TidHTTPServer with SSL in Delphi 10.3.3 and 10.4.2

[Cristian Peța 107]

I have a project using TidHTTPServer on Delphi 10.3.3 using Indy from Delphi installation. SSL libraries 1.0.2u. All is working.

I moved this project to Delphi 10.4.2 and while on http is still working, on https doesn't work anymore.

 

In Fiddler I have his error:

[Fiddler] The connection to 'localhost' failed.
System.Security.SecurityException Failed to negotiate HTTPS connection with server.fiddler.network.https> HTTPS handshake to localhost (for #377) failed. System.IO.IOException Authentication failed because the remote party has closed the transport stream.

 

And in the browser: ERR_TIMED_OUT

 

Here is the code:

var
  ServerSSLIOHandler: TIdServerIOHandlerSSLOpenSSL;
begin

.....

  RootDir := ExtractFilePath(ParamStr(0));
  ServerSSLIOHandler := TIdServerIOHandlerSSLOpenSSL.Create(nil);
  ServerSSLIOhandler.SSLOptions.RootCertFile :=  RootDir + 'root.pem';
  ServerSSLIOhandler.SSLOptions.CertFile := RootDir + 'cert.pem';
  ServerSSLIOhandler.SSLOptions.KeyFile := RootDir + 'key.pem';
  ServerSSLIOhandler.SSLOptions.Method := sslvSSLv23;
  ServerSSLIOhandler.SSLOptions.Mode := sslmServer;
  ServerSSLIOhandler.OnGetPassword := nil;
  ServerSSLIOhandler.OnVerifyPeer := OnVerifyPeer;

  FIdHTTPServer := TIdHTTPServer.Create(nil);
  FIdHTTPServer.IOHandler := ServerSSLIOHandler;
  FIdHTTPServer.DefaultPort := 8000;
  FIdHTTPServer.OnCommandGet := FIdHTTPServerCommandGet;
  FIdHTTPServer.OnCreatePostStream := FIdHTTPServerCreatePostStream;

 

 

 

[Remy Lebeau 1421]

You are not taking this change into account:

 

Behavioral change to HTTPS handling in TIdHTTPServer

 

When using non-default HTTP/S ports (as you are), you need to assign an OnQuerySSLPort event handler to tell TIdHTTPServer which port(s) you want to activate SSL/TLS on.  In the older version, you could get away with not having that handler, but it is required now.

Edited March 1, 2021 by Remy Lebeau