Jump to content
mvanrijnen

TidHTTP [SSL], SSL errors is production, not in developement

By mvanrijnen, in Network, Cloud and Web

Recommended Posts

mvanrijnen    121

mvanrijnen
Posted (edited)

* Same executing code

* Made sure i have the same OpenSSL Dll's

* Made sure calling the same URL 

 

In production i get the following exception: 


EIdOSSLUnderlyingCryptoError : Error connecting with SSL.
error:1408E0F4:SSL routines:SSL3_GET_MESSAGE:unexpected message

In the development environment it works perfectly (ofcourse 🙂 ).

 

Anyone any idea, what could be the problem here ?

 

My code for creating the idhttp component:

  

procedure THSJSonApiClient.InitHTTP;
begin
  fhttp := TIdHTTP.Create(nil);

  if UseSSL then
  begin
    fopenssl := TIdSSLIOHandlerSocketOpenSSL.Create(nil);
    //fopenssl.SSLOptions.Method := sslvSSLv23;
    fopenssl.SSLOptions.VerifyMode := [];
    fopenssl.SSLOptions.VerifyDepth := 0;
    fopenssl.SSLOptions.SSLVersions := [sslvTLSv1_2, sslvTLSv1_1, sslvTLSv1];
    fopenssl.PassThrough := False;
    fhttp.IOHandler := fopenssl;
  end;
  fhttp.handleredirects := True;

 

{$IFDEF DEBUG}
  flog := TIdLogEvent.Create(nil);
  flog.ReplaceCRLF := False;
  flog.LogTime := False;
  flog.Active := True;
  flog.OnReceived := CatchLogReceived;
  flog.OnSent := CatchLogSent;
  flog.OnStatus := CatchLogStatus;
  fhttp.Intercept := flog;
{$ENDIF}
end;

 

 

 

Edited by mvanrijnen

Share this post

Link to post

mvanrijnen    121

mvanrijnen
Posted (edited)
1 hour ago, haentschman said:

Hi...:classic_cool:

...location of the dll?

Yes, that differs, in the production environment they are next to the executable (checked it with process explorer),  in development they are in a folder which is in the Path var.

(gonna check again now 🙂 , to be sure)

 

Big difference is the firewall,, production has a corporate Bitdefender installed, where on development we are on std Windows Defender (Windows 11)

 

 

Edited by mvanrijnen

Share this post

Link to post

mvanrijnen    121

mvanrijnen
Posted
1 minute ago, haentschman said:

...why? 🤢 (only my opinion)

It's not my decision, but why not ? 😉 

(It's AV/Malware/Randsomware protection)

Share this post

Link to post

haentschman    92

haentschman
Posted

:classic_cool:

Quote

but why not

i had problems with this...Windows Defender is imho good and enough...

...but now back to the topic. :classic_cool:

Share this post

Link to post

mvanrijnen    121

mvanrijnen
Posted
42 minutes ago, Fr0sT.Brutal said:

Try to connect with openssl only like advised here https://github.com/openssl/openssl/issues/17386

Probably corp FW intercepts your TLS?

ok, on the same machine, i get (from the commandline) the following:

 

Command: 


C:\Program Files (x86)\OpenSSL\openssl-1.0.2q>openssl s_client -connect auth.smaapis.de:443 -tls1_2 -msg

 

Output:


WARNING: can't open config file: /usr/local/ssl/openssl.cnf
CONNECTED(000001F0)
>>> ??? [length 0005]
    16 03 01 01 2e
>>> TLS 1.2 Handshake [length 012e], ClientHello
    01 00 01 2a 03 03 9d 62 3b 3a bc ae 50 5a 13 0a
    ac 40 42 fe 3c c1 f4 e9 b7 23 64 ba d3 dc cb 8e
    b4 81 9c d2 76 6e 00 00 ac c0 30 c0 2c c0 28 c0
    24 c0 14 c0 0a 00 a5 00 a3 00 a1 00 9f 00 6b 00
    6a 00 69 00 68 00 39 00 38 00 37 00 36 00 88 00
    87 00 86 00 85 c0 32 c0 2e c0 2a c0 26 c0 0f c0
    05 00 9d 00 3d 00 35 00 84 c0 2f c0 2b c0 27 c0
    23 c0 13 c0 09 00 a4 00 a2 00 a0 00 9e 00 67 00
    40 00 3f 00 3e 00 33 00 32 00 31 00 30 00 9a 00
    99 00 98 00 97 00 45 00 44 00 43 00 42 c0 31 c0
    2d c0 29 c0 25 c0 0e c0 04 00 9c 00 3c 00 2f 00
    96 00 41 00 07 c0 11 c0 07 c0 0c c0 02 00 05 00
    04 c0 12 c0 08 00 16 00 13 00 10 00 0d c0 0d c0
    03 00 0a 00 ff 01 00 00 55 00 0b 00 04 03 00 01
    02 00 0a 00 1c 00 1a 00 17 00 19 00 1c 00 1b 00
    18 00 1a 00 16 00 0e 00 0d 00 0b 00 0c 00 09 00
    0a 00 23 00 00 00 0d 00 20 00 1e 06 01 06 02 06
    03 05 01 05 02 05 03 04 01 04 02 04 03 03 01 03
    02 03 03 02 01 02 02 02 03 00 0f 00 01 01
<<< ??? [length 0005]
    16 03 03 00 57
<<< TLS 1.2 Handshake [length 0057], ServerHello
    02 00 00 53 03 03 97 3d 79 95 74 54 d1 67 08 99
    87 d0 23 bc af 0c c8 57 b4 07 37 12 3d ee 4d 3c
    31 d9 dc 14 f2 90 20 20 ff 53 89 55 a3 a6 cc c9
    86 33 6c 7c ab 0e 15 be 4f a8 48 1b ed 9b 62 27
    9b da 83 cc bb de a5 c0 30 00 00 0b ff 01 00 01
    00 00 0b 00 02 01 00
<<< ??? [length 0005]
    16 03 03 0f af
<<< TLS 1.2 Handshake [length 0faf], Certificate
    0b 00 0f ab 00 0f a8 00 05 21 30 82 05 1d 30 82
    04 05 a0 03 02 01 02 02 12 04 dc 4a 7c 47 5e 2d
    7f eb 52 b0 a2 f3 23 f5 ba 5f 62 30 0d 06 09 2a
    86 48 86 f7 0d 01 01 0b 05 00 30 32 31 0b 30 09
    06 03 55 04 06 13 02 55 53 31 16 30 14 06 03 55
    04 0a 13 0d 4c 65 74 27 73 20 45 6e 63 72 79 70
    74 31 0b 30 09 06 03 55 04 03 13 02 52 33 30 1e
    17 0d 32 32 30 36 32 38 30 35 32 38 33 30 5a 17
    0d 32 32 30 39 32 36 30 35 32 38 32 39 5a 30 17
    31 15 30 13 06 03 55 04 03 0c 0c 2a 2e 73 6d 61
    61 70 69 73 2e 64 65 30 82 01 22 30 0d 06 09 2a
    86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30
    82 01 0a 02 82 01 01 00 ce 9b b8 3c 30 8f c9 73
    32 79 93 ba b1 2a b9 98 0f 63 df 22 6e 60 81 2d
    fa d9 54 e8 29 4d 79 37 e6 68 79 df e9 be f1 a2
    fd e2 3b 7e 5d 98 5d cc 3d 14 dd f6 3b 57 f5 42
    30 26 c8 22 74 26 84 0c 12 eb 82 b2 c5 10 11 55
    44 18 19 e1 d1 ce 1c d1 fa a2 99 9b 2a 81 26 40
    ca 6b fc 24 88 ee 0a 5b 90 ca e6 23 95 b8 f3 09
    92 a4 e9 74 71 d7 d1 fc 69 3a a1 cd 0a 11 85 33
    14 10 d7 cb e1 8c 78 10 06 7f 23 f6 c7 33 88 ec
    99 cd 0d 08 70 23 5b 98 02 f4 6a e3 82 17 c5 c3
    0a 8b fa 4a b5 67 1b 8a b6 47 9a 1c 81 a1 d1 db
    34 55 05 48 a9 52 05 fd 8b 28 3a 49 6a 02 62 a5
    92 63 2e 90 e9 cf 29 21 0b c1 cc 0b ba 80 98 76
    48 5f 93 ed 96 63 00 5c 9d ce 97 e3 79 67 9a ac
    2e f1 83 75 2e 4f c2 0d 11 71 21 82 c5 3f 88 53
    41 2e 3d 0c 4b 00 c4 bd b4 f4 72 5b 7b 2e e3 7e
    d2 37 b9 cd 99 a6 97 a7 02 03 01 00 01 a3 82 02
    46 30 82 02 42 30 0e 06 03 55 1d 0f 01 01 ff 04
    04 03 02 05 a0 30 1d 06 03 55 1d 25 04 16 30 14
    06 08 2b 06 01 05 05 07 03 01 06 08 2b 06 01 05
    05 07 03 02 30 0c 06 03 55 1d 13 01 01 ff 04 02
    30 00 30 1d 06 03 55 1d 0e 04 16 04 14 04 b9 33
    0e bd 43 bc e1 ca 1d b1 1f f3 38 9e 58 41 ba 4e
    e0 30 1f 06 03 55 1d 23 04 18 30 16 80 14 14 2e
    b3 17 b7 58 56 cb ae 50 09 40 e6 1f af 9d 8b 14
    c2 c6 30 55 06 08 2b 06 01 05 05 07 01 01 04 49
    30 47 30 21 06 08 2b 06 01 05 05 07 30 01 86 15
    68 74 74 70 3a 2f 2f 72 33 2e 6f 2e 6c 65 6e 63
    72 2e 6f 72 67 30 22 06 08 2b 06 01 05 05 07 30
    02 86 16 68 74 74 70 3a 2f 2f 72 33 2e 69 2e 6c
    65 6e 63 72 2e 6f 72 67 2f 30 17 06 03 55 1d 11
    04 10 30 0e 82 0c 2a 2e 73 6d 61 61 70 69 73 2e
    64 65 30 4c 06 03 55 1d 20 04 45 30 43 30 08 06
    06 67 81 0c 01 02 01 30 37 06 0b 2b 06 01 04 01
    82 df 13 01 01 01 30 28 30 26 06 08 2b 06 01 05
    05 07 02 01 16 1a 68 74 74 70 3a 2f 2f 63 70 73
    2e 6c 65 74 73 65 6e 63 72 79 70 74 2e 6f 72 67
    30 82 01 03 06 0a 2b 06 01 04 01 d6 79 02 04 02
    04 81 f4 04 81 f1 00 ef 00 76 00 41 c8 ca b1 df
    22 46 4a 10 c6 a1 3a 09 42 87 5e 4e 31 8b 1b 03
    eb eb 4b c7 68 f0 90 62 96 06 f6 00 00 01 81 a8
    ff 45 b0 00 00 04 03 00 47 30 45 02 21 00 c7 53
    c1 14 cf a9 a6 a6 fc 87 14 9d b6 7e 24 b7 10 1a
    89 a7 f3 ae 68 d1 60 0e 34 4c e2 54 9e 67 02 20
    6c 3d ab 77 d5 37 d7 a6 26 3d 69 7d 4b da 93 a0
    bf 6e 4d 73 7b 1b ef 1a d6 09 3d 07 83 b9 b6 72
    00 75 00 46 a5 55 eb 75 fa 91 20 30 b5 a2 89 69
    f4 f3 7d 11 2c 41 74 be fd 49 b8 85 ab f2 fc 70
    fe 6d 47 00 00 01 81 a8 ff 45 b8 00 00 04 03 00
    46 30 44 02 20 18 b7 40 8e 3c 3b 31 6d ed 71 7f
    af 4b 6c 49 10 e0 39 48 98 58 cf 9a ed e9 0f fe
    9d 40 ef b2 2f 02 20 01 09 60 b9 20 58 2d dd 4e
    82 62 95 5c 94 aa 45 b8 96 78 98 38 e3 41 5a 8e
    cf 30 ac 25 70 5a 9f 30 0d 06 09 2a 86 48 86 f7
    0d 01 01 0b 05 00 03 82 01 01 00 15 80 3e 2e 2c
    ce 37 05 4e 7a 20 ef c5 90 4b 7f 39 84 86 0b 53
    85 17 c4 92 c1 4b c8 77 8d 2a 12 d1 98 81 8f d6
    56 6a fd 30 f6 45 e5 5f 34 ae 4c 05 e9 ba d5 49
    3f 43 f1 c9 b2 42 6b 29 e6 90 da e8 ba b0 b1 b4
    79 6f bb 68 ee 29 4d 8b be 7c b2 f0 b6 9a f3 f2
    0f d5 c5 94 9a 29 66 e9 e2 cb a0 24 fa 2a ef 3c
    0c ec 84 de c3 72 ee d9 a8 7b 07 ce 16 29 7f 83
    ae aa ba ce 75 7b c3 4d 5e 68 d9 c5 a5 d4 91 06
    db d4 f2 9d 45 a2 a5 eb 21 c2 fd fc 85 f5 55 3c
    ad 60 31 3b 2a 68 40 40 26 a4 f4 9b 89 e3 75 c8
    13 cb a3 ad da 86 b0 51 e8 9a 4a 26 71 3d 8f 1f
    ae 71 24 c5 02 84 25 ed ce b8 80 f8 f9 cd 09 f5
    f0 f8 1f 0a e0 85 f9 21 ae 0c 22 b8 02 56 8b 96
    a0 11 d1 da a8 e1 b3 d3 82 4f 01 42 6e 59 2b 23
    59 6a 3a 0e 98 0e e3 f6 3b ab b6 66 02 bc 48 59
    73 53 00 79 fa 71 9b 91 56 7b 5f 00 05 1a 30 82
    05 16 30 82 02 fe a0 03 02 01 02 02 11 00 91 2b
    08 4a cf 0c 18 a7 53 f6 d6 2e 25 a7 5f 5a 30 0d
    06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 4f 31
    0b 30 09 06 03 55 04 06 13 02 55 53 31 29 30 27
    06 03 55 04 0a 13 20 49 6e 74 65 72 6e 65 74 20
    53 65 63 75 72 69 74 79 20 52 65 73 65 61 72 63
    68 20 47 72 6f 75 70 31 15 30 13 06 03 55 04 03
    13 0c 49 53 52 47 20 52 6f 6f 74 20 58 31 30 1e
    17 0d 32 30 30 39 30 34 30 30 30 30 30 30 5a 17
    0d 32 35 30 39 31 35 31 36 30 30 30 30 5a 30 32
    31 0b 30 09 06 03 55 04 06 13 02 55 53 31 16 30
    14 06 03 55 04 0a 13 0d 4c 65 74 27 73 20 45 6e
    63 72 79 70 74 31 0b 30 09 06 03 55 04 03 13 02
    52 33 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d
    01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82
    01 01 00 bb 02 15 28 cc f6 a0 94 d3 0f 12 ec 8d
    55 92 c3 f8 82 f1 99 a6 7a 42 88 a7 5d 26 aa b5
    2b b9 c5 4c b1 af 8e 6b f9 75 c8 a3 d7 0f 47 94
    14 55 35 57 8c 9e a8 a2 39 19 f5 82 3c 42 a9 4e
    6e f5 3b c3 2e db 8d c0 b0 5c f3 59 38 e7 ed cf
    69 f0 5a 0b 1b be c0 94 24 25 87 fa 37 71 b3 13
    e7 1c ac e1 9b ef db e4 3b 45 52 45 96 a9 c1 53
    ce 34 c8 52 ee b5 ae ed 8f de 60 70 e2 a5 54 ab
    b6 6d 0e 97 a5 40 34 6b 2b d3 bc 66 eb 66 34 7c
    fa 6b 8b 8f 57 29 99 f8 30 17 5d ba 72 6f fb 81
    c5 ad d2 86 58 3d 17 c7 e7 09 bb f1 2b f7 86 dc
    c1 da 71 5d d4 46 e3 cc ad 25 c1 88 bc 60 67 75
    66 b3 f1 18 f7 a2 5c e6 53 ff 3a 88 b6 47 a5 ff
    13 18 ea 98 09 77 3f 9d 53 f9 cf 01 e5 f5 a6 70
    17 14 af 63 a4 ff 99 b3 93 9d dc 53 a7 06 fe 48
    85 1d a1 69 ae 25 75 bb 13 cc 52 03 f5 ed 51 a1
    8b db 15 02 03 01 00 01 a3 82 01 08 30 82 01 04
    30 0e 06 03 55 1d 0f 01 01 ff 04 04 03 02 01 86
    30 1d 06 03 55 1d 25 04 16 30 14 06 08 2b 06 01
    05 05 07 03 02 06 08 2b 06 01 05 05 07 03 01 30
    12 06 03 55 1d 13 01 01 ff 04 08 30 06 01 01 ff
    02 01 00 30 1d 06 03 55 1d 0e 04 16 04 14 14 2e
    b3 17 b7 58 56 cb ae 50 09 40 e6 1f af 9d 8b 14
    c2 c6 30 1f 06 03 55 1d 23 04 18 30 16 80 14 79
    b4 59 e6 7b b6 e5 e4 01 73 80 08 88 c8 1a 58 f6
    e9 9b 6e 30 32 06 08 2b 06 01 05 05 07 01 01 04
    26 30 24 30 22 06 08 2b 06 01 05 05 07 30 02 86
    16 68 74 74 70 3a 2f 2f 78 31 2e 69 2e 6c 65 6e
    63 72 2e 6f 72 67 2f 30 27 06 03 55 1d 1f 04 20
    30 1e 30 1c a0 1a a0 18 86 16 68 74 74 70 3a 2f
    2f 78 31 2e 63 2e 6c 65 6e 63 72 2e 6f 72 67 2f
    30 22 06 03 55 1d 20 04 1b 30 19 30 08 06 06 67
    81 0c 01 02 01 30 0d 06 0b 2b 06 01 04 01 82 df
    13 01 01 01 30 0d 06 09 2a 86 48 86 f7 0d 01 01
    0b 05 00 03 82 02 01 00 85 ca 4e 47 3e a3 f7 85
    44 85 bc d5 67 78 b2 98 63 ad 75 4d 1e 96 3d 33
    65 72 54 2d 81 a0 ea c3 ed f8 20 bf 5f cc b7 70
    00 b7 6e 3b f6 5e 94 de e4 20 9f a6 ef 8b b2 03
    e7 a2 b5 16 3c 91 ce b4 ed 39 02 e7 7c 25 8a 47
    e6 65 6e 3f 46 f4 d9 f0 ce 94 2b ee 54 ce 12 bc
    8c 27 4b b8 c1 98 2f a2 af cd 71 91 4a 08 b7 c8
    b8 23 7b 04 2d 08 f9 08 57 3e 83 d9 04 33 0a 47
    21 78 09 82 27 c3 2a c8 9b b9 ce 5c f2 64 c8 c0
    be 79 c0 4f 8e 6d 44 0c 5e 92 bb 2e f7 8b 10 e1
    e8 1d 44 29 db 59 20 ed 63 b9 21 f8 12 26 94 93
    57 a0 1d 65 04 c1 0a 22 ae 10 0d 43 97 a1 18 1f
    7e e0 e0 86 37 b5 5a b1 bd 30 bf 87 6e 2b 2a ff
    21 4e 1b 05 c3 f5 18 97 f0 5e ac c3 a5 b8 6a f0
    2e bc 3b 33 b9 ee 4b de cc fc e4 af 84 0b 86 3f
    c0 55 43 36 f6 68 e1 36 17 6a 8e 99 d1 ff a5 40
    a7 34 b7 c0 d0 63 39 35 39 75 6e f2 ba 76 c8 93
    02 e9 a9 4b 6c 17 ce 0c 02 d9 bd 81 fb 9f b7 68
    d4 06 65 b3 82 3d 77 53 f8 8e 79 03 ad 0a 31 07
    75 2a 43 d8 55 97 72 c4 29 0e f7 c4 5d 4e c8 ae
    46 84 30 d7 f2 85 5f 18 a1 79 bb e7 5e 70 8b 07
    e1 86 93 c3 b9 8f dc 61 71 25 2a af df ed 25 50
    52 68 8b 92 dc e5 d6 b5 e3 da 7d d0 87 6c 84 21
    31 ae 82 f5 fb b9 ab c8 89 17 3d e1 4c e5 38 0e
    f6 bd 2b bd 96 81 14 eb d5 db 3d 20 a7 7e 59 d3
    e2 f8 58 f9 5b b8 48 cd fe 5c 4f 16 29 fe 1e 55
    23 af c8 11 b0 8d ea 7c 93 90 17 2f fd ac a2 09
    47 46 3f f0 e9 b0 b7 ff 28 4d 68 32 d6 67 5e 1e
    69 a3 93 b8 f5 9d 8b 2f 0b d2 52 43 a6 6f 32 57
    65 4d 32 81 df 38 53 85 5d 7e 5d 66 29 ea b8 dd
    e4 95 b5 cd b5 56 12 42 cd c4 4e c6 25 38 44 50
    6d ec ce 00 55 18 fe e9 49 64 d4 4e ca 97 9c b4
    5b c0 73 a8 ab b8 47 c2 00 05 64 30 82 05 60 30
    82 04 48 a0 03 02 01 02 02 10 40 01 77 21 37 d4
    e9 42 b8 ee 76 aa 3c 64 0a b7 30 0d 06 09 2a 86
    48 86 f7 0d 01 01 0b 05 00 30 3f 31 24 30 22 06
    03 55 04 0a 13 1b 44 69 67 69 74 61 6c 20 53 69
    67 6e 61 74 75 72 65 20 54 72 75 73 74 20 43 6f
    2e 31 17 30 15 06 03 55 04 03 13 0e 44 53 54 20
    52 6f 6f 74 20 43 41 20 58 33 30 1e 17 0d 32 31
    30 31 32 30 31 39 31 34 30 33 5a 17 0d 32 34 30
    39 33 30 31 38 31 34 30 33 5a 30 4f 31 0b 30 09
    06 03 55 04 06 13 02 55 53 31 29 30 27 06 03 55
    04 0a 13 20 49 6e 74 65 72 6e 65 74 20 53 65 63
    75 72 69 74 79 20 52 65 73 65 61 72 63 68 20 47
    72 6f 75 70 31 15 30 13 06 03 55 04 03 13 0c 49
    53 52 47 20 52 6f 6f 74 20 58 31 30 82 02 22 30
    0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82
    02 0f 00 30 82 02 0a 02 82 02 01 00 ad e8 24 73
    f4 14 37 f3 9b 9e 2b 57 28 1c 87 be dc b7 df 38
    90 8c 6e 3c e6 57 a0 78 f7 75 c2 a2 fe f5 6a 6e
    f6 00 4f 28 db de 68 86 6c 44 93 b6 b1 63 fd 14
    12 6b bf 1f d2 ea 31 9b 21 7e d1 33 3c ba 48 f5
    dd 79 df b3 b8 ff 12 f1 21 9a 4b c1 8a 86 71 69
    4a 66 66 6c 8f 7e 3c 70 bf ad 29 22 06 f3 e4 c0
    e6 80 ae e2 4b 8f b7 99 7e 94 03 9f d3 47 97 7c
    99 48 23 53 e8 38 ae 4f 0a 6f 83 2e d1 49 57 8c
    80 74 b6 da 2f d0 38 8d 7b 03 70 21 1b 75 f2 30
    3c fa 8f ae dd da 63 ab eb 16 4f c2 8e 11 4b 7e
    cf 0b e8 ff b5 77 2e f4 b2 7b 4a e0 4c 12 25 0c
    70 8d 03 29 a0 e1 53 24 ec 13 d9 ee 19 bf 10 b3
    4a 8c 3f 89 a3 61 51 de ac 87 07 94 f4 63 71 ec
    2e e2 6f 5b 98 81 e1 89 5c 34 79 6c 76 ef 3b 90
    62 79 e6 db a4 9a 2f 26 c5 d0 10 e1 0e de d9 10
    8e 16 fb b7 f7 a8 f7 c7 e5 02 07 98 8f 36 08 95
    e7 e2 37 96 0d 36 75 9e fb 0e 72 b1 1d 9b bc 03
    f9 49 05 d8 81 dd 05 b4 2a d6 41 e9 ac 01 76 95
    0a 0f d8 df d5 bd 12 1f 35 2f 28 17 6c d2 98 c1
    a8 09 64 77 6e 47 37 ba ce ac 59 5e 68 9d 7f 72
    d6 89 c5 06 41 29 3e 59 3e dd 26 f5 24 c9 11 a7
    5a a3 4c 40 1f 46 a1 99 b5 a7 3a 51 6e 86 3b 9e
    7d 72 a7 12 05 78 59 ed 3e 51 78 15 0b 03 8f 8d
    d0 2f 05 b2 3e 7b 4a 1c 4b 73 05 12 fc c6 ea e0
    50 13 7c 43 93 74 b3 ca 74 e7 8e 1f 01 08 d0 30
    d4 5b 71 36 b4 07 ba c1 30 30 5c 48 b7 82 3b 98
    a6 7d 60 8a a2 a3 29 82 cc ba bd 83 04 1b a2 83
    03 41 a1 d6 05 f1 1b c2 b6 f0 a8 7c 86 3b 46 a8
    48 2a 88 dc 76 9a 76 bf 1f 6a a5 3d 19 8f eb 38
    f3 64 de c8 2b 0d 0a 28 ff f7 db e2 15 42 d4 22
    d0 27 5d e1 79 fe 18 e7 70 88 ad 4e e6 d9 8b 3a
    c6 dd 27 51 6e ff bc 64 f5 33 43 4f 02 03 01 00
    01 a3 82 01 46 30 82 01 42 30 0f 06 03 55 1d 13
    01 01 ff 04 05 30 03 01 01 ff 30 0e 06 03 55 1d
    0f 01 01 ff 04 04 03 02 01 06 30 4b 06 08 2b 06
    01 05 05 07 01 01 04 3f 30 3d 30 3b 06 08 2b 06
    01 05 05 07 30 02 86 2f 68 74 74 70 3a 2f 2f 61
    70 70 73 2e 69 64 65 6e 74 72 75 73 74 2e 63 6f
    6d 2f 72 6f 6f 74 73 2f 64 73 74 72 6f 6f 74 63
    61 78 33 2e 70 37 63 30 1f 06 03 55 1d 23 04 18
    30 16 80 14 c4 a7 b1 a4 7b 2c 71 fa db e1 4b 90
    75 ff c4 15 60 85 89 10 30 54 06 03 55 1d 20 04
    4d 30 4b 30 08 06 06 67 81 0c 01 02 01 30 3f 06
    0b 2b 06 01 04 01 82 df 13 01 01 01 30 30 30 2e
    06 08 2b 06 01 05 05 07 02 01 16 22 68 74 74 70
    3a 2f 2f 63 70 73 2e 72 6f 6f 74 2d 78 31 2e 6c
    65 74 73 65 6e 63 72 79 70 74 2e 6f 72 67 30 3c
    06 03 55 1d 1f 04 35 30 33 30 31 a0 2f a0 2d 86
    2b 68 74 74 70 3a 2f 2f 63 72 6c 2e 69 64 65 6e
    74 72 75 73 74 2e 63 6f 6d 2f 44 53 54 52 4f 4f
    54 43 41 58 33 43 52 4c 2e 63 72 6c 30 1d 06 03
    55 1d 0e 04 16 04 14 79 b4 59 e6 7b b6 e5 e4 01
    73 80 08 88 c8 1a 58 f6 e9 9b 6e 30 0d 06 09 2a
    86 48 86 f7 0d 01 01 0b 05 00 03 82 01 01 00 0a
    73 00 6c 96 6e ff 0e 52 d0 ae dd 8c e7 5a 06 ad
    2f a8 e3 8f bf c9 0a 03 15 50 c2 e5 6c 42 bb 6f
    9b f4 b4 4f c2 44 88 08 75 cc eb 07 9b 14 62 6e
    78 de ec 27 ba 39 5c f5 a2 a1 6e 56 94 70 10 53
    b1 bb e4 af d0 a2 c3 2b 01 d4 96 f4 c5 20 35 33
    f9 d8 61 36 e0 71 8d b4 b8 b5 aa 82 45 95 c0 f2
    a9 23 28 e7 d6 a1 cb 67 08 da a0 43 2c aa 1b 93
    1f c9 de f5 ab 69 5d 13 f5 5b 86 58 22 ca 4d 55
    e4 70 67 6d c2 57 c5 46 39 41 cf 8a 58 83 58 6d
    99 fe 57 e8 36 0e f0 0e 23 aa fd 88 97 d0 e3 5c
    0e 94 49 b5 b5 17 35 d2 2e bf 4e 85 ef 18 e0 85
    92 eb 06 3b 6c 29 23 09 60 dc 45 02 4c 12 18 3b
    e9 fb 0e de dc 44 f8 58 98 ae ea bd 45 45 a1 88
    5d 66 ca fe 10 e9 6f 82 c8 11 42 0d fb e9 ec e3
    86 00 de 9d 10 e3 38 fa a4 7d b1 d8 e8 49 82 84
    06 9b 2b e8 6b 4f 01 0c 38 77 2e f9 dd e7 39
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify error:num=20:unable to get local issuer certificate
<<< ??? [length 0005]
    16 03 03 01 4d
<<< TLS 1.2 Handshake [length 014d], ServerKeyExchange
    0c 00 01 49 03 00 17 41 04 60 f9 52 4e e7 05 78
    43 5e 2f 91 e9 fe 5e 52 5f aa cf 91 ca e0 57 b0
    86 b4 3f e2 86 44 9a 57 55 a1 c3 c9 94 80 39 9e
    4b 14 24 ad f1 60 4e d5 a5 ec 4b 11 cc 31 4e 61
    b6 2a 38 9e e6 ec 32 34 28 04 01 01 00 0b 3b 6b
    23 cd 7e 66 c4 8a 77 91 56 c6 4a 2c 1b b2 83 cc
    d0 a3 e5 f4 23 57 54 05 63 b0 45 c9 43 8a 4a 54
    df 5d 76 18 67 26 e7 00 7e 06 66 39 77 79 b1 9b
    38 46 13 ae 2e 56 8a 03 08 86 b5 6a f0 c4 a5 11
    7e 29 e9 5f af c0 b3 33 4e 9b 4b f5 66 84 a4 61
    f7 e4 89 6d 0f e3 30 c7 6e 4d 25 3e 04 b8 b0 3c
    27 6f 6c d8 d5 36 fc 21 29 4d 32 8d 1a ae 02 64
    aa 13 c7 a6 30 87 30 37 8a 09 c3 92 ac 0a 39 de
    11 ee 2e 8d a4 8a 7d 7c 0f 9a 99 37 92 6e 2b 2e
    68 15 56 b2 14 be 1b d0 5f 5d 34 d8 bd 02 d4 37
    47 04 26 7a 44 47 db 53 ae c6 20 74 41 ca a4 ca
    97 c8 25 76 df 8f 1b db f7 4c 5d 81 52 da 81 09
    a2 b2 86 76 68 18 6c c1 4d 00 97 ce ee af fd d9
    2c 83 f6 16 3d 1c 16 75 66 f0 4a 89 f7 df 65 8e
    7c af 3e 64 47 98 c0 57 9c 76 88 51 dc 74 42 88
    1c 49 72 a9 91 61 2e c5 fc 27 d1 44 6b
<<< ??? [length 0005]
    16 03 03 00 04
<<< TLS 1.2 Handshake [length 0004], ServerHelloDone
    0e 00 00 00
>>> ??? [length 0005]
    16 03 03 00 46
>>> TLS 1.2 Handshake [length 0046], ClientKeyExchange
    10 00 00 42 41 04 22 2e 9c f7 b5 0a 6a 91 fc 8e
    0c 84 08 5a 83 e9 7b 93 8f fa 01 79 99 b6 55 bb
    28 8b 52 e2 fb 04 b4 48 c4 7d 35 5b b7 c8 6f ef
    4a 5b 82 0c 58 16 f2 88 62 8e 1e 3a bf 86 84 5d
    39 2a 96 1a fc f4
>>> ??? [length 0005]
    14 03 03 00 01
>>> TLS 1.2 ChangeCipherSpec [length 0001]
    01
>>> ??? [length 0005]
    16 03 03 00 28
>>> TLS 1.2 Handshake [length 0010], Finished
    14 00 00 0c 12 af c0 b5 bb 4e d0 01 79 23 bc b9
<<< ??? [length 0005]
    14 03 03 00 01
<<< TLS 1.2 ChangeCipherSpec [length 0001]
    01
<<< ??? [length 0005]
    16 03 03 00 28
<<< TLS 1.2 Handshake [length 0010], Finished
    14 00 00 0c 71 13 27 cf 5b 36 68 09 36 a1 40 15
---
Certificate chain
 0 s:/CN=*.smaapis.de
   i:/C=US/O=Let's Encrypt/CN=R3
 1 s:/C=US/O=Let's Encrypt/CN=R3
   i:/C=US/O=Internet Security Research Group/CN=ISRG Root X1
 2 s:/C=US/O=Internet Security Research Group/CN=ISRG Root X1
   i:/O=Digital Signature Trust Co./CN=DST Root CA X3
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFHTCCBAWgAwIBAgISBNxKfEdeLX/rUrCi8yP1ul9iMA0GCSqGSIb3DQEBCwUA
MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
EwJSMzAeFw0yMjA2MjgwNTI4MzBaFw0yMjA5MjYwNTI4MjlaMBcxFTATBgNVBAMM
DCouc21hYXBpcy5kZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM6b
uDwwj8lzMnmTurEquZgPY98ibmCBLfrZVOgpTXk35mh53+m+8aL94jt+XZhdzD0U
3fY7V/VCMCbIInQmhAwS64KyxRARVUQYGeHRzhzR+qKZmyqBJkDKa/wkiO4KW5DK
5iOVuPMJkqTpdHHX0fxpOqHNChGFMxQQ18vhjHgQBn8j9scziOyZzQ0IcCNbmAL0
auOCF8XDCov6SrVnG4q2R5ocgaHR2zRVBUipUgX9iyg6SWoCYqWSYy6Q6c8pIQvB
zAu6gJh2SF+T7ZZjAFydzpfjeWearC7xg3UuT8INEXEhgsU/iFNBLj0MSwDEvbT0
clt7LuN+0je5zZmml6cCAwEAAaOCAkYwggJCMA4GA1UdDwEB/wQEAwIFoDAdBgNV
HSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4E
FgQUBLkzDr1DvOHKHbEf8zieWEG6TuAwHwYDVR0jBBgwFoAUFC6zF7dYVsuuUAlA
5h+vnYsUwsYwVQYIKwYBBQUHAQEESTBHMCEGCCsGAQUFBzABhhVodHRwOi8vcjMu
by5sZW5jci5vcmcwIgYIKwYBBQUHMAKGFmh0dHA6Ly9yMy5pLmxlbmNyLm9yZy8w
FwYDVR0RBBAwDoIMKi5zbWFhcGlzLmRlMEwGA1UdIARFMEMwCAYGZ4EMAQIBMDcG
CysGAQQBgt8TAQEBMCgwJgYIKwYBBQUHAgEWGmh0dHA6Ly9jcHMubGV0c2VuY3J5
cHQub3JnMIIBAwYKKwYBBAHWeQIEAgSB9ASB8QDvAHYAQcjKsd8iRkoQxqE6CUKH
Xk4xixsD6+tLx2jwkGKWBvYAAAGBqP9FsAAABAMARzBFAiEAx1PBFM+ppqb8hxSd
tn4ktxAaiafzrmjRYA40TOJUnmcCIGw9q3fVN9emJj1pfUvak6C/bk1zexvvGtYJ
PQeDubZyAHUARqVV63X6kSAwtaKJafTzfREsQXS+/Um4havy/HD+bUcAAAGBqP9F
uAAABAMARjBEAiAYt0COPDsxbe1xf69LbEkQ4DlImFjPmu3pD/6dQO+yLwIgAQlg
uSBYLd1OgmKVXJSqRbiWeJg440Fajs8wrCVwWp8wDQYJKoZIhvcNAQELBQADggEB
ABWAPi4szjcFTnog78WQS385hIYLU4UXxJLBS8h3jSoS0ZiBj9ZWav0w9kXlXzSu
TAXputVJP0PxybJCaynmkNrourCxtHlvu2juKU2Lvnyy8Laa8/IP1cWUmilm6eLL
oCT6Ku88DOyE3sNy7tmoewfOFil/g66qus51e8NNXmjZxaXUkQbb1PKdRaKl6yHC
/fyF9VU8rWAxOypoQEAmpPSbieN1yBPLo63ahrBR6JpKJnE9jx+ucSTFAoQl7c64
gPj5zQn18PgfCuCF+SGuDCK4AlaLlqAR0dqo4bPTgk8BQm5ZKyNZajoOmA7j9jur
tmYCvEhZc1MAefpxm5FWe18=
-----END CERTIFICATE-----
subject=/CN=*.smaapis.de
issuer=/C=US/O=Let's Encrypt/CN=R3
---
No client certificate CA names sent
Peer signing digest: SHA256
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 4510 bytes and written 433 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES256-GCM-SHA384
    Session-ID: 20FF538955A3A6CCC986336C7CAB0E15BE4FA8481BED9B62279BDA83CCBBDEA5
    Session-ID-ctx:
    Master-Key: 6EC1D386DB4941A0AD8592A6E33246E9EF54FF9FB0AEF0D73982317A5D72F5077A8FB4BE41BF38ECC850359ACD47FF5F
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1657798191
    Timeout   : 7200 (sec)
    Verify return code: 20 (unable to get local issuer certificate)

Share this post

Link to post

Fr0sT.Brutal    897

Fr0sT.Brutal
Posted

Okay, so we're sure this is not an issue on the openSSL=>network=>server part of chain. Remy your turn 🙂

Share this post

Link to post

mvanrijnen    121

mvanrijnen
Posted (edited)

Too make things more difficult, the exception is not always occuring in the production environment.

In the service there are two ways the method which goes wrong is called, 

* Automaticly, every day around 18.30, from a seperate thread (cleanup thread)

* By hand, called from a client which throws a request in a queue, which is sequelly handled by the service

 

and now i'm typing this, i maybe realsie, that the ApiClient class, is used by mainclass of the service itself, as in the cleanup thread.

Could this somehow get in the way? Yes, it can, stupid me 🙂 i see it now.

 

 

Edited by mvanrijnen

Share this post

Link to post

Remy Lebeau    1257

Remy Lebeau
Posted (edited)
On 7/14/2022 at 12:08 AM, mvanrijnen said:

* Made sure i have the same OpenSSL Dll's

Which version of the DLLs are you using, though?  TIdSSLIOHandlerSocketOpenSSL supports OpenSSL 1.0.2 or earlier.  If you are trying to use OpenSSL 1.1.x or later, you need to use this SSLIOHandler instead: https://github.com/IndySockets/Indy/pulls/299

Quote

My code for creating the idhttp component:

The only issue I see with that code is you are creating the SSLIOHandler conditionally.  You don't need to do that, you can access non-secure HTTP urls even with the SSLIOHandler assigned.  TIdHTTP will handle the underlying TCP connection and SSLIOHandler.PassThrough property for you on a per-request basis, (re)connecting and toggling between TLS/non-TLS as needed.  Because of that management, when you do create the SSLIOHandler, you don't need to set its PassThrough property manually at all.

 

The SSLIOHandler will also handle loading the OpenSSL DLLs dynamically only when they are actually needed, so if you never request an HTTPS url then the DLLs won't ever get loaded, and PassThrough will always be True.

 

So, I would suggest just getting rid of your UseSSL config option altogether, it is really not necessary.  In fact, it will actually cause a runtime error if it is set to False and then you request a non-secure HTTP url that redirects to a secure HTTPS url.  So, best to just have the SSLIOHandler assigned unconditionally instead, so it is always ready to go in case it is needed. 

procedure THSJSonApiClient.InitHTTP;
begin
  fhttp := TIdHTTP.Create(nil);

  fopenssl := TIdSSLIOHandlerSocketOpenSSL.Create(fhttp);
  fopenssl.SSLOptions.VerifyMode := [];
  fopenssl.SSLOptions.VerifyDepth := 0;
  fopenssl.SSLOptions.SSLVersions := [sslvTLSv1_2, sslvTLSv1_1, sslvTLSv1];
  fhttp.IOHandler := fopenssl;

  fhttp.handleredirects := True;

{$IFDEF DEBUG}
  flog := TIdLogEvent.Create(nil);
  flog.ReplaceCRLF := False;
  flog.LogTime := False;
  flog.Active := True;
  flog.OnReceived := CatchLogReceived;
  flog.OnSent := CatchLogSent;
  flog.OnStatus := CatchLogStatus;
  fhttp.Intercept := flog;
{$ENDIF}
end;

 

Edited by Remy Lebeau
  • Thanks 1

Share this post

Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Go To Topic Listing Network, Cloud and Web
×