Carsten Eider 0 Posted March 31 Hi, I am connecting to a server vis https on using TSslHttpCli. This works fine, communication is possible. But I have to verify the X509-certificate with another tool. So how can I get the used X509-certificate, sound to me like the public key of the server? Any ideas? Tia Carsten Share this post Link to post
Angus Robertson 630 Posted March 31 PeerCert is a parameter passed in the onSslHandshakeDone event, as illustrated in dozens of samples and components, such as OverbyteIcsHttpsTst1.pas. Angus Share this post Link to post
Carsten Eider 0 Posted March 31 Hi Angus, thx for your hint. My idea was to do the checks after the request have been done. That's why i tried to get the information from SSLContext. Working with " onSslHandshakeDone" but failed for me to. PeerCert looks empty for me, not being a cryptoexpert. In detail I need to get something called "C.FD.TLS-S" , which is meant to be a X509-stuff, as a Base64 string. Share this post Link to post
Angus Robertson 630 Posted March 31 All the HTTPS samples show the certificate for the connection, try one of them and see what you get? PeerCerrt will be blank unless you also set SslVerifyPeer true in the context. No idea what "C.FD.TLS-S" means, TX509 has lots of properties for the numerous parts of the certificate, none of which are base64, you'll have to search. Angus Share this post Link to post
Carsten Eider 0 Posted April 1 Hi Angus, thank you for your very helpful hints. Using the mentioned examples I was able to solve 2 of 4 of my tasks!!!! Great Now I have to verify to normal TLS-Certificates. I tried to use the code for OCSP, but obviously I did not use it corretly. Any further hints on this issue? Tia Carsten Share this post Link to post
Angus Robertson 630 Posted April 1 Again, look at numerous samples and components that verify certificates in different ways, OpenSSL actually does it for you, provided a root bundle is loaded, which is automatic with recent ICS versions. You should be using the TSslHttpRest which means this is all automatic, see the OverbyteIcsHttpRestTst sample. Angus Share this post Link to post
Carsten Eider 0 Posted Thursday at 10:35 AM Hi Angus, is 8.70 such a recent version in meaning of " provided a root bundle is loaded, which is automatic with recent ICS versions." Cheers Carsten Share this post Link to post
Angus Robertson 630 Posted Thursday at 10:55 AM V8.70 was three years ago, so the included in the samples directory will be aging, some will have expired and new ones added since. With that release you had to specify the root bundle to load, while with V9.1 and later the root bundle is loaded automatically when an SSL application starts, so you can mostly ignore them. If you are stuck on an old version, you can download the latest root bundles from https://www.magsys.co.uk/delphi/magics.asp Angus Share this post Link to post
![Delphi-PRAXiS [en]](https://en.delphipraxis.net/uploads/monthly_2018_12/logo.png.be76d93fcd709295cb24de51900e5888.png){kind=logo}
