支持 SSL 的简单 TIdHttpServer 示例
希望有人能给我提供一个支持 SSL 的简单 TIdHttpServer 示例。使用Delphi2007和Indy10。我有以下内容来创建/设置服务器和 ioHandler:
ServerIOHandler := TIdServerIOHandlerSSLOpenSSL.Create(self);
ServerIOHandler.SSLOptions.CertFile := 'mycert.pem';
ServerIOHandler.SSLOptions.KeyFile := 'mycert.pem';
ServerIOHandler.SSLOptions.RootCertFile := 'mycert.pem';
ServerIOHandler.SSLOptions.Method := sslvSSLv23;
ServerIOHandler.SSLOptions.Mode := sslmServer;
ServerIOHandler.SSLOptions.VerifyDepth := 1;
ServerIOHandler.SSLOptions.VerifyMode := [sslvrfPeer,sslvrfFailIfNoPeerCert,sslvrfClientOnce];
IdHTTPServer1 := TIdHTTPServer.Create;
IdHTTPServer1.AutoStartSession := True;
IdHTTPServer1.SessionState := True;
IdHTTPServer1.OnCommandGet := IdHTTPServer1CommandGet;
idHttpServer1.ParseParams := True;
idHttpServer1.DefaultPort := 80;
idHttpServer1.IOHandler := ServerIOHandler;
IdHTTPServer1.Active := True;
mycert.pem 是使用 openssl 使用此命令创建的:
openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout mycert.pem -out mycert.pem
立即我认为有问题,因为我对 使用相同的文件证书文件、密钥文件、根证书文件。
我在提示中输入了空白,但通用名称除外。我确定设置为我正在使用的域名(假设它是 myexample.com)。
在浏览器中,如果我点击 http://myexample.com 会导致异常:接受 SSL 连接时出错。点击 https://myexample.com 永远不会进入我的代码。
1 月 30 日注意 - 我使用 sslbuddy 生成密钥。但这仍然不起作用。然后我注释掉了以下几行并且它起作用了:
ServerIOHandler.SSLOptions.VerifyDepth := 1;
ServerIOHandler.SSLOptions.VerifyMode := [sslvrfPeer,sslvrfFailIfNoPeerCert,sslvrfClientOnce];
Hoping someone can provide me a simple TIdHttpServer example which supports SSL. Using Delphi2007 and Indy10. I have the following to create/setup the server and ioHandler:
ServerIOHandler := TIdServerIOHandlerSSLOpenSSL.Create(self);
ServerIOHandler.SSLOptions.CertFile := 'mycert.pem';
ServerIOHandler.SSLOptions.KeyFile := 'mycert.pem';
ServerIOHandler.SSLOptions.RootCertFile := 'mycert.pem';
ServerIOHandler.SSLOptions.Method := sslvSSLv23;
ServerIOHandler.SSLOptions.Mode := sslmServer;
ServerIOHandler.SSLOptions.VerifyDepth := 1;
ServerIOHandler.SSLOptions.VerifyMode := [sslvrfPeer,sslvrfFailIfNoPeerCert,sslvrfClientOnce];
IdHTTPServer1 := TIdHTTPServer.Create;
IdHTTPServer1.AutoStartSession := True;
IdHTTPServer1.SessionState := True;
IdHTTPServer1.OnCommandGet := IdHTTPServer1CommandGet;
idHttpServer1.ParseParams := True;
idHttpServer1.DefaultPort := 80;
idHttpServer1.IOHandler := ServerIOHandler;
IdHTTPServer1.Active := True;
mycert.pem was created using openssl with this command:
openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout mycert.pem -out mycert.pem
Right away I think there is something wrong because I am using the same file for CertFile, KeyFile, RootCertFile.
I entered blanks for prompts with the exception being the common name. That I was sure to set to the domain name I am using (let's say hypothetically it is myexample.com).
In a browser if I hit http://myexample.com results in exception: Error accepting connection with SSL. Hitting https://myexample.com never makes it to my code.
January 30 NOTE - I used sslbuddy to generate the keys. And this still did not work. I then commented out the following lines and it worked:
ServerIOHandler.SSLOptions.VerifyDepth := 1;
ServerIOHandler.SSLOptions.VerifyMode := [sslvrfPeer,sslvrfFailIfNoPeerCert,sslvrfClientOnce];
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
如果你想监听 443,你需要绑定到它...(如果你想要正常的 HTTP 流量也绑定到 80)
如果监听多个 HTTP 和 HTTPS 端口,在处理连接时你需要允许用于正常或加密流量,具体取决于端口号。您需要使用一个 OnQuerySSLPort 事件来禁用端口 80 上的 SSL。
关于证书...这取决于您使用的是自己的 CA 还是使用完善的公共 CA。请注意,您还应该设置 OnGetPassword 事件 (ServerIOHandler),以便告诉服务器您的密钥密码。
If you want to listen on 443, you need to bind to it... (If you want normal HTTP traffic as well bind also to 80)
If listening to more than one port for HTTP and HTTPS, when processing connections you need to allow for either normal or encrypted traffic depending on the port number. There's an OnQuerySSLPort event that you need to use to disable SSL on port 80.
About certificates... it depends if you are using your own CA or using a well established public CA. Just be aware you should also be setting the OnGetPassword event (ServerIOHandler) in order to tell the server your key password.