polasss 0 Posted November 17, 2022 I'm having trouble connecting to my DROPBOX account via TidHTTP and I don't know what to do anymore. I want to send a simple text file to DROPBOX in the first stage. procedure TForm2.btn1Click(Sender: TObject); const API_URL = 'https://content.dropboxapi.com/2/files/upload'; cFile = 'D:\testfile.txt'; var wAccessToken : string; Source: TFileStream; IdHTTP: TIdHTTP; Res : string; Ssl: TIdSSLIOHandlerSocketOpenSSL; begin wAccessToken := 'muj_token'; IdHTTP := TIdHTTP.Create(nil); try (* ShowMessage('Indy version: ' + IdHTTP.Version); RESULT MESSAGE : INDY 10.5.9.0 *) IdHTTP.HandleRedirects := True; ssl := TIdSSLIOHandlerSocketOpenSSL.Create(); ssl.SSLOptions.Method := sslvTLSv1_2; ssl.SSLOptions.Mode := sslmUnassigned; ssl.SSLOptions.VerifyMode := []; ssl.SSLOptions.VerifyDepth := 0; ssl.host := ''; Source := TFileStream.Create(cFile, fmOpenRead); IdHTTP.IOHandler := ssl; IdHTTP.Request.CustomHeaders.Values['Authorization'] := 'Bearer ' + wAccessToken; IdHTTP.Request.CustomHeaders.Values['Dropbox-API-Arg'] := '{ "autorename": false,"mode": "add","mute": false,"path": "/test.txt","strict_conflict": false}'; IdHTTP.Request.CustomHeaders.Values['Content-Type'] := 'application/octet-stream'; Memo1.Lines.Add(IdHTTP.Request.CustomHeaders.Text); Res := IdHTTP.Post(API_URL, Source); finally IdHTTP.Free; end; But after the POST command I get the error "error: 1409442E:SSL routines: SSL3_READ_BYTES:tlsv 1 alert protocol" - class EIdOSSLUnderlyingCryptoError with message "Error connectin with SSL" http://imgway.cz/m/hneT.jpg I don't know how to proceed, there is a stupid mistake somewhere. I found similar problems on https://stackoverflow.com/questions/1742900/tidhttp-in-indy-10 , https://stackoverflow.com/questions/7762584/post-problems-with-indy-tidhttp and many other forums. Somewhere it says it may be old INDY (which it is), but DROPBOX's probably has the TLS v1.2 required when TIDHTTP enables it ssl.SSLOptions.Method := sslvTLSv1_2 For the Request track, I stuck to the DROBOX.API structure DROPBOX API DOCUMENTATION https://www.dropbox.com/developers/documentation/http/documentation#files-upload Get access token for: ****************************************************** ************** curl -X POST https://content.dropboxapi.com/2/files/upload \ --header "Authorization: Bearer <get access token>" \ --header "Dropbox-API-Arg: {\"autorename\":false,\"mode\":\"add\",\"mute\":false,\"path\":\"/Homework/ math/Matrices.txt\",\"strict_conflict\":false}" \ --header "Content-Type: application/octet-stream" \ --data-binary @local_file.txt ****************************************************** ************** Even more information: Delphi XE3 Indy 10.5.9.0 with the exe I have the Open SSL files libeay32.dll (v. 1.0.2.17) and ssleay32.dll (v. 1.0.2.17) - but that will not be it. if I throw them away the error is the same DROPBOX requires TLS 1.2 from April On some forums they wrote the same error with old Open SSL files, old INDY, sending via TLS which is not supported by the addressee. But I don't feel either way. I downloaded Open SSL from https://github.com/IndySockets/OpenSSL-Binaries file openssl-1.0.2u-x64_86-win64.zip (I don't know if it's good, there are a bunch of them in the table with differences in the name "r", "s", "t", "u", he chose I'm the last one). Thanks for any advice. Share this post Link to post
WillH 33 Posted November 17, 2022 Try setting SSLOptions.SSLVersions to include sslvTLSv1_2 indySSLHandler.SSLOptions.SSLVersions := [sslvTLSv1_2] ; Regards, Will. Share this post Link to post
polasss 0 Posted November 17, 2022 8 minutes ago, WillH said: Try setting SSLOptions.SSLVersions to include sslvTLSv1_2 indySSLHandler.SSLOptions.SSLVersions := [sslvTLSv1_2] ; Regards, Will. thanks for the quick reply but the same error ... so much time, so stupid and the main program hangs on it ... Any other idea please? Share this post Link to post
WillH 33 Posted November 17, 2022 I've just tried your code with Indy version: 10.6.2.0. The SSL part works. I made a change for logging but that's it. Check that the dlls you have match the bitness of your compiled application. A 64bit application needs 64bit openSSL dlls. Otherwise use the latest Indy version or alternate HTTP code such as the ones included in mORMot based on the WinHTTP drivers. At some point tls1.3 will become the minimum and as far as I know Indy does not support it yet. add IdSSLOpenSSLHeaders to your uses clause. Add this -> Memo1.Lines.Add('Indy version: ' + IdHTTP.Version); ssl.OnStatusInfoEx := IdSSLIOHandlerSocketOpenSSL1StatusInfoEx ; Change this -> ssl.SSLOptions.Mode := TidSSLMode.sslmUnassigned; Add this handler -> procedure TForm2.IdSSLIOHandlerSocketOpenSSL1StatusInfoEx(ASender: TObject; const AsslSocket: PSSL; const AWhere, Aret: Integer; const AType, AMsg: string); begin memo1.Lines.Add(Amsg) ; end; The output I get is Indy version: 10.6.2.0 Authorization: Bearer muj_token Dropbox-API-Arg: { "autorename": false,"mode": "add","mute": false,"path": "/test.txt","strict_conflict": false} Content-Type: application/octet-stream before/connect initialization before/connect initialization SSLv3 write client hello A SSLv3 read server hello A SSLv3 read server certificate A SSLv3 read server key exchange A SSLv3 read server done A SSLv3 write client key exchange A SSLv3 write change cipher spec A SSLv3 write finished A SSLv3 flush data SSLv3 read server session ticket A SSLv3 read finished A SSL negotiation finished successfully SSL negotiation finished successfully close notify Followed by Error HTTP/400 Bad Request. Share this post Link to post
polasss 0 Posted November 17, 2022 (edited) 4 hours ago, WillH said: I've just tried your code with Indy version: 10.6.2.0. The SSL part works. I made a change for logging but that's it. Check that the dlls you have match the bitness of your compiled application. A 64bit application needs 64bit openSSL dlls. Otherwise use the latest Indy version or alternate HTTP code such as the ones included in mORMot based on the WinHTTP drivers. At some point tls1.3 will become the minimum and as far as I know Indy does not support it yet. ;-( So I won't do that now, I removed the old Indy and started the upgrade to the latest version exactly as instructed https://github.com/IndySockets/Indy/wiki/Updating-Indy and I'm back in ... compilation error [dcc32 Fatal Error] IndySystem170.dpk(34): E2202 Required package 'paclientcore' not found What the hell am I missing? Google finds paclientcore on 4 sites but nothing. I deleted some gray paths in "Library path" and Browsing path", would that be it? Please, give me an advice! Edited November 17, 2022 by polasss Share this post Link to post
Remy Lebeau 1394 Posted November 17, 2022 4 minutes ago, polasss said: [dcc32 Fatal Error] IndySystem170.dpk(34): E2202 Required package 'paclientcore' not found Nothing in Indy depends on that package. Double-check that your DPK and DPROJ files didn't pick up something unexpected by accident. Share this post Link to post
Remy Lebeau 1394 Posted November 17, 2022 6 hours ago, polasss said: But after the POST command I get the error "error: 1409442E:SSL routines: SSL3_READ_BYTES:tlsv 1 alert protocol" - class EIdOSSLUnderlyingCryptoError with message "Error connectin with SSL" http://imgway.cz/m/hneT.jpg You chopped off some of the error message. It is complaining that the "protocol version" is not accepted. Even though you are setting the version to TLS 1.2, chances are that Indy or OpenSSL is falling back to TLS 1.0 or 1.1 instead, which will fail if the server actually requires TLS 1.2. Also, something else to consider - even if TLS 1.2 were being used correctly, most TLS 1.2 servers nowadays require clients to use the SNI extension to send the requested hostname in the TLS handshake (so appropriate certificates can be used), but Indy 10.5.9 did not support SNI. So upgrading to an up-to-date Indy version will gain you that feature. 6 hours ago, polasss said: Somewhere it says it may be old INDY (which it is) 10.5.9 is VERY old. 6 hours ago, polasss said: with the exe I have the Open SSL files libeay32.dll (v. 1.0.2.17) and ssleay32.dll (v. 1.0.2.17) Even if you don't update Delphi/Indy,, you should at least make sure you are using an updated OpenSSL. The last version of OpenSSL that Indy 10.6.2 officially supports is 1.0.2u (1.0.2.21). Support for OpenSSL 1.1+/3.0 is a WIP (https://github.com/IndySockets/Indy/pull/299), if you want to try it. Share this post Link to post
polasss 0 Posted November 17, 2022 OK, thank you very much indeed, I appreciate the time of everyone who contributed. So I have a lot of work ahead of me today. 1: reinstall BD XE3 - I reached into the gray paths (Library, Browsing path), I deleted the old INDY and it was not possible to install the new one... let's go clean ;-( 2: I downloaded the latest OpenSSL binary, the version numbers match 3: I install (at least I hope) the new INDY (fourth, now I know that it is possible to bypass "paclientcore". We'll see what happens when installing dclIndyCore and Protocols, here it reported the error hard) 4: I will add StatusInfo (see above) and try the DropBox test - and then it will be midnight and if it doesn't work ... Another stupid question please: Isn't it reasonable to make a restore point in OS WIN 10 after step 2? Will the restore really return the system to its original state without any ballast? I suppose I'll be in touch again, thanks again. Share this post Link to post
polasss 0 Posted November 17, 2022 (edited) First output: - reinstall BDE xe3 (I put it back from drive "D" where "C" should be) - I added the current Open SSL dll to the exe - I added to the code what Remy wrote extract from memo1: before/connect initialization before/connect initialization SSLv3 write client hello A protocol version SSLv3 read server hello A the error remained, I will try to upgrade Indy after 100 attempts (I googled again, one information was that Indy wants "C" drive by default) Note: I have done the upgrade many times, each time it behaves a little differently (other missing dcu, etc.). I wonder. Edited November 17, 2022 by polasss Share this post Link to post
polasss 0 Posted November 18, 2022 (edited) So done! 👍 Error 401 unauthorized resolved - Access Token expired, after renewing it I got a JSON response back. I'm still figuring out why, but that's another song. Thanks a lot indeed, especially Remy Lebeau! update to latest Open SSL bin files https://indy.fulgan.com/SSL/?C=M;O=D if the software is v32, it is necessary to use openssl-1.0.2u-i386-win32.zip (even if the system is w64) reinstall Indy to the latest version (even though reinstalling Indy is a horror, reinstalled a total of 6 times, each time a different error, I ended up with Indy without components - installation just doesn't work) Current version of Indy https://github.com/IndySockets/Indy How to reinstall Indy https://github.com/IndySockets/Indy/wiki/Updating-Indy I had Indy on a different drive than "C" and that was probably a mistake, here too but different error messages every time I put the Open SSL bin files directly to the exe, to be sure I set the file path IdOpenSSLSetLibPath(ExtractFilePath(Application.ExeName)) Edited November 19, 2022 by polasss Share this post Link to post