indy TCP/IP Server with OpenSSL TLS 1.2

[shineworld 68]

After finishing and testing the configuration to have TLS 1.2 on TIdFTPServer I was asked to add OpenSSL and TLS 1.2 also on the API server (based on TIdTCPServer TCP/IP communication).

Unfortunately when I set Active to True, and IdSSLOpenSSL.InitContext is called, in the CiperList settings step it always returns error = 1 and I don't understand what I am doing wrong:

  if StatusInfoOn then begin
    SSL_CTX_set_info_callback(fContext, InfoCallback);
  end;
  //if_SSL_CTX_set_tmp_rsa_callback(hSSLContext, @RSACallback);
  if fCipherList <> '' then begin    {Do not Localize}
    error := SSL_CTX_set_cipher_list(fContext,
      {$IFDEF USE_MARSHALLED_PTRS}
      M.AsAnsi(fCipherList).ToPointer
      {$ELSE}
      PAnsiChar(
        {$IFDEF STRING_IS_ANSI}
        fCipherList
        {$ELSE}
        AnsiString(fCipherList) // explicit cast to Ansi
        {$ENDIF}
      )
      {$ENDIF}
    );
  end else begin
    // RLebeau: don't override OpenSSL's default.  As OpenSSL evolves, the
    // SSL_DEFAULT_CIPHER_LIST constant defined in the C/C++ SDK may change,
    // while Indy's define of it might take some time to catch up.  We don't
    // want users using an older default with newer DLLs...
    (*
    error := SSL_CTX_set_cipher_list(fContext,
      {$IFDEF USE_MARSHALLED_PTRS}
      M.AsAnsi(SSL_DEFAULT_CIPHER_LIST).ToPointer
      {$ELSE}
      SSL_DEFAULT_CIPHER_LIST
      {$ENDIF}
    );
    *)
    error := 1;
  end;

Server code:

https://pastebin.com/z82zhGyQ

I am using the latest Indy sources from the git repository.
I thank you in advance for any suggestions 

Best Regards
Silverio

Edited January 22 by shineworld

[shineworld 68]

I've missed to set PassTrough 🙂
error = 1 stay for OK, another my misunderstanding.
 

https://pastebin.com/f9sEw2eY

Edited January 22 by shineworld

[Lars Fosdal 1732]

Things like GitHub gists or PasteBin entries, are great ways of sharing walls of code.

[shineworld 68]

5 minutes ago, Lars Fosdal said:

Things like GitHub gists or PasteBin entries, are great ways of sharing walls of code.

OK!
Some forums do not permit, by forum rules, to attach external code links.
Next will use Pastebin.
 

[Lars Fosdal 1732]

External code = good.

External binaries = not so much...

 

I am not saying it is a must, but it makes conversations easier to follow if they have dialog instead of many screenfuls of code.

I am really fond of gists, since you can see the changes, fork them, etc. - and you don't need to log into GitHub to be able to see them.

[Lars Fosdal 1732]

Just to exemplify - I made a gist of your two versions of code. 

https://gist.github.com/LarsFosdal/76bf712c46b3b17d185984d5c0c74494/revisions

 

Just say the word and I'll remove the gist again.

[shineworld 68]

Appreciated exemplify.
I need to start using Gist too.

[Remy Lebeau 1260]

6 hours ago, Lars Fosdal said:

Things like GitHub gists or PasteBin entries, are great ways of sharing walls of code.

In the short term, yes.  But on the other hand, external links tend to break over time, which makes discussions harder to follow for future readers who may be looking for solutions to similar problems, if they can't see the code that is being discussed.

[Lars Fosdal 1732]

AFAIK, there is no automatic deletion of these two services, unless someone intentionally delete their account.