Watch, Follow, &
Connect with Us

For forums, blogs and more please visit our
Developer Tools Community.


Welcome, Guest
Guest Settings
Help

Thread: Indy - POST to HTTPS - certificate selection window does not open


This question is not answered. Helpful answers available: 2. Correct answers available: 1.


Permlink Replies: 7 - Last Post: Dec 19, 2016 10:35 AM Last Post By: Remy Lebeau (Te...
Primoz Butinar

Posts: 4
Registered: 12/18/00
Indy - POST to HTTPS - certificate selection window does not open  
Click to report abuse...   Click to reply to this thread Reply
  Posted: Dec 13, 2016 4:46 AM
Hi!

I have a problem when trying to send a XML file to HTTPS address. I am using Indy components (10.6.2.0) and OpenSSL library (1.0.2h) and XE6.

Situation is as follows :
- on my computer (developer's machine) right after calling IDHTTP1.POST(...) command a windows opens where all proper certificates are listed and I can choose one. This is working like it should.
- if I run the same app on other computer, this certificate selection window doesn't appear (the same certificates are installed on this computer also). There is no error, only this window is not shown (simply skipped). Because I can not choose a certificate, the authentication of course fails and the XML file is not sent...

I have OpenSSL libraries (ssleay32.dll + libeay32.dll - both 64bit ) in the same folder where the app is. On my machine there are Windows 8 64bit installed, and on the other machine there are Windows 7 64bit. I don't have any other Windows 8 machine around to double check what would be going on there, but I replaced 64bit libraries with 32bit and ran app on Win 7 32bit machine - the same problem...

I also noticed, that when I have 32bit libraries installed and I ran app from 64bit Windows this certificate selection windows is skipped also. If the situation is opposite (64bit libraries and app runs on 32bit Windows, there is a notification about an error loading the library).

If anybody has any idea what to do - really welcome! :)

Primoz.
Remy Lebeau (Te...


Posts: 9,447
Registered: 12/23/01
Re: Indy - POST to HTTPS - certificate selection window does not open  
Click to report abuse...   Click to reply to this thread Reply
  Posted: Dec 13, 2016 3:38 PM   in response to: Primoz Butinar in response to: Primoz Butinar
Primoz wrote:

- on my computer (developer's machine) right after calling
IDHTTP1.POST(...) command a windows opens where all
proper certificates are listed and I can choose one. This
is working like it should.

That behavior is controlled outside of Indy or OpenSSL. Neither one of them
displays such a dialog (they are non-visual libraries). Maybe Windows itself,
or maybe a firewall, is displaying the window.

--
Remy Lebeau (TeamB)
Primoz Butinar

Posts: 4
Registered: 12/18/00
Re: Indy - POST to HTTPS - certificate selection window does not open  
Click to report abuse...   Click to reply to this thread Reply
  Posted: Dec 14, 2016 2:31 AM   in response to: Remy Lebeau (Te... in response to: Remy Lebeau (Te...
Well, I thought that the problem lies somewhere else, but it is strange, that when I write the HTTPS://.... addres directly into the web browser installed (either IE or Chrome), this certificate selection window shows up, but when I do this via idHTTP1.Post(....) command, the window is not shown.

Primoz.
Remy Lebeau (Te...


Posts: 9,447
Registered: 12/23/01
Re: Indy - POST to HTTPS - certificate selection window does not open  
Click to report abuse...   Click to reply to this thread Reply
  Posted: Dec 14, 2016 10:56 AM   in response to: Primoz Butinar in response to: Primoz Butinar
Primoz wrote:

Well, I thought that the problem lies somewhere else, but it is
strange, that when I write the HTTPS://.... addres directly into
the web browser installed (either IE or Chrome), this certificate
selection window shows up

The browser is the one handling that when it detects the user requesting
an HTTPS url. That is browser-specific behavior.

but when I do this via idHTTP1.Post(....) command, the window
is not shown.

It is not supposed to be, as Indy is a non-visual library and does not do
anything to invoke such a window. If you want your app to display a window,
you have to display it yourself in your code and then configure TIdHTTP accordingly
before calling Post().

--
Remy Lebeau (TeamB)
Primoz Butinar

Posts: 4
Registered: 12/18/00
Re: Indy - POST to HTTPS - certificate selection window does not open  
Click to report abuse...   Click to reply to this thread Reply
  Posted: Dec 15, 2016 11:40 PM   in response to: Remy Lebeau (Te... in response to: Remy Lebeau (Te...
Remy Lebeau (TeamB) wrote:
Primoz wrote:

Well, I thought that the problem lies somewhere else, but it is
strange, that when I write the HTTPS://.... addres directly into
the web browser installed (either IE or Chrome), this certificate
selection window shows up

The browser is the one handling that when it detects the user requesting
an HTTPS url. That is browser-specific behavior.

Ok.

but when I do this via idHTTP1.Post(....) command, the window
is not shown.

It is not supposed to be, as Indy is a non-visual library and does not do
anything to invoke such a window. If you want your app to display a window,
you have to display it yourself in your code and then configure TIdHTTP accordingly
before calling Post().

I understand what you mean but then I come to an important question - why does the same code opens this certificate selection windows on one machine, but not on the other ? In both cases only Post() is called. What is causing then that this window is opened on one machine, eventhough I am not opening it via code ?

The only logical answer could be that there is some error / miscommunication between "local machine 2" and the server (but no error between the "local machine 1" and the server). How can I trace what is one sending and the other receiving (well, I can not do anything on the server part...) ?

I've tried and compared two logs (from LocalMachine1 and 2) and there is only one line missing (all the others are the same!) from the computer where the certificate can not be selected :

---

SSL status: "before/connect initialization"
SSL status: "before/connect initialization"
SSL status: "SSLv2/v3 write client hello A"
SSL status: "SSLv3 read server hello A"
SSL status: "SSLv3 read server certificate A"
SSL status: "SSLv3 read server certificate request A"
SSL status: "SSLv3 read server done A"
SSL status: "SSLv3 write client certificate A"
SSL status: "SSLv3 write client key exchange A"

THIS LINE IS MISSING FROM THE LOG ON THE MACHINE WITH THE PROBLEM: SSL status: "SSLv3 write certificate verify A"

SSL status: "SSLv3 write change cipher spec A"
SSL status: "SSLv3 write finished A"
SSL status: "SSLv3 flush data"
SSL status: "SSLv3 read finished A"
SSL status: "SSL negotiation finished successfully"
SSL status: "SSL negotiation finished successfully"

Cipher: name = AES256-SHA; description = AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1
; bits = 256; version = TLSv1/SSLv3;

SSL status: "SSL negotiation finished successfully"

---

I would kindly ask for any suggestion in which direction to go...

Kind regards,
Primoz.

Edited by: Primoz Butinar on Dec 15, 2016 11:40 PM
Remy Lebeau (Te...


Posts: 9,447
Registered: 12/23/01
Re: Indy - POST to HTTPS - certificate selection window does not open[Edit]  
Click to report abuse...   Click to reply to this thread Reply
  Posted: Dec 17, 2016 1:16 PM   in response to: Primoz Butinar in response to: Primoz Butinar
Primoz wrote:

why does the same code opens this certificate selection windows
on one machine, but not on the other ?

On Windows, Indy uses WinSock directly, with OpenSSL on top of it for SSL/TLS.
Neither WinSock nor OpenSSL behave the way you claim. Something else is
going on. Maybe there is a firewall present and it is the one displaying
the window?

The only logical answer could be that there is some error /
miscommunication between "local machine 2" and the server (but
no error between the "local machine 1" and the server). How can
I trace what is one sending and the other receiving (well, I can
not do anything on the server part...) ?

Use a packet sniffer, like Wireshark.

--
Remy Lebeau (TeamB)
Primoz Butinar

Posts: 4
Registered: 12/18/00
Re: Indy - POST to HTTPS - certificate selection window does not open[Edit]  
Click to report abuse...   Click to reply to this thread Reply
  Posted: Dec 19, 2016 5:30 AM   in response to: Remy Lebeau (Te... in response to: Remy Lebeau (Te...
Remy Lebeau (TeamB) wrote:
Primoz wrote:

why does the same code opens this certificate selection windows
on one machine, but not on the other ?

On Windows, Indy uses WinSock directly, with OpenSSL on top of it for SSL/TLS.
Neither WinSock nor OpenSSL behave the way you claim. Something else is
going on. Maybe there is a firewall present and it is the one displaying
the window?

Both machines are in the same network in our company. All computers share same limitations regarding communication through company's firewall, so this can not be the reason.

The thing is that I only call idHTTP.POST with the HTTPS address stated there and with XML packet - on both computers these are the same settings.

Maybe some other library are needed by Indy or OpenSSL dll's is sought for, because I can not understand why the same code causes problems on one computer, but not on the other - this points me to the direction that the system running is different in one small but obviously important part.

The only logical answer could be that there is some error /
miscommunication between "local machine 2" and the server (but
no error between the "local machine 1" and the server). How can
I trace what is one sending and the other receiving (well, I can
not do anything on the server part...) ?

Use a packet sniffer, like Wireshark.

I'll try to figure something out of it - never used it yet :)


--
Remy Lebeau (TeamB)
Remy Lebeau (Te...


Posts: 9,447
Registered: 12/23/01
Re: Indy - POST to HTTPS - certificate selection window does notopen[Edit]  
Click to report abuse...   Click to reply to this thread Reply
  Posted: Dec 19, 2016 10:35 AM   in response to: Primoz Butinar in response to: Primoz Butinar
Primoz wrote:

Maybe some other library are needed by Indy or OpenSSL dll's is sought
for

Probably not, unless you are using OpenSSL DLLs that have been compiled with
external dependancies, like the VC++ runtime. But that still should not
cause the certificate window to appear, especially if both machines are using
the same DLLs. So again, there is likely to be something else in play, and
you are not likely to figure it out by simply looking at the compiled files.
You may have to debug into the actual code and find the specific instruction
that is triggering the window to appear.

--
Remy Lebeau (TeamB)
Legend
Helpful Answer (5 pts)
Correct Answer (10 pts)

Server Response from: ETNAJIVE02