05-14-2018, 07:11 AM
Hello,
Finally I managed to implement a SSL server (with self-signed certificate) and a separate client.
Basically I followed these examples:
https://github.com/rlove/Indy-SSL-Examples (for Server and client application)
https://github.com/rlove/OpenSSL-WinCmd-Snippets (for a self-signed certificate)
I also assigned a verifyonpeer-event:
As you can see from this code I forced 'Result := true'
I tried for ADepth = 0 and also ADepth = 1
The AError that is returned is always = 19
1. Where can I find a list of AError-codes ?
2. Does a self-signed certificate always return this error-code or am I missing something ?
3. I also noticed that the Verify-event is triggered 3 times when ADepth = 1
Why is that so ?
4. How can I display (on the client side) some information about the server-certificate (thus giving the client a chance to accept and trust the certificate)?
Any help is greatly appreciated !
Finally I managed to implement a SSL server (with self-signed certificate) and a separate client.
Basically I followed these examples:
https://github.com/rlove/Indy-SSL-Examples (for Server and client application)
https://github.com/rlove/OpenSSL-WinCmd-Snippets (for a self-signed certificate)
I also assigned a verifyonpeer-event:
Code:
function TForm2.IdSSLIOHandlerSocketOpenSSL1VerifyPeer(Certificate: TIdX509;
AOk: Boolean; ADepth, AError: Integer): Boolean;
begin
memoResults.Lines.Add('OpenSSL1VerifyPeer: '+
'AOk='+BoolToStr(AOK,true)+' ADepth='+inttostr(ADepth)+' AError='+inttostr(AError) );
// ^ PS: I am aware that above code is not thread safe; only for test-phase
if ADepth = 0 then
begin
Result := true; //AOk;
end
else
begin
Result := True;
end;
end;
As you can see from this code I forced 'Result := true'
I tried for ADepth = 0 and also ADepth = 1
The AError that is returned is always = 19
1. Where can I find a list of AError-codes ?
2. Does a self-signed certificate always return this error-code or am I missing something ?
3. I also noticed that the Verify-event is triggered 3 times when ADepth = 1
Why is that so ?
4. How can I display (on the client side) some information about the server-certificate (thus giving the client a chance to accept and trust the certificate)?
Any help is greatly appreciated !