Watch, Follow, &
Connect with Us

For forums, blogs and more please visit our
Developer Tools Community.


Welcome, Guest
Guest Settings
Help

Thread: Steps to set up TIdSSLIOHandlerSocketOpenSSL with clients


This question is answered. Helpful answers available: 2. Correct answers available: 1.


Permlink Replies: 2 - Last Post: May 1, 2016 12:25 PM Last Post By: David Marcus
David Marcus

Posts: 18
Registered: 8/16/98
Steps to set up TIdSSLIOHandlerSocketOpenSSL with clients  
Click to report abuse...   Click to reply to this thread Reply
  Posted: May 1, 2016 12:02 PM
What is necessary to use TIdSSLIOHandlerSocketOpenSSL with TIdPop3 and TIdSMTP in a client app? Is the following sufficient or do I need to do something more? If so, what? Do I need to set RootCertFile?
function TForm1.VerifyPeer(Certificate: TIdX509; AOk: Boolean; ADepth, AError: Integer): Boolean;
begin
   Result := AOk;
end;

Following in TIdPop3 or TIdSMTP Create method:
IOHandler := TIdSSLIOHandlerSocketOpenSSL.Create( self );
UseTLS := utUseExplicitTLS;
IOHandler.OnVerifyPeer := VerifyPeer;

I'm using Delphi 10 Seattle (will upgrade to 10.1 Berlin soon).
Remy Lebeau (Te...


Posts: 9,447
Registered: 12/23/01
Re: Steps to set up TIdSSLIOHandlerSocketOpenSSL with clients  
Click to report abuse...   Click to reply to this thread Reply
  Posted: May 1, 2016 12:16 PM   in response to: David Marcus in response to: David Marcus
David wrote:

What is necessary to use TIdSSLIOHandlerSocketOpenSSL with TIdPop3 and
TIdSMTP in a client app?

You are already doing it (though the VerifyPeer is not necessarily).

Is the following sufficient or do I need to do something more?

Did you try it yet before asking? That would have been a lot faster. And
there are tons of examples available online if you search around.

Do I need to set RootCertFile?

No.

--
Remy Lebeau (TeamB)
David Marcus

Posts: 18
Registered: 8/16/98
Re: Steps to set up TIdSSLIOHandlerSocketOpenSSL with clients  
Click to report abuse...   Click to reply to this thread Reply
  Posted: May 1, 2016 12:25 PM   in response to: Remy Lebeau (Te... in response to: Remy Lebeau (Te...
Remy Lebeau (TeamB) wrote:
Did you try it yet before asking?

The way I've had my code for years is to not set OnVerifyPeer. But then I saw somewhere that you need to set OnVerifyPeer. So, I read the comments in the code in IdSSLOpenSSL.pas where it says "Note that you really should always implement OnVerifyPeer, otherwise the certificate of the peer you are connecting to is NOT checked to ensure it is valid." And I found

http://stackoverflow.com/questions/13577706/delphi-indy-verify-server-certificate-ssl

And, I looked in the Help (which doesn't say much) and in IndyInDepth10.pdf (which is from 2006, so may be out of date). After all that, I wasn't sure what is really needed. So I posted here.
Legend
Helpful Answer (5 pts)
Correct Answer (10 pts)

Server Response from: ETNAJIVE02