Digest Authentication in THttpCli

[Vitao 0]

After 2 days try using idHttp with Digest Authentication, with no success, changed to ICS.

 

Installed ICS (v865) from Getit Package Manager (Delphi Rio). In 20 minutes all worked fine. Congratulations to Mr Francois and all involved in development.

 

In Overbyte.eu I find ICS v870. Uninstall ICS 865 and install ICS v870 and... no good news!

 

When HttpCli1.Get is executed, an exception occurs:
Preject camera.exe raised exception class $C0000005 with message access violation au 0x00000000: read of address 0x00000000

 

My source code is exactly the same as used with version 865.

 

Considering that it only took me 20 minutes to run the project using the ICS 865, I decided to spend some more time looking for more information.

I uninstalled v870 and installed v867. Digest Authentication works fine.
I repeated the process with version 868. It also worked fine!
I repeated the process again, now with version 869 and the exception occurred.

 

Analyzing the source code of OverbyteIcsDigestAuth, I noticed that in version 869 it was rewritten, including Digest SHA256 and SSL.

I commented out $DEFINE USE_SSL in OverbyteIcsDefs.inc and recompiled everything.
Running the project, it worked fine.

 

Therefore, it concludes that if USE_SSL is defined, an error occurs when calling the HTTPCLI.GET method (with Digest Authentication)

 

This application uses GET calls to cameras on the internal network that are performed without SSL (http://192.168.2.10/cgi-bin/snapshop.cgi?channel=1).

 

Of course, the easiest solution would be to remove the define USE_SSL, but the same application in question uses https in other functionalities.

[FPiette 367]

8 hours ago, Vitao said:

Preject camera.exe raised exception class $C0000005 with message access violation au 0x00000000: read of address 0x00000000

That is not enough to find the error. You have to run the application under the debugger (Use debug build) and provide the source code around where the exception is triggered.

If the exception is triggered when USE_SSL is defined, make sure you have the correct OpenSSL libraries deployed with your application. See https://wiki.overbyte.eu/wiki/index.php/ICS_Download#Download_OpenSSL_Binaries_.28required_for_SSL-enabled_components.29

 

[Angus Robertson 526]

Because ICS does not have a native SHA-256 implementation, it now uses OpenSSL for digest operation. 

 

But there is no check in those digest functions to ensure OpenSSL is loaded, I'll add a new specific exception for that. 

 

To fix the problem, you just need to call LoadSsl or IcsLoadSsl before using the component and make sure the DLLs are available.

 

Angus

 

[Vitao 0]

Really the problem was the load of DLLs related to SSL.

After this adjustment, everything works perfectly.

Thanks to all for your help.

Vitao

[aehimself 388]

On 6/25/2023 at 10:43 AM, Angus Robertson said:

Because ICS does not have a native SHA-256 implementation, it now uses OpenSSL for digest operation.

In later Delphi versions there's a build in record for this, System.Hash.THashSHA2. If available, you also can use this so it doesn't depend on a DLL.

Maybe v10+, I'm not sure though.

[Angus Robertson 526]

Sure some versions of Delphi have SHA-256, but the current version of ICS has to work back to Delphi 7, so rarely do we use new language features.

 

I've fixed the original problem with OpenSSL not being loaded, it was for some hash functions, but not all. 

 

Angus

 

[valmirsg 0]

Hi guys, I'm not an exceptional programmer, I love Delphi and I really like the ICS components, congratulations on the work, following the line of reasoning in this topic,
 I'm having a lot of difficulty implementing DIGEST authentication in a communication I'm making with Hikvision equipment that requires this authentication, 
would there be an example for me to use as a basis, as not even chatgpt was able to provide something functional.