Can someone share a sample code that works with TIdTCPServer with SSL TLS?
Why is it so complicated or difficult? Probably I don't understand. There is a lot of different information on the internet. But I haven't seen any information that is completely correct. It could be an example reference code.
Below is the code I wrote (which I don't understand). Please someone explain to me what is missing, wrong or excessive.
1-How do I create Self-Signed SSL with OpenSSL?
2-How do I install these certificates on the server side?
3-Can I connect with the same (with Server) SSL settings for the client?
Also, after I test these codes in windows environment, I will run them under Linux.
I also use the following commands to generate Self-Signed certificate for OpenSSL. Are these true?
Which files created here mean Certificate for me. A lot of files are created.
Why is it so complicated or difficult? Probably I don't understand. There is a lot of different information on the internet. But I haven't seen any information that is completely correct. It could be an example reference code.
Below is the code I wrote (which I don't understand). Please someone explain to me what is missing, wrong or excessive.
1-How do I create Self-Signed SSL with OpenSSL?
2-How do I install these certificates on the server side?
3-Can I connect with the same (with Server) SSL settings for the client?
Also, after I test these codes in windows environment, I will run them under Linux.
Code:
procedure TServer.InitTCPConnection;
begin
IdTCPServer := TIdTCPServer.Create;
if FConfig.UseSSL then
begin
IdServerIOHandlerSSLOpenSSL := TIdServerIOHandlerSSLOpenSSL.Create;
IdServerIOHandlerSSLOpenSSL.OnGetPassword := SSLIOHandlerSocketOpenSSLGetPassword;
IdServerIOHandlerSSLOpenSSL.SSLOptions.CertFile := 'whichfile_pem_key_crt';
IdServerIOHandlerSSLOpenSSL.SSLOptions.KeyFile := 'whichfile_pem_key_crt';
IdServerIOHandlerSSLOpenSSL.SSLOptions.RootCertFile := 'whichfile_pem_key_crt';
IdServerIOHandlerSSLOpenSSL.SSLOptions.Mode := sslmUnassigned;
IdServerIOHandlerSSLOpenSSL.SSLOptions.VerifyMode := [];
IdServerIOHandlerSSLOpenSSL.SSLOptions.VerifyDepth := 0;
IdServerIOHandlerSSLOpenSSL.sslOptions.SSLVersions := [sslvTLSv1, sslvTLSv1_1, sslvTLSv1_2];
end;
IdTCPServer.Active := False;
IdTCPServer.MaxConnections := FConfig.MaxConnection;
IdTCPServer.ListenQueue := 1500;
IdTCPServer.TerminateWaitTime := 120000;
IdTCPServer.UseNagle := False;
IdTCPServer.ReuseSocket := rsFalse;
if FConfig.UseSSL then
IdTCPServer.IOHandler := IdServerIOHandlerSSLOpenSSL;
IdTCPServer.OnConnect := IdTCPServerConnect;
IdTCPServer.OnDisconnect := IdTCPServerDisconnect;
IdTCPServer.OnExecute := IdTCPServerExecute;
IdTCPServer.Bindings.Clear;
IdTCPServer.Bindings.Add.Port := FConfig.CloudPort;
IdTCPServer.Bindings.DefaultPort := FConfig.CloudPort;
end;
procedure TServer.IdTCPServerConnect(AContext: TIdContext);
begin
Writeln('Wellcome :) ' + AContext.Binding.PeerIP + ' ' + AContext.Binding.PeerPort.ToString);
if (FConfig.UseSSL) and (AContext.Connection.IOHandler is TIdSSLIOHandlerSocketBase) then
TIdSSLIOHandlerSocketBase(AContext.Connection.IOHandler).PassThrough := False;
end;
procedure TServer.IdTCPServerDisconnect(AContext: TIdContext);
begin
if not Assigned(AContext) or (AContext = nil) then
Exit;
Writeln('Disconnect: ' + AContext.Binding.PeerIP + ':' + AContext.Binding.PeerPort.ToString + ' Good Bye');
end;
procedure TServer.IdTCPServerExecute(AContext: TIdContext);
var
RCIdByte: TIdBytes;
begin
AContext.Connection.IOHandler.DefStringEncoding := IndyTextEncoding_UTF8;
AContext.Connection.IOHandler.ReadBytes(RCIdByte, -1);
FLockList := IdTCPServer.Contexts.LockList;
try
//Some process
finally
IdTCPServer.Contexts.UnlockList;
end;
end;
procedure TServer.SSLIOHandlerSocketOpenSSLGetPassword(var Password: string);
begin
Password := 'qwerty';
end;
I also use the following commands to generate Self-Signed certificate for OpenSSL. Are these true?
Which files created here mean Certificate for me. A lot of files are created.
Code:
@echo off
rem Certificate Authority (CA)
openssl genrsa -passout pass:qwerty -out ca-secret.key 1024
openssl rsa -passin pass:qwerty -in ca-secret.key -out ca.key
openssl req -new -x509 -days 3650 -subj "/C=TR/ST=Turkey/L=Istanbul/O=Example root CA/OU=Example CA unit/CN=example.com" -key ca.key -out ca.crt
openssl pkcs12 -export -passout pass:qwerty -inkey ca.key -in ca.crt -out ca.pfx
openssl pkcs12 -passin pass:qwerty -passout pass:qwerty -in ca.pfx -out ca.pem
rem SSL Server certificate
openssl genrsa -passout pass:qwerty -out server-secret.key 1024
openssl rsa -passin pass:qwerty -in server-secret.key -out server.key
openssl req -new -subj "/C=TR/ST=Turkey/L=Istanbul/O=Example server/OU=Example server unit/CN=server.example.com" -key server.key -out server.csr
openssl x509 -req -days 3650 -in server.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out server.crt
openssl pkcs12 -export -passout pass:qwerty -inkey server.key -in server.crt -out server.pfx
openssl pkcs12 -passin pass:qwerty -passout pass:qwerty -in server.pfx -out server.pem
rem SSL Client certificate
openssl genrsa -passout pass:qwerty -out client-secret.key 1024
openssl rsa -passin pass:qwerty -in client-secret.key -out client.key
openssl req -new -subj "/C=TR/ST=Turkey/L=Istanbul/O=Example client/OU=Example client unit/CN=client.example.com" -key client.key -out client.csr
openssl x509 -req -days 3650 -in client.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out client.crt
openssl pkcs12 -export -passout pass:qwerty -inkey client.key -in client.crt -out client.pfx
openssl pkcs12 -passin pass:qwerty -passout pass:qwerty -in client.pfx -out client.pem
rem Diffie–Hellman (D-H) key exchange
openssl dhparam -out dh1024.pem 1024