is the path name to the .pem file that contains the SSL certificate and key. SSLCAFile -- is the path name to the .pem file that contains the certificate from the Certificate Authority (CA). (Source: https://docwiki.embarcadero.com/RADStudio/Athens/en/Connect_to_MongoDB_Database_(FireDAC)) Thanks in advance. Robert

Trying to load a website with TWebBrowser, the site have self signed certificates which will be flagged as not safe. I am ending up with a blank page. TWebBrowser.OnDidFailLoadWithError never trigger. The blank page occur on IOS and Android. On Windows there is a warning page, (NET::ERR_CERT_AUTHORITY_INVALID) What is the best way of catching the certificate errors or even better ignore them so the page can load? The application is only talking with its own web servers so the security isn't a problem here.

I trying to add SSL function to my app. The app will be in win/android and IOS. I cant find a good example to make the calls to the server in HTTPS. Someone that knows witch DLL and can make a code example? Thansk

OverbyteIcsLIBEAY.pas Version: 8.70 Function IcsX509VerifyErrorToStr function string: Result := String(AnsiString(X509_verify_cert_error_string(ErrCode))); If OpenSSL is not loaded, then IcsX509VerifyErrorToStr fails with an exception: ClassName: EAccessViolation. Message: Access violation at address 00000000. Read of address 00000000

I am trying to connect with web-browser to Indy HTTP server runing on https://127.0.0.1:4567. I have read many tutorials and some of them are interesting, like: 1. https://mikejustin.wordpress.com/2019/06/14/how-to-lets-encrypt-certificates-with-indy-http-server/ 2. https://synaptica.info/en/2016/09/21/build-your-own-https-server-with-delphi/ I have created self signed certificates with help of this example tutorial: https://github.com/glenkleidon/DelphiCertAuth As a passphrase for testing I used "123456". After that I have installed newly generated file root_cert.crt in Trusted Root CA in Windows (using "WinKey+R" and certmgr.msc) In my code I have set: ... // create IOHandler for OpenSSL IdServerIOHandlerSSLOpenSSL1.SSLOptions.CertFile := 'mycomputerCertificate.pem'; IdServerIOHandlerSSLOpenSSL1.SSLOptions.KeyFile := 'mycomputerPrivateKey.pem'; IdServerIOHandlerSSLOpenSSL1.SSLOptions.RootCertFile := 'certificateAuthorityCertificate.pem'; IdServerIOHandlerSSLOpenSSL1.SSLOptions.Mode := sslmServer; IdServerIOHandlerSSLOpenSSL1.SSLOptions.SSLVersions := [sslvTLSv1, sslvTLSv1_1, sslvTLSv1_2]; ... procedure TForm1.IdServerIOHandlerSSLOpenSSL1GetPassword(var Password: string); begin Password := '123456'; end; ... procedure TForm1.IdHTTPServer1QuerySSLPort(APort: Word; var VUseSSL: Boolean); // This will not be called when the request is a HTTPS request // It facilitates the use of the server for testing via HTTP://localhost:8080 (i.e. without SSL) begin VUseSSL := (APort <> 8080); end; ... function TForm1.IdServerIOHandlerSSLOpenSSL1VerifyPeer(Certificate: TIdX509; AOk: Boolean; ADepth, AError: Integer): Boolean; begin if ADepth = 0 then Result := AOk else Result := True; end; ... Unfortunately, when I try to connect to https://127.0.0.1:4567 I get an warning (check image). In application I can see messages and exception raised: IdServerIOHandlerSSLOpenSSL1StatusInfo(const AMsg: string); AMsg := SSL status: "before/accept initialization"; AMsg := SSL status: "before/accept initialization"; AMsg := SSL status: "SSLv3 read client hello A"; AMsg := SSL status: "SSLv3 write server hello A"; AMsg := SSL status: "SSLv3 write certificate A"; AMsg := SSL status: "SSLv3 write server done A"; AMsg := SSL status: "SSLv3 flush data"; AMsg := SSL status: "SSLv3 read client certificate A"; AMsg := SSL status: "SSLv3 read client key exchange A"; AMsg := SSL status: "error"; 127.0.0.1:55810 Stat Disconnected. IdHTTPServer1Exception(AContext: TIdContext; AException: Exception); EIdOSSLUnderlyingCryptoError: Error accepting connection with SSL. error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown Am I doing something wrong or I am missing something? Why I can't connect to IP address without warning?

On Server Side I have been successfully using TSslFtpServer (Delphi Seattle) with IcsHosts for SSL From Client Side I PUT a File , Check Size after Copy & Finally Rename the File. All this has worked fine for years. My Server Side Exe was 32 Bit. Now I want to make it 64Bit Exe. From Client side Copy takes place , Size checking takes place but Rename does not happen. I get the error 450 File '/c:/Sample/Abc.txt' can't be renamed 64 Bit works fine without SSL

Dear All, I'm not versed in HTTP a SSL, so excuse-me if I make any confusion. A FMX project I'm working on demands GET, POST, FTP and email receiving and parsing capabilities. I started with a simple GET do a HTTPS server, so I dropped a TIdHTTP and a TIdSSLIOHandlerSocketOpenSSL components in a bare form and configured as follows: IdHTTP1.Request.ContentType := 'application/x-www-form-urlencoded'; IdHTTP1.IOHandler := IdSSLIOHandler; IdSSLIOHandler1.SSLOptions.SSLVersions := [sslvTLSv1, sslvTLSv1_1, sslvTLSv1_2]; IdSSLIOHandler1.SSLOptions.SSLMode apparently has no impact and then called IdHTTP1.Get(<https url>); In the application executable folder there are 3 files: libeay32.dll, ssleay32.dll and the application executable. The GET method raises an exception EIdHTTPProtocolException with the message 'HTTP/1.1 403 Forbidden', so I think I'm missing something very basic because the <https url> works in the browser, I just could't figure it out what that would be by going through both component's properties. Can you help me? Also, a long time ago I needed to use Indy in a project, and there were paid support available. Is there nowadays? As I said before, this line of work is not my strong suit and I don't want to be the PITA I'll probably be - I think I'll have many more questions. Best regards & TIA Carlos

I am using ICS TSslFTPServer (FtpSslType=ftpAuthTls,ftpAuthSsl) and TSslWSocketServer (SslEnable=True) on my Server side application along with TSslContext wherein I am pointing to SslPrivKeyFile and SslCertFile to your sample 01key.pem and 01cert.pem respectively. My Client Application connects and all is well. problem-1) If I try to change the certificates to another of your provided examples or If I build with OpenSSL it gives error 'Can't read certificate file ... error:0909006C:PEM routines:get_name:no start line' problem-2) Using SSL I lose compatibility with WinXP and probably with Vista too. Is there a workaround ? (Angus has suggested me to use the IcsHosts property instead of SslContext but I will need to do more work to get it working for me, hope I am using above mentioned components properly to begin with SSL) (How I generated my own PEM files openssl genpkey -aes256 -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -out 01key.pem openssl pkey -in 01key.pem -out 01cert.pem -pubout)

I am using TSslFtpServer , TSslWSocketServer along with TSSLContext component successfully when using the SslCAFile , SslCertFile and SslPrivateKeyFile properties to point to files on the Hard Disk. I noticed there are matching SslCALines , SslCertLines and SslPrivateKeyLines . I filled these properties with text from the corresponding files but it did not work. I am asking this because I would prefer not to expose the Certificate files.

Hi, I am using ICS TFTPServer and TWSocketServer on my Server side application (Delphi Seattle). I want to use SSL to secure the connections. This question is more related to SSL rather than ICS. I have read on SSL and checked the Demo programs too. I yet need some clarity. Mine is a backup application and will be sending critical data over the WAN. If I generate my own certificates via OpenSSL where do I keep the PEM files for the ICS Server components to access ? Should I generate a different PEM file per customer upon installation or can I supply a common one ? I files are large can I have only password exchanged secretly and data without encryption (My data is already compressed with AES ) ? Regards Allan (Thanks for all the new features in ICS)

Can someone help me? We are having a bug (access violation) with SSL (HTTPS support) only in 64bits. My current Overbyte ICS version is 8.63. The bug is attached image. {* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *} { V8.57 convert wire-format concactanted length prefixed strings to TStrings } function IcsWireFmtToStrList(Buffer: TBytes; Len: Integer; SList: TStrings): Integer; var offset, mylen: integer; AStr: AnsiString; begin Result := 0; if NOT Assigned(SList) then Exit; SList.Clear; offset := 0; while offset < Len do begin mylen := Buffer[offset]; if mylen = 0 then Exit; // illegal offset := offset + 1; SetLength(AStr, mylen); Move(Buffer[offset], AStr[1], mylen); SList.Add(String(AStr)); offset := offset + mylen; end; Result := Slist.Count; end;

Hi, I use TSslFtpClient component for connecting to a server via SSL (TSL connections), and also TSslContext and TSslAvlSessionCache. I can connect and trasfer some file, but after a while (7/8 seconds, and about 145 files) the session (not the connection) closes, so I close also the connection and restart it. I would know if is it possible avoid expire the session and do a reconnect to the server. I have to transfer also thousands of file at a time Thanks in advance PS: if I try to copy many file with the OverbyteIcsXferTst1 example, that use TIcsFtpMulti, It give me "FTP Session Closed - Connection reset by peer (#10054)" after only having transferred 45 files