mvanrijnen 123 Posted July 14, 2022 (edited) * Same executing code * Made sure i have the same OpenSSL Dll's * Made sure calling the same URL In production i get the following exception: EIdOSSLUnderlyingCryptoError : Error connecting with SSL. error:1408E0F4:SSL routines:SSL3_GET_MESSAGE:unexpected message In the development environment it works perfectly (ofcourse 🙂 ). Anyone any idea, what could be the problem here ? My code for creating the idhttp component: procedure THSJSonApiClient.InitHTTP; begin fhttp := TIdHTTP.Create(nil); if UseSSL then begin fopenssl := TIdSSLIOHandlerSocketOpenSSL.Create(nil); //fopenssl.SSLOptions.Method := sslvSSLv23; fopenssl.SSLOptions.VerifyMode := []; fopenssl.SSLOptions.VerifyDepth := 0; fopenssl.SSLOptions.SSLVersions := [sslvTLSv1_2, sslvTLSv1_1, sslvTLSv1]; fopenssl.PassThrough := False; fhttp.IOHandler := fopenssl; end; fhttp.handleredirects := True; {$IFDEF DEBUG} flog := TIdLogEvent.Create(nil); flog.ReplaceCRLF := False; flog.LogTime := False; flog.Active := True; flog.OnReceived := CatchLogReceived; flog.OnSent := CatchLogSent; flog.OnStatus := CatchLogStatus; fhttp.Intercept := flog; {$ENDIF} end; Edited July 14, 2022 by mvanrijnen Share this post Link to post
haentschman 92 Posted July 14, 2022 Hi... Quote * Made sure i have the same OpenSSL Dll's ...location of the dll? Share this post Link to post
mvanrijnen 123 Posted July 14, 2022 (edited) 1 hour ago, haentschman said: Hi... ...location of the dll? Yes, that differs, in the production environment they are next to the executable (checked it with process explorer), in development they are in a folder which is in the Path var. (gonna check again now 🙂 , to be sure) Big difference is the firewall,, production has a corporate Bitdefender installed, where on development we are on std Windows Defender (Windows 11) Edited July 14, 2022 by mvanrijnen Share this post Link to post
haentschman 92 Posted July 14, 2022 Quote Bitdefender installed ...why? 🤢 (only my opinion) Share this post Link to post
mvanrijnen 123 Posted July 14, 2022 1 minute ago, haentschman said: ...why? 🤢 (only my opinion) It's not my decision, but why not ? 😉 (It's AV/Malware/Randsomware protection) Share this post Link to post
haentschman 92 Posted July 14, 2022 Quote but why not i had problems with this...Windows Defender is imho good and enough... ...but now back to the topic. Share this post Link to post
Fr0sT.Brutal 900 Posted July 14, 2022 Try to connect with openssl only like advised here https://github.com/openssl/openssl/issues/17386 Probably corp FW intercepts your TLS? Share this post Link to post
mvanrijnen 123 Posted July 14, 2022 42 minutes ago, Fr0sT.Brutal said: Try to connect with openssl only like advised here https://github.com/openssl/openssl/issues/17386 Probably corp FW intercepts your TLS? ok, on the same machine, i get (from the commandline) the following: Command: C:\Program Files (x86)\OpenSSL\openssl-1.0.2q>openssl s_client -connect auth.smaapis.de:443 -tls1_2 -msg Output: WARNING: can't open config file: /usr/local/ssl/openssl.cnf CONNECTED(000001F0) >>> ??? [length 0005] 16 03 01 01 2e >>> TLS 1.2 Handshake [length 012e], ClientHello 01 00 01 2a 03 03 9d 62 3b 3a bc ae 50 5a 13 0a ac 40 42 fe 3c c1 f4 e9 b7 23 64 ba d3 dc cb 8e b4 81 9c d2 76 6e 00 00 ac c0 30 c0 2c c0 28 c0 24 c0 14 c0 0a 00 a5 00 a3 00 a1 00 9f 00 6b 00 6a 00 69 00 68 00 39 00 38 00 37 00 36 00 88 00 87 00 86 00 85 c0 32 c0 2e c0 2a c0 26 c0 0f c0 05 00 9d 00 3d 00 35 00 84 c0 2f c0 2b c0 27 c0 23 c0 13 c0 09 00 a4 00 a2 00 a0 00 9e 00 67 00 40 00 3f 00 3e 00 33 00 32 00 31 00 30 00 9a 00 99 00 98 00 97 00 45 00 44 00 43 00 42 c0 31 c0 2d c0 29 c0 25 c0 0e c0 04 00 9c 00 3c 00 2f 00 96 00 41 00 07 c0 11 c0 07 c0 0c c0 02 00 05 00 04 c0 12 c0 08 00 16 00 13 00 10 00 0d c0 0d c0 03 00 0a 00 ff 01 00 00 55 00 0b 00 04 03 00 01 02 00 0a 00 1c 00 1a 00 17 00 19 00 1c 00 1b 00 18 00 1a 00 16 00 0e 00 0d 00 0b 00 0c 00 09 00 0a 00 23 00 00 00 0d 00 20 00 1e 06 01 06 02 06 03 05 01 05 02 05 03 04 01 04 02 04 03 03 01 03 02 03 03 02 01 02 02 02 03 00 0f 00 01 01 <<< ??? [length 0005] 16 03 03 00 57 <<< TLS 1.2 Handshake [length 0057], ServerHello 02 00 00 53 03 03 97 3d 79 95 74 54 d1 67 08 99 87 d0 23 bc af 0c c8 57 b4 07 37 12 3d ee 4d 3c 31 d9 dc 14 f2 90 20 20 ff 53 89 55 a3 a6 cc c9 86 33 6c 7c ab 0e 15 be 4f a8 48 1b ed 9b 62 27 9b da 83 cc bb de a5 c0 30 00 00 0b ff 01 00 01 00 00 0b 00 02 01 00 <<< ??? [length 0005] 16 03 03 0f af <<< TLS 1.2 Handshake [length 0faf], Certificate 0b 00 0f ab 00 0f a8 00 05 21 30 82 05 1d 30 82 04 05 a0 03 02 01 02 02 12 04 dc 4a 7c 47 5e 2d 7f eb 52 b0 a2 f3 23 f5 ba 5f 62 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 32 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 16 30 14 06 03 55 04 0a 13 0d 4c 65 74 27 73 20 45 6e 63 72 79 70 74 31 0b 30 09 06 03 55 04 03 13 02 52 33 30 1e 17 0d 32 32 30 36 32 38 30 35 32 38 33 30 5a 17 0d 32 32 30 39 32 36 30 35 32 38 32 39 5a 30 17 31 15 30 13 06 03 55 04 03 0c 0c 2a 2e 73 6d 61 61 70 69 73 2e 64 65 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 ce 9b b8 3c 30 8f c9 73 32 79 93 ba b1 2a b9 98 0f 63 df 22 6e 60 81 2d fa d9 54 e8 29 4d 79 37 e6 68 79 df e9 be f1 a2 fd e2 3b 7e 5d 98 5d cc 3d 14 dd f6 3b 57 f5 42 30 26 c8 22 74 26 84 0c 12 eb 82 b2 c5 10 11 55 44 18 19 e1 d1 ce 1c d1 fa a2 99 9b 2a 81 26 40 ca 6b fc 24 88 ee 0a 5b 90 ca e6 23 95 b8 f3 09 92 a4 e9 74 71 d7 d1 fc 69 3a a1 cd 0a 11 85 33 14 10 d7 cb e1 8c 78 10 06 7f 23 f6 c7 33 88 ec 99 cd 0d 08 70 23 5b 98 02 f4 6a e3 82 17 c5 c3 0a 8b fa 4a b5 67 1b 8a b6 47 9a 1c 81 a1 d1 db 34 55 05 48 a9 52 05 fd 8b 28 3a 49 6a 02 62 a5 92 63 2e 90 e9 cf 29 21 0b c1 cc 0b ba 80 98 76 48 5f 93 ed 96 63 00 5c 9d ce 97 e3 79 67 9a ac 2e f1 83 75 2e 4f c2 0d 11 71 21 82 c5 3f 88 53 41 2e 3d 0c 4b 00 c4 bd b4 f4 72 5b 7b 2e e3 7e d2 37 b9 cd 99 a6 97 a7 02 03 01 00 01 a3 82 02 46 30 82 02 42 30 0e 06 03 55 1d 0f 01 01 ff 04 04 03 02 05 a0 30 1d 06 03 55 1d 25 04 16 30 14 06 08 2b 06 01 05 05 07 03 01 06 08 2b 06 01 05 05 07 03 02 30 0c 06 03 55 1d 13 01 01 ff 04 02 30 00 30 1d 06 03 55 1d 0e 04 16 04 14 04 b9 33 0e bd 43 bc e1 ca 1d b1 1f f3 38 9e 58 41 ba 4e e0 30 1f 06 03 55 1d 23 04 18 30 16 80 14 14 2e b3 17 b7 58 56 cb ae 50 09 40 e6 1f af 9d 8b 14 c2 c6 30 55 06 08 2b 06 01 05 05 07 01 01 04 49 30 47 30 21 06 08 2b 06 01 05 05 07 30 01 86 15 68 74 74 70 3a 2f 2f 72 33 2e 6f 2e 6c 65 6e 63 72 2e 6f 72 67 30 22 06 08 2b 06 01 05 05 07 30 02 86 16 68 74 74 70 3a 2f 2f 72 33 2e 69 2e 6c 65 6e 63 72 2e 6f 72 67 2f 30 17 06 03 55 1d 11 04 10 30 0e 82 0c 2a 2e 73 6d 61 61 70 69 73 2e 64 65 30 4c 06 03 55 1d 20 04 45 30 43 30 08 06 06 67 81 0c 01 02 01 30 37 06 0b 2b 06 01 04 01 82 df 13 01 01 01 30 28 30 26 06 08 2b 06 01 05 05 07 02 01 16 1a 68 74 74 70 3a 2f 2f 63 70 73 2e 6c 65 74 73 65 6e 63 72 79 70 74 2e 6f 72 67 30 82 01 03 06 0a 2b 06 01 04 01 d6 79 02 04 02 04 81 f4 04 81 f1 00 ef 00 76 00 41 c8 ca b1 df 22 46 4a 10 c6 a1 3a 09 42 87 5e 4e 31 8b 1b 03 eb eb 4b c7 68 f0 90 62 96 06 f6 00 00 01 81 a8 ff 45 b0 00 00 04 03 00 47 30 45 02 21 00 c7 53 c1 14 cf a9 a6 a6 fc 87 14 9d b6 7e 24 b7 10 1a 89 a7 f3 ae 68 d1 60 0e 34 4c e2 54 9e 67 02 20 6c 3d ab 77 d5 37 d7 a6 26 3d 69 7d 4b da 93 a0 bf 6e 4d 73 7b 1b ef 1a d6 09 3d 07 83 b9 b6 72 00 75 00 46 a5 55 eb 75 fa 91 20 30 b5 a2 89 69 f4 f3 7d 11 2c 41 74 be fd 49 b8 85 ab f2 fc 70 fe 6d 47 00 00 01 81 a8 ff 45 b8 00 00 04 03 00 46 30 44 02 20 18 b7 40 8e 3c 3b 31 6d ed 71 7f af 4b 6c 49 10 e0 39 48 98 58 cf 9a ed e9 0f fe 9d 40 ef b2 2f 02 20 01 09 60 b9 20 58 2d dd 4e 82 62 95 5c 94 aa 45 b8 96 78 98 38 e3 41 5a 8e cf 30 ac 25 70 5a 9f 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 03 82 01 01 00 15 80 3e 2e 2c ce 37 05 4e 7a 20 ef c5 90 4b 7f 39 84 86 0b 53 85 17 c4 92 c1 4b c8 77 8d 2a 12 d1 98 81 8f d6 56 6a fd 30 f6 45 e5 5f 34 ae 4c 05 e9 ba d5 49 3f 43 f1 c9 b2 42 6b 29 e6 90 da e8 ba b0 b1 b4 79 6f bb 68 ee 29 4d 8b be 7c b2 f0 b6 9a f3 f2 0f d5 c5 94 9a 29 66 e9 e2 cb a0 24 fa 2a ef 3c 0c ec 84 de c3 72 ee d9 a8 7b 07 ce 16 29 7f 83 ae aa ba ce 75 7b c3 4d 5e 68 d9 c5 a5 d4 91 06 db d4 f2 9d 45 a2 a5 eb 21 c2 fd fc 85 f5 55 3c ad 60 31 3b 2a 68 40 40 26 a4 f4 9b 89 e3 75 c8 13 cb a3 ad da 86 b0 51 e8 9a 4a 26 71 3d 8f 1f ae 71 24 c5 02 84 25 ed ce b8 80 f8 f9 cd 09 f5 f0 f8 1f 0a e0 85 f9 21 ae 0c 22 b8 02 56 8b 96 a0 11 d1 da a8 e1 b3 d3 82 4f 01 42 6e 59 2b 23 59 6a 3a 0e 98 0e e3 f6 3b ab b6 66 02 bc 48 59 73 53 00 79 fa 71 9b 91 56 7b 5f 00 05 1a 30 82 05 16 30 82 02 fe a0 03 02 01 02 02 11 00 91 2b 08 4a cf 0c 18 a7 53 f6 d6 2e 25 a7 5f 5a 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 4f 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 29 30 27 06 03 55 04 0a 13 20 49 6e 74 65 72 6e 65 74 20 53 65 63 75 72 69 74 79 20 52 65 73 65 61 72 63 68 20 47 72 6f 75 70 31 15 30 13 06 03 55 04 03 13 0c 49 53 52 47 20 52 6f 6f 74 20 58 31 30 1e 17 0d 32 30 30 39 30 34 30 30 30 30 30 30 5a 17 0d 32 35 30 39 31 35 31 36 30 30 30 30 5a 30 32 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 16 30 14 06 03 55 04 0a 13 0d 4c 65 74 27 73 20 45 6e 63 72 79 70 74 31 0b 30 09 06 03 55 04 03 13 02 52 33 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 bb 02 15 28 cc f6 a0 94 d3 0f 12 ec 8d 55 92 c3 f8 82 f1 99 a6 7a 42 88 a7 5d 26 aa b5 2b b9 c5 4c b1 af 8e 6b f9 75 c8 a3 d7 0f 47 94 14 55 35 57 8c 9e a8 a2 39 19 f5 82 3c 42 a9 4e 6e f5 3b c3 2e db 8d c0 b0 5c f3 59 38 e7 ed cf 69 f0 5a 0b 1b be c0 94 24 25 87 fa 37 71 b3 13 e7 1c ac e1 9b ef db e4 3b 45 52 45 96 a9 c1 53 ce 34 c8 52 ee b5 ae ed 8f de 60 70 e2 a5 54 ab b6 6d 0e 97 a5 40 34 6b 2b d3 bc 66 eb 66 34 7c fa 6b 8b 8f 57 29 99 f8 30 17 5d ba 72 6f fb 81 c5 ad d2 86 58 3d 17 c7 e7 09 bb f1 2b f7 86 dc c1 da 71 5d d4 46 e3 cc ad 25 c1 88 bc 60 67 75 66 b3 f1 18 f7 a2 5c e6 53 ff 3a 88 b6 47 a5 ff 13 18 ea 98 09 77 3f 9d 53 f9 cf 01 e5 f5 a6 70 17 14 af 63 a4 ff 99 b3 93 9d dc 53 a7 06 fe 48 85 1d a1 69 ae 25 75 bb 13 cc 52 03 f5 ed 51 a1 8b db 15 02 03 01 00 01 a3 82 01 08 30 82 01 04 30 0e 06 03 55 1d 0f 01 01 ff 04 04 03 02 01 86 30 1d 06 03 55 1d 25 04 16 30 14 06 08 2b 06 01 05 05 07 03 02 06 08 2b 06 01 05 05 07 03 01 30 12 06 03 55 1d 13 01 01 ff 04 08 30 06 01 01 ff 02 01 00 30 1d 06 03 55 1d 0e 04 16 04 14 14 2e b3 17 b7 58 56 cb ae 50 09 40 e6 1f af 9d 8b 14 c2 c6 30 1f 06 03 55 1d 23 04 18 30 16 80 14 79 b4 59 e6 7b b6 e5 e4 01 73 80 08 88 c8 1a 58 f6 e9 9b 6e 30 32 06 08 2b 06 01 05 05 07 01 01 04 26 30 24 30 22 06 08 2b 06 01 05 05 07 30 02 86 16 68 74 74 70 3a 2f 2f 78 31 2e 69 2e 6c 65 6e 63 72 2e 6f 72 67 2f 30 27 06 03 55 1d 1f 04 20 30 1e 30 1c a0 1a a0 18 86 16 68 74 74 70 3a 2f 2f 78 31 2e 63 2e 6c 65 6e 63 72 2e 6f 72 67 2f 30 22 06 03 55 1d 20 04 1b 30 19 30 08 06 06 67 81 0c 01 02 01 30 0d 06 0b 2b 06 01 04 01 82 df 13 01 01 01 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 03 82 02 01 00 85 ca 4e 47 3e a3 f7 85 44 85 bc d5 67 78 b2 98 63 ad 75 4d 1e 96 3d 33 65 72 54 2d 81 a0 ea c3 ed f8 20 bf 5f cc b7 70 00 b7 6e 3b f6 5e 94 de e4 20 9f a6 ef 8b b2 03 e7 a2 b5 16 3c 91 ce b4 ed 39 02 e7 7c 25 8a 47 e6 65 6e 3f 46 f4 d9 f0 ce 94 2b ee 54 ce 12 bc 8c 27 4b b8 c1 98 2f a2 af cd 71 91 4a 08 b7 c8 b8 23 7b 04 2d 08 f9 08 57 3e 83 d9 04 33 0a 47 21 78 09 82 27 c3 2a c8 9b b9 ce 5c f2 64 c8 c0 be 79 c0 4f 8e 6d 44 0c 5e 92 bb 2e f7 8b 10 e1 e8 1d 44 29 db 59 20 ed 63 b9 21 f8 12 26 94 93 57 a0 1d 65 04 c1 0a 22 ae 10 0d 43 97 a1 18 1f 7e e0 e0 86 37 b5 5a b1 bd 30 bf 87 6e 2b 2a ff 21 4e 1b 05 c3 f5 18 97 f0 5e ac c3 a5 b8 6a f0 2e bc 3b 33 b9 ee 4b de cc fc e4 af 84 0b 86 3f c0 55 43 36 f6 68 e1 36 17 6a 8e 99 d1 ff a5 40 a7 34 b7 c0 d0 63 39 35 39 75 6e f2 ba 76 c8 93 02 e9 a9 4b 6c 17 ce 0c 02 d9 bd 81 fb 9f b7 68 d4 06 65 b3 82 3d 77 53 f8 8e 79 03 ad 0a 31 07 75 2a 43 d8 55 97 72 c4 29 0e f7 c4 5d 4e c8 ae 46 84 30 d7 f2 85 5f 18 a1 79 bb e7 5e 70 8b 07 e1 86 93 c3 b9 8f dc 61 71 25 2a af df ed 25 50 52 68 8b 92 dc e5 d6 b5 e3 da 7d d0 87 6c 84 21 31 ae 82 f5 fb b9 ab c8 89 17 3d e1 4c e5 38 0e f6 bd 2b bd 96 81 14 eb d5 db 3d 20 a7 7e 59 d3 e2 f8 58 f9 5b b8 48 cd fe 5c 4f 16 29 fe 1e 55 23 af c8 11 b0 8d ea 7c 93 90 17 2f fd ac a2 09 47 46 3f f0 e9 b0 b7 ff 28 4d 68 32 d6 67 5e 1e 69 a3 93 b8 f5 9d 8b 2f 0b d2 52 43 a6 6f 32 57 65 4d 32 81 df 38 53 85 5d 7e 5d 66 29 ea b8 dd e4 95 b5 cd b5 56 12 42 cd c4 4e c6 25 38 44 50 6d ec ce 00 55 18 fe e9 49 64 d4 4e ca 97 9c b4 5b c0 73 a8 ab b8 47 c2 00 05 64 30 82 05 60 30 82 04 48 a0 03 02 01 02 02 10 40 01 77 21 37 d4 e9 42 b8 ee 76 aa 3c 64 0a b7 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 3f 31 24 30 22 06 03 55 04 0a 13 1b 44 69 67 69 74 61 6c 20 53 69 67 6e 61 74 75 72 65 20 54 72 75 73 74 20 43 6f 2e 31 17 30 15 06 03 55 04 03 13 0e 44 53 54 20 52 6f 6f 74 20 43 41 20 58 33 30 1e 17 0d 32 31 30 31 32 30 31 39 31 34 30 33 5a 17 0d 32 34 30 39 33 30 31 38 31 34 30 33 5a 30 4f 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 29 30 27 06 03 55 04 0a 13 20 49 6e 74 65 72 6e 65 74 20 53 65 63 75 72 69 74 79 20 52 65 73 65 61 72 63 68 20 47 72 6f 75 70 31 15 30 13 06 03 55 04 03 13 0c 49 53 52 47 20 52 6f 6f 74 20 58 31 30 82 02 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 02 0f 00 30 82 02 0a 02 82 02 01 00 ad e8 24 73 f4 14 37 f3 9b 9e 2b 57 28 1c 87 be dc b7 df 38 90 8c 6e 3c e6 57 a0 78 f7 75 c2 a2 fe f5 6a 6e f6 00 4f 28 db de 68 86 6c 44 93 b6 b1 63 fd 14 12 6b bf 1f d2 ea 31 9b 21 7e d1 33 3c ba 48 f5 dd 79 df b3 b8 ff 12 f1 21 9a 4b c1 8a 86 71 69 4a 66 66 6c 8f 7e 3c 70 bf ad 29 22 06 f3 e4 c0 e6 80 ae e2 4b 8f b7 99 7e 94 03 9f d3 47 97 7c 99 48 23 53 e8 38 ae 4f 0a 6f 83 2e d1 49 57 8c 80 74 b6 da 2f d0 38 8d 7b 03 70 21 1b 75 f2 30 3c fa 8f ae dd da 63 ab eb 16 4f c2 8e 11 4b 7e cf 0b e8 ff b5 77 2e f4 b2 7b 4a e0 4c 12 25 0c 70 8d 03 29 a0 e1 53 24 ec 13 d9 ee 19 bf 10 b3 4a 8c 3f 89 a3 61 51 de ac 87 07 94 f4 63 71 ec 2e e2 6f 5b 98 81 e1 89 5c 34 79 6c 76 ef 3b 90 62 79 e6 db a4 9a 2f 26 c5 d0 10 e1 0e de d9 10 8e 16 fb b7 f7 a8 f7 c7 e5 02 07 98 8f 36 08 95 e7 e2 37 96 0d 36 75 9e fb 0e 72 b1 1d 9b bc 03 f9 49 05 d8 81 dd 05 b4 2a d6 41 e9 ac 01 76 95 0a 0f d8 df d5 bd 12 1f 35 2f 28 17 6c d2 98 c1 a8 09 64 77 6e 47 37 ba ce ac 59 5e 68 9d 7f 72 d6 89 c5 06 41 29 3e 59 3e dd 26 f5 24 c9 11 a7 5a a3 4c 40 1f 46 a1 99 b5 a7 3a 51 6e 86 3b 9e 7d 72 a7 12 05 78 59 ed 3e 51 78 15 0b 03 8f 8d d0 2f 05 b2 3e 7b 4a 1c 4b 73 05 12 fc c6 ea e0 50 13 7c 43 93 74 b3 ca 74 e7 8e 1f 01 08 d0 30 d4 5b 71 36 b4 07 ba c1 30 30 5c 48 b7 82 3b 98 a6 7d 60 8a a2 a3 29 82 cc ba bd 83 04 1b a2 83 03 41 a1 d6 05 f1 1b c2 b6 f0 a8 7c 86 3b 46 a8 48 2a 88 dc 76 9a 76 bf 1f 6a a5 3d 19 8f eb 38 f3 64 de c8 2b 0d 0a 28 ff f7 db e2 15 42 d4 22 d0 27 5d e1 79 fe 18 e7 70 88 ad 4e e6 d9 8b 3a c6 dd 27 51 6e ff bc 64 f5 33 43 4f 02 03 01 00 01 a3 82 01 46 30 82 01 42 30 0f 06 03 55 1d 13 01 01 ff 04 05 30 03 01 01 ff 30 0e 06 03 55 1d 0f 01 01 ff 04 04 03 02 01 06 30 4b 06 08 2b 06 01 05 05 07 01 01 04 3f 30 3d 30 3b 06 08 2b 06 01 05 05 07 30 02 86 2f 68 74 74 70 3a 2f 2f 61 70 70 73 2e 69 64 65 6e 74 72 75 73 74 2e 63 6f 6d 2f 72 6f 6f 74 73 2f 64 73 74 72 6f 6f 74 63 61 78 33 2e 70 37 63 30 1f 06 03 55 1d 23 04 18 30 16 80 14 c4 a7 b1 a4 7b 2c 71 fa db e1 4b 90 75 ff c4 15 60 85 89 10 30 54 06 03 55 1d 20 04 4d 30 4b 30 08 06 06 67 81 0c 01 02 01 30 3f 06 0b 2b 06 01 04 01 82 df 13 01 01 01 30 30 30 2e 06 08 2b 06 01 05 05 07 02 01 16 22 68 74 74 70 3a 2f 2f 63 70 73 2e 72 6f 6f 74 2d 78 31 2e 6c 65 74 73 65 6e 63 72 79 70 74 2e 6f 72 67 30 3c 06 03 55 1d 1f 04 35 30 33 30 31 a0 2f a0 2d 86 2b 68 74 74 70 3a 2f 2f 63 72 6c 2e 69 64 65 6e 74 72 75 73 74 2e 63 6f 6d 2f 44 53 54 52 4f 4f 54 43 41 58 33 43 52 4c 2e 63 72 6c 30 1d 06 03 55 1d 0e 04 16 04 14 79 b4 59 e6 7b b6 e5 e4 01 73 80 08 88 c8 1a 58 f6 e9 9b 6e 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 03 82 01 01 00 0a 73 00 6c 96 6e ff 0e 52 d0 ae dd 8c e7 5a 06 ad 2f a8 e3 8f bf c9 0a 03 15 50 c2 e5 6c 42 bb 6f 9b f4 b4 4f c2 44 88 08 75 cc eb 07 9b 14 62 6e 78 de ec 27 ba 39 5c f5 a2 a1 6e 56 94 70 10 53 b1 bb e4 af d0 a2 c3 2b 01 d4 96 f4 c5 20 35 33 f9 d8 61 36 e0 71 8d b4 b8 b5 aa 82 45 95 c0 f2 a9 23 28 e7 d6 a1 cb 67 08 da a0 43 2c aa 1b 93 1f c9 de f5 ab 69 5d 13 f5 5b 86 58 22 ca 4d 55 e4 70 67 6d c2 57 c5 46 39 41 cf 8a 58 83 58 6d 99 fe 57 e8 36 0e f0 0e 23 aa fd 88 97 d0 e3 5c 0e 94 49 b5 b5 17 35 d2 2e bf 4e 85 ef 18 e0 85 92 eb 06 3b 6c 29 23 09 60 dc 45 02 4c 12 18 3b e9 fb 0e de dc 44 f8 58 98 ae ea bd 45 45 a1 88 5d 66 ca fe 10 e9 6f 82 c8 11 42 0d fb e9 ec e3 86 00 de 9d 10 e3 38 fa a4 7d b1 d8 e8 49 82 84 06 9b 2b e8 6b 4f 01 0c 38 77 2e f9 dd e7 39 depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1 verify error:num=20:unable to get local issuer certificate <<< ??? [length 0005] 16 03 03 01 4d <<< TLS 1.2 Handshake [length 014d], ServerKeyExchange 0c 00 01 49 03 00 17 41 04 60 f9 52 4e e7 05 78 43 5e 2f 91 e9 fe 5e 52 5f aa cf 91 ca e0 57 b0 86 b4 3f e2 86 44 9a 57 55 a1 c3 c9 94 80 39 9e 4b 14 24 ad f1 60 4e d5 a5 ec 4b 11 cc 31 4e 61 b6 2a 38 9e e6 ec 32 34 28 04 01 01 00 0b 3b 6b 23 cd 7e 66 c4 8a 77 91 56 c6 4a 2c 1b b2 83 cc d0 a3 e5 f4 23 57 54 05 63 b0 45 c9 43 8a 4a 54 df 5d 76 18 67 26 e7 00 7e 06 66 39 77 79 b1 9b 38 46 13 ae 2e 56 8a 03 08 86 b5 6a f0 c4 a5 11 7e 29 e9 5f af c0 b3 33 4e 9b 4b f5 66 84 a4 61 f7 e4 89 6d 0f e3 30 c7 6e 4d 25 3e 04 b8 b0 3c 27 6f 6c d8 d5 36 fc 21 29 4d 32 8d 1a ae 02 64 aa 13 c7 a6 30 87 30 37 8a 09 c3 92 ac 0a 39 de 11 ee 2e 8d a4 8a 7d 7c 0f 9a 99 37 92 6e 2b 2e 68 15 56 b2 14 be 1b d0 5f 5d 34 d8 bd 02 d4 37 47 04 26 7a 44 47 db 53 ae c6 20 74 41 ca a4 ca 97 c8 25 76 df 8f 1b db f7 4c 5d 81 52 da 81 09 a2 b2 86 76 68 18 6c c1 4d 00 97 ce ee af fd d9 2c 83 f6 16 3d 1c 16 75 66 f0 4a 89 f7 df 65 8e 7c af 3e 64 47 98 c0 57 9c 76 88 51 dc 74 42 88 1c 49 72 a9 91 61 2e c5 fc 27 d1 44 6b <<< ??? [length 0005] 16 03 03 00 04 <<< TLS 1.2 Handshake [length 0004], ServerHelloDone 0e 00 00 00 >>> ??? [length 0005] 16 03 03 00 46 >>> TLS 1.2 Handshake [length 0046], ClientKeyExchange 10 00 00 42 41 04 22 2e 9c f7 b5 0a 6a 91 fc 8e 0c 84 08 5a 83 e9 7b 93 8f fa 01 79 99 b6 55 bb 28 8b 52 e2 fb 04 b4 48 c4 7d 35 5b b7 c8 6f ef 4a 5b 82 0c 58 16 f2 88 62 8e 1e 3a bf 86 84 5d 39 2a 96 1a fc f4 >>> ??? [length 0005] 14 03 03 00 01 >>> TLS 1.2 ChangeCipherSpec [length 0001] 01 >>> ??? [length 0005] 16 03 03 00 28 >>> TLS 1.2 Handshake [length 0010], Finished 14 00 00 0c 12 af c0 b5 bb 4e d0 01 79 23 bc b9 <<< ??? [length 0005] 14 03 03 00 01 <<< TLS 1.2 ChangeCipherSpec [length 0001] 01 <<< ??? [length 0005] 16 03 03 00 28 <<< TLS 1.2 Handshake [length 0010], Finished 14 00 00 0c 71 13 27 cf 5b 36 68 09 36 a1 40 15 --- Certificate chain 0 s:/CN=*.smaapis.de i:/C=US/O=Let's Encrypt/CN=R3 1 s:/C=US/O=Let's Encrypt/CN=R3 i:/C=US/O=Internet Security Research Group/CN=ISRG Root X1 2 s:/C=US/O=Internet Security Research Group/CN=ISRG Root X1 i:/O=Digital Signature Trust Co./CN=DST Root CA X3 --- Server certificate -----BEGIN CERTIFICATE----- MIIFHTCCBAWgAwIBAgISBNxKfEdeLX/rUrCi8yP1ul9iMA0GCSqGSIb3DQEBCwUA MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD EwJSMzAeFw0yMjA2MjgwNTI4MzBaFw0yMjA5MjYwNTI4MjlaMBcxFTATBgNVBAMM DCouc21hYXBpcy5kZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM6b uDwwj8lzMnmTurEquZgPY98ibmCBLfrZVOgpTXk35mh53+m+8aL94jt+XZhdzD0U 3fY7V/VCMCbIInQmhAwS64KyxRARVUQYGeHRzhzR+qKZmyqBJkDKa/wkiO4KW5DK 5iOVuPMJkqTpdHHX0fxpOqHNChGFMxQQ18vhjHgQBn8j9scziOyZzQ0IcCNbmAL0 auOCF8XDCov6SrVnG4q2R5ocgaHR2zRVBUipUgX9iyg6SWoCYqWSYy6Q6c8pIQvB zAu6gJh2SF+T7ZZjAFydzpfjeWearC7xg3UuT8INEXEhgsU/iFNBLj0MSwDEvbT0 clt7LuN+0je5zZmml6cCAwEAAaOCAkYwggJCMA4GA1UdDwEB/wQEAwIFoDAdBgNV HSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4E FgQUBLkzDr1DvOHKHbEf8zieWEG6TuAwHwYDVR0jBBgwFoAUFC6zF7dYVsuuUAlA 5h+vnYsUwsYwVQYIKwYBBQUHAQEESTBHMCEGCCsGAQUFBzABhhVodHRwOi8vcjMu by5sZW5jci5vcmcwIgYIKwYBBQUHMAKGFmh0dHA6Ly9yMy5pLmxlbmNyLm9yZy8w FwYDVR0RBBAwDoIMKi5zbWFhcGlzLmRlMEwGA1UdIARFMEMwCAYGZ4EMAQIBMDcG CysGAQQBgt8TAQEBMCgwJgYIKwYBBQUHAgEWGmh0dHA6Ly9jcHMubGV0c2VuY3J5 cHQub3JnMIIBAwYKKwYBBAHWeQIEAgSB9ASB8QDvAHYAQcjKsd8iRkoQxqE6CUKH Xk4xixsD6+tLx2jwkGKWBvYAAAGBqP9FsAAABAMARzBFAiEAx1PBFM+ppqb8hxSd tn4ktxAaiafzrmjRYA40TOJUnmcCIGw9q3fVN9emJj1pfUvak6C/bk1zexvvGtYJ PQeDubZyAHUARqVV63X6kSAwtaKJafTzfREsQXS+/Um4havy/HD+bUcAAAGBqP9F uAAABAMARjBEAiAYt0COPDsxbe1xf69LbEkQ4DlImFjPmu3pD/6dQO+yLwIgAQlg uSBYLd1OgmKVXJSqRbiWeJg440Fajs8wrCVwWp8wDQYJKoZIhvcNAQELBQADggEB ABWAPi4szjcFTnog78WQS385hIYLU4UXxJLBS8h3jSoS0ZiBj9ZWav0w9kXlXzSu TAXputVJP0PxybJCaynmkNrourCxtHlvu2juKU2Lvnyy8Laa8/IP1cWUmilm6eLL oCT6Ku88DOyE3sNy7tmoewfOFil/g66qus51e8NNXmjZxaXUkQbb1PKdRaKl6yHC /fyF9VU8rWAxOypoQEAmpPSbieN1yBPLo63ahrBR6JpKJnE9jx+ucSTFAoQl7c64 gPj5zQn18PgfCuCF+SGuDCK4AlaLlqAR0dqo4bPTgk8BQm5ZKyNZajoOmA7j9jur tmYCvEhZc1MAefpxm5FWe18= -----END CERTIFICATE----- subject=/CN=*.smaapis.de issuer=/C=US/O=Let's Encrypt/CN=R3 --- No client certificate CA names sent Peer signing digest: SHA256 Server Temp Key: ECDH, P-256, 256 bits --- SSL handshake has read 4510 bytes and written 433 bytes --- New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384 Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-RSA-AES256-GCM-SHA384 Session-ID: 20FF538955A3A6CCC986336C7CAB0E15BE4FA8481BED9B62279BDA83CCBBDEA5 Session-ID-ctx: Master-Key: 6EC1D386DB4941A0AD8592A6E33246E9EF54FF9FB0AEF0D73982317A5D72F5077A8FB4BE41BF38ECC850359ACD47FF5F Key-Arg : None PSK identity: None PSK identity hint: None SRP username: None Start Time: 1657798191 Timeout : 7200 (sec) Verify return code: 20 (unable to get local issuer certificate) Share this post Link to post
Fr0sT.Brutal 900 Posted July 14, 2022 Okay, so we're sure this is not an issue on the openSSL=>network=>server part of chain. Remy your turn 🙂 Share this post Link to post
mvanrijnen 123 Posted July 14, 2022 (edited) Too make things more difficult, the exception is not always occuring in the production environment. In the service there are two ways the method which goes wrong is called, * Automaticly, every day around 18.30, from a seperate thread (cleanup thread) * By hand, called from a client which throws a request in a queue, which is sequelly handled by the service and now i'm typing this, i maybe realsie, that the ApiClient class, is used by mainclass of the service itself, as in the cleanup thread. Could this somehow get in the way? Yes, it can, stupid me 🙂 i see it now. Edited July 14, 2022 by mvanrijnen Share this post Link to post
Remy Lebeau 1398 Posted July 15, 2022 (edited) On 7/14/2022 at 12:08 AM, mvanrijnen said: * Made sure i have the same OpenSSL Dll's Which version of the DLLs are you using, though? TIdSSLIOHandlerSocketOpenSSL supports OpenSSL 1.0.2 or earlier. If you are trying to use OpenSSL 1.1.x or later, you need to use this SSLIOHandler instead: https://github.com/IndySockets/Indy/pulls/299 Quote My code for creating the idhttp component: The only issue I see with that code is you are creating the SSLIOHandler conditionally. You don't need to do that, you can access non-secure HTTP urls even with the SSLIOHandler assigned. TIdHTTP will handle the underlying TCP connection and SSLIOHandler.PassThrough property for you on a per-request basis, (re)connecting and toggling between TLS/non-TLS as needed. Because of that management, when you do create the SSLIOHandler, you don't need to set its PassThrough property manually at all. The SSLIOHandler will also handle loading the OpenSSL DLLs dynamically only when they are actually needed, so if you never request an HTTPS url then the DLLs won't ever get loaded, and PassThrough will always be True. So, I would suggest just getting rid of your UseSSL config option altogether, it is really not necessary. In fact, it will actually cause a runtime error if it is set to False and then you request a non-secure HTTP url that redirects to a secure HTTPS url. So, best to just have the SSLIOHandler assigned unconditionally instead, so it is always ready to go in case it is needed. procedure THSJSonApiClient.InitHTTP; begin fhttp := TIdHTTP.Create(nil); fopenssl := TIdSSLIOHandlerSocketOpenSSL.Create(fhttp); fopenssl.SSLOptions.VerifyMode := []; fopenssl.SSLOptions.VerifyDepth := 0; fopenssl.SSLOptions.SSLVersions := [sslvTLSv1_2, sslvTLSv1_1, sslvTLSv1]; fhttp.IOHandler := fopenssl; fhttp.handleredirects := True; {$IFDEF DEBUG} flog := TIdLogEvent.Create(nil); flog.ReplaceCRLF := False; flog.LogTime := False; flog.Active := True; flog.OnReceived := CatchLogReceived; flog.OnSent := CatchLogSent; flog.OnStatus := CatchLogStatus; fhttp.Intercept := flog; {$ENDIF} end; Edited July 15, 2022 by Remy Lebeau 1 Share this post Link to post