Delphi XE - error connect DROPBOX via Indy TidHTTP (htttps)

[polasss 0]

I'm having trouble connecting to my DROPBOX account via TidHTTP and I don't know what to do anymore. I want to send a simple text file to DROPBOX in the first stage.

procedure TForm2.btn1Click(Sender: TObject);
const
  API_URL = 'https://content.dropboxapi.com/2/files/upload';
  cFile   = 'D:\testfile.txt';

var
  wAccessToken : string;
  Source: TFileStream;
  IdHTTP: TIdHTTP;
  Res : string;
  Ssl: TIdSSLIOHandlerSocketOpenSSL;

begin

  wAccessToken := 'muj_token';
  IdHTTP := TIdHTTP.Create(nil);
  try
    (*
    ShowMessage('Indy version: ' + IdHTTP.Version);
    RESULT MESSAGE : INDY 10.5.9.0
    *)
    IdHTTP.HandleRedirects := True;
    ssl := TIdSSLIOHandlerSocketOpenSSL.Create();
    ssl.SSLOptions.Method := sslvTLSv1_2;
    ssl.SSLOptions.Mode := sslmUnassigned;
    ssl.SSLOptions.VerifyMode := [];
    ssl.SSLOptions.VerifyDepth := 0;
    ssl.host := '';

    Source := TFileStream.Create(cFile, fmOpenRead);

    IdHTTP.IOHandler := ssl;
    IdHTTP.Request.CustomHeaders.Values['Authorization'] := 'Bearer ' + wAccessToken;
    IdHTTP.Request.CustomHeaders.Values['Dropbox-API-Arg'] :=
           '{ "autorename": false,"mode": "add","mute": false,"path": "/test.txt","strict_conflict": false}';
    IdHTTP.Request.CustomHeaders.Values['Content-Type']  := 'application/octet-stream';

    Memo1.Lines.Add(IdHTTP.Request.CustomHeaders.Text);

    Res := IdHTTP.Post(API_URL, Source);

  finally
      IdHTTP.Free;
  end;

But after the POST command I get the error "error: 1409442E:SSL routines: SSL3_READ_BYTES:tlsv 1 alert protocol" - class EIdOSSLUnderlyingCryptoError with message "Error connectin with SSL"

http://imgway.cz/m/hneT.jpg

I don't know how to proceed, there is a stupid mistake somewhere. I found similar problems on

https://stackoverflow.com/questions/1742900/tidhttp-in-indy-10 , https://stackoverflow.com/questions/7762584/post-problems-with-indy-tidhttp

 and many other forums. Somewhere it says it may be old INDY (which it is), but DROPBOX's probably has the TLS v1.2 required when TIDHTTP enables it ssl.SSLOptions.Method := sslvTLSv1_2

For the Request track, I stuck to the DROBOX.API structure

 

DROPBOX API DOCUMENTATION
     https://www.dropbox.com/developers/documentation/http/documentation#files-upload
     Get access token for:
     ****************************************************** **************
     curl -X POST https://content.dropboxapi.com/2/files/upload \
     --header "Authorization: Bearer <get access token>" \
     --header "Dropbox-API-Arg: {\"autorename\":false,\"mode\":\"add\",\"mute\":false,\"path\":\"/Homework/ math/Matrices.txt\",\"strict_conflict\":false}" \
     --header "Content-Type: application/octet-stream" \
     --data-binary @local_file.txt
     ****************************************************** **************

Even more information:

• Delphi XE3
• Indy 10.5.9.0
• with the exe I have the Open SSL files libeay32.dll (v. 1.0.2.17) and  ssleay32.dll (v. 1.0.2.17) - but that will not be it. if I throw them away the error is the same
• DROPBOX requires TLS 1.2 from April

On some forums they wrote the same error with old Open SSL files, old INDY, sending via TLS which is not supported by the addressee. But I don't feel either way. I downloaded Open SSL from https://github.com/IndySockets/OpenSSL-Binaries file openssl-1.0.2u-x64_86-win64.zip

 (I don't know if it's good, there are a bunch of them in the table with differences in the name "r", "s", "t", "u", he chose I'm the last one).

Thanks for any advice.

[WillH 33]

Try setting

 

SSLOptions.SSLVersions to include sslvTLSv1_2

 

indySSLHandler.SSLOptions.SSLVersions := [sslvTLSv1_2] ;

 

Regards,

  Will.

 

 

 

 

 

 

[polasss 0]

8 minutes ago, WillH said:

Try setting

 

SSLOptions.SSLVersions to include sslvTLSv1_2

 

indySSLHandler.SSLOptions.SSLVersions := [sslvTLSv1_2] ;

 

Regards,

  Will.

 

 

 

 

 

 

thanks for the quick reply but the same error ... so much time, so stupid and the main program hangs on it ... Any other idea please?

[WillH 33]

I've just tried your code with Indy version: 10.6.2.0. The SSL part works. I made a change for logging but that's it.

Check that the dlls you have match the bitness of your compiled application. A 64bit application needs 64bit openSSL dlls.

Otherwise use the latest Indy version or alternate HTTP code such as the ones included in mORMot based on the WinHTTP drivers. At some point tls1.3 will become the minimum and as far as I know Indy does not support it yet.

 

 

add IdSSLOpenSSLHeaders to your uses clause.

 

Add this ->

  Memo1.Lines.Add('Indy version: ' + IdHTTP.Version);
  ssl.OnStatusInfoEx := IdSSLIOHandlerSocketOpenSSL1StatusInfoEx ;

Change this ->

  ssl.SSLOptions.Mode := TidSSLMode.sslmUnassigned;

 

 

Add this handler ->

 

procedure TForm2.IdSSLIOHandlerSocketOpenSSL1StatusInfoEx(ASender: TObject;
    const AsslSocket: PSSL; const AWhere, Aret: Integer; const AType, AMsg:
    string);
begin
  memo1.Lines.Add(Amsg) ;
end;

The output I get is

 

Indy version: 10.6.2.0
Authorization: Bearer muj_token
Dropbox-API-Arg: { "autorename": false,"mode": "add","mute": false,"path": "/test.txt","strict_conflict": false}
Content-Type: application/octet-stream

before/connect initialization
before/connect initialization
SSLv3 write client hello A
SSLv3 read server hello A
SSLv3 read server certificate A
SSLv3 read server key exchange A
SSLv3 read server done A
SSLv3 write client key exchange A
SSLv3 write change cipher spec A
SSLv3 write finished A
SSLv3 flush data
SSLv3 read server session ticket A
SSLv3 read finished A
SSL negotiation finished successfully
SSL negotiation finished successfully
close notify

 

Followed by Error HTTP/400 Bad Request.

 

 

 

[polasss 0]

4 hours ago, WillH said:

I've just tried your code with Indy version: 10.6.2.0. The SSL part works. I made a change for logging but that's it.

Check that the dlls you have match the bitness of your compiled application. A 64bit application needs 64bit openSSL dlls.

Otherwise use the latest Indy version or alternate HTTP code such as the ones included in mORMot based on the WinHTTP drivers. At some point tls1.3 will become the minimum and as far as I know Indy does not support it yet.

 

;-( So I won't do that now, I removed the old Indy and started the upgrade to the latest version exactly as instructed
https://github.com/IndySockets/Indy/wiki/Updating-Indy
and I'm back in ...

compilation error

[dcc32 Fatal Error] IndySystem170.dpk(34): E2202 Required package 'paclientcore' not found

What the hell am I missing? Google finds paclientcore on 4 sites but nothing. I deleted some gray paths in "Library path" and Browsing path", would that be it?
Please, give me an advice! 

Edited November 17, 2022 by polasss

[Remy Lebeau 1393]

4 minutes ago, polasss said:

[dcc32 Fatal Error] IndySystem170.dpk(34): E2202 Required package 'paclientcore' not found

Nothing in Indy depends on that package.  Double-check that your DPK and DPROJ files didn't pick up something unexpected by accident.

[Remy Lebeau 1393]

6 hours ago, polasss said:

But after the POST command I get the error "error: 1409442E:SSL routines: SSL3_READ_BYTES:tlsv 1 alert protocol" - class EIdOSSLUnderlyingCryptoError with message "Error connectin with SSL"

http://imgway.cz/m/hneT.jpg

You chopped off some of the error message.  It is complaining that the "protocol version" is not accepted.  Even though you are setting the version to TLS 1.2, chances are that Indy or OpenSSL is falling back to TLS 1.0 or 1.1 instead, which will fail if the server actually requires TLS 1.2.

 

Also, something else to consider - even if TLS 1.2 were being used correctly, most TLS 1.2 servers nowadays require clients to use the SNI extension to send the requested hostname in the TLS handshake (so appropriate certificates can be used), but Indy 10.5.9 did not support SNI.  So upgrading to an up-to-date Indy version will gain you that feature.

6 hours ago, polasss said:

Somewhere it says it may be old INDY (which it is)

10.5.9 is VERY old.

6 hours ago, polasss said:

with the exe I have the Open SSL files libeay32.dll (v. 1.0.2.17) and  ssleay32.dll (v. 1.0.2.17)

Even if you don't update Delphi/Indy,, you should at least make sure you are using an updated OpenSSL.  The last version of OpenSSL that Indy 10.6.2 officially supports is 1.0.2u (1.0.2.21). Support for OpenSSL 1.1+/3.0 is a WIP (https://github.com/IndySockets/Indy/pull/299), if you want to try it.

[polasss 0]

OK, thank you very much indeed, I appreciate the time of everyone who contributed.
So I have a lot of work ahead of me today.
1:  reinstall BD XE3 - I reached into the gray paths (Library, Browsing path), I deleted the old INDY and it was not possible to install the new one... let's go clean ;-(
2:  I downloaded the latest OpenSSL binary, the version numbers match
3:  I install (at least I hope) the new INDY (fourth, now I know that it is possible to bypass "paclientcore". We'll see what happens when installing dclIndyCore and Protocols, here it reported the error hard)
4:  I will add StatusInfo (see above) and try the DropBox test
- and then it will be midnight and if it doesn't work ...

 

Another stupid question please:
Isn't it reasonable to make a restore point in OS WIN 10 after step 2? Will the restore really return the system to its original state without any ballast?

 

I suppose I'll be in touch again, thanks again.

[polasss 0]

First output:
- reinstall BDE xe3 (I put it back from drive "D" where "C" should be)
- I added the current Open SSL dll to the exe
- I added to the code what Remy wrote

 

extract from memo1:

before/connect initialization
before/connect initialization
SSLv3 write client hello A
protocol version
SSLv3 read server hello A

 

the error remained, I will try to upgrade Indy after 100 attempts (I googled again, one information was that Indy wants "C" drive by default)

Note: I have done the upgrade many times, each time it behaves a little differently (other missing dcu, etc.). I wonder.

Edited November 17, 2022 by polasss

[polasss 0]

So done! 👍 Error 401 unauthorized resolved - Access Token expired, after renewing it I got a JSON response back. I'm still figuring out why, but that's another song.

Thanks a lot indeed, especially Remy Lebeau!

 

• update to latest Open SSL bin files https://indy.fulgan.com/SSL/?C=M;O=D
• if the software is v32, it is necessary to use openssl-1.0.2u-i386-win32.zip (even if the system is w64)
• reinstall Indy to the latest version (even though reinstalling Indy is a horror, reinstalled a total of 6 times, each time a different error, I ended up with Indy without components - installation just doesn't work)
• Current version of Indy https://github.com/IndySockets/Indy
• How to reinstall Indy https://github.com/IndySockets/Indy/wiki/Updating-Indy
• I had Indy on a different drive than "C" and that was probably a mistake, here too but different error messages every time
• I put the Open SSL bin files directly to the exe, to be sure I set the file path 

  IdOpenSSLSetLibPath(ExtractFilePath(Application.ExeName))

Edited November 19, 2022 by polasss