Watch, Follow, &
Connect with Us

For forums, blogs and more please visit our
Developer Tools Community.


Welcome, Guest
Guest Settings
Help

Thread: Using TIdHTTP with usb etoken


This question is answered. Helpful answers available: 2. Correct answers available: 1.


Permlink Replies: 4 - Last Post: Feb 26, 2018 10:03 AM Last Post By: Dimitris Kounal... Threads: [ Previous | Next ]
Dimitris Kounal...

Posts: 3
Registered: 6/5/01
Using TIdHTTP with usb etoken  
Click to report abuse...   Click to reply to this thread Reply
  Posted: Feb 23, 2018 11:30 PM
Hi,
I need to connect to a web site using client certificates with a Safenet usb etoken in a windows application (IDE Tokyo 10.2).
I am using the last version of openssl downloaded from here: https://indy.fulgan.com/SSL/
The Safenet token has drivers that allow firefox, chrome, IE to work OK. It has also an sdk dll (eTpkcs11.dll) with a PKCS#11 API
I am not sure how TidHTTP (or better openssl) is going to use client certificates to connect and access this usb device.
Any ideas? Thank you in advance
Remy Lebeau (Te...


Posts: 9,447
Registered: 12/23/01
Re: Using TIdHTTP with usb etoken  
Click to report abuse...   Click to reply to this thread Reply
  Posted: Feb 26, 2018 9:08 AM   in response to: Dimitris Kounal... in response to: Dimitris Kounal...
Dimitris Kounalakis wrote:

The Safenet token has drivers that allow firefox, chrome, IE to work
OK. It has also an sdk dll (eTpkcs11.dll) with a PKCS#11 API I am not
sure how TidHTTP (or better openssl) is going to use client
certificates to connect and access this usb device.

OpenSSL has no knowledge or access to external certificate devices.
You will have to write your own code to use the device's API to obtain
the token's certificate and manually add it to OpenSSL's certificate
store at runtime using OpenSSL's APIs. That is outside the scope of
Indy.

--
Remy Lebeau (TeamB)
Dimitris Kounal...

Posts: 3
Registered: 6/5/01
Re: Using TIdHTTP with usb etoken  
Click to report abuse...   Click to reply to this thread Reply
  Posted: Feb 26, 2018 9:11 AM   in response to: Remy Lebeau (Te... in response to: Remy Lebeau (Te...
In Unix you can tell the openSSL to use external libraries .so that are new external engines.
In Indy, how can you tell OpenSSL to load external dlls?
If this can not be done, what and where should be filled up?
Thank you in advance

Remy Lebeau (TeamB) wrote:
Dimitris Kounalakis wrote:

The Safenet token has drivers that allow firefox, chrome, IE to work
OK. It has also an sdk dll (eTpkcs11.dll) with a PKCS#11 API I am not
sure how TidHTTP (or better openssl) is going to use client
certificates to connect and access this usb device.

OpenSSL has no knowledge or access to external certificate devices.
You will have to write your own code to use the device's API to obtain
the token's certificate and manually add it to OpenSSL's certificate
store at runtime using OpenSSL's APIs. That is outside the scope of
Indy.

--
Remy Lebeau (TeamB)

Edited by: Dimitris Kounalakis on Feb 26, 2018 9:12 AM

Edited by: Dimitris Kounalakis on Feb 26, 2018 9:13 AM
Remy Lebeau (Te...


Posts: 9,447
Registered: 12/23/01
Re: Using TIdHTTP with usb etoken [Edit]  
Click to report abuse...   Click to reply to this thread Reply
  Posted: Feb 26, 2018 9:53 AM   in response to: Dimitris Kounal... in response to: Dimitris Kounal...
Dimitris Kounalakis wrote:

In Unix you can tell the openSSL to use external libraries .so that
are new external engines. In Indy, how can you tell OpenSSL to load
external dlls?

You can't. Indy does not expose that functionality (it doesn't even
import OpenSSL's ENGINE functions at all).

You should ask in the OpenSSL community how to add external engines to
OpenSSL. Again, this is outside the scope of Indy or even Delphi.

Based on a quick online search, it looks like you need to call
OpenSSL's ENGINE_by_id() or ENGINE_load_dynamic() function to load the
"dynamic" engine, and then use the ENGINE_ctrl_cmd_string() function to
send commands to the "dynamic" engine to have it load the external DLL
and add it to OpenSSL's list of available engines.

--
Remy Lebeau (TeamB)
Dimitris Kounal...

Posts: 3
Registered: 6/5/01
Re: Using TIdHTTP with usb etoken [Edit]  
Click to report abuse...   Click to reply to this thread Reply
  Posted: Feb 26, 2018 10:03 AM   in response to: Remy Lebeau (Te... in response to: Remy Lebeau (Te...
Thank you, I will check it

Remy Lebeau (TeamB) wrote:
Dimitris Kounalakis wrote:

In Unix you can tell the openSSL to use external libraries .so that
are new external engines. In Indy, how can you tell OpenSSL to load
external dlls?

You can't. Indy does not expose that functionality (it doesn't even
import OpenSSL's ENGINE functions at all).

You should ask in the OpenSSL community how to add external engines to
OpenSSL. Again, this is outside the scope of Indy or even Delphi.

Based on a quick online search, it looks like you need to call
OpenSSL's ENGINE_by_id() or ENGINE_load_dynamic() function to load the
"dynamic" engine, and then use the ENGINE_ctrl_cmd_string() function to
send commands to the "dynamic" engine to have it load the external DLL
and add it to OpenSSL's list of available engines.

--
Remy Lebeau (TeamB)
Legend
Helpful Answer (5 pts)
Correct Answer (10 pts)

Server Response from: ETNAJIVE02