How to request insecure SSL with TIdHTTP?

128 Views Asked by Wolfgang Bures At 30 September 2023 at 19:40

I need to use TIdHTTP to request an HTTPS URL for an IP address on an SSL connection, so certificate validation will fail (if the peer even has a cert).

curl has the -insecure parameter and it works just fine, but I can't find anything in TIdHTTP to accomplish the same thing.

SSESocket := TIdHTTP.Create;
SSESocket.Request.Accept := 'text/event-stream';
SSESocket.Request.CacheControl := 'no-store';
SSESocket.Get('https://'+Host+'/eventstream/clip/v2', SSEventStream);

What am I missing?

Original Q&A

There are 1 best solutions below

Remy Lebeau On 30 September 2023 at 22:49 BEST ANSWER

You can explicitly assign a TIdSSLIOHandlerSocketOpenSSL component to the TIdHTTP.IOHandler property, and then you can set the IOHandler's SSLOptions.VerifyMode property to [] and its SSLOptions.VerifyDepth property to 0.

SSESocket := TIdHTTP.Create;

// add this ...
SSEIO := TIdSSLIOHandlerSocketOpenSSL.Create(SSESocket);
SSEIO.SSLOptions.SSLVersions := [sslvTLSv1,sslvTLSv1_1,sslvTLSv1_2];
SSEIO.SSLOptions.Mode := sslmClient;
SSEIO.SSLOptions.VerifyMode := [];
SSEIO.SSLOptions.VerifyDepth := 0;
SSESocket.IOHandler := SSEIO;
//

SSESocket.Request.Accept := 'text/event-stream';
SSESocket.Request.CacheControl := 'no-store';
SSESocket.Get('https://'+Host+'/eventstream/clip/v2',SSEventStream);

In your example, TIdHTTP is implicitly creating an internal TIdSSLIOHandlerSocketOpenSSL with default settings for you.

You can optionally also assign a handler to the TIdSSLIOHandlerSocketOpenSSL.OnVerifyPeer event and have it return True to accept the server's certificate, regardless of whether OpenSSL would normally reject it.

How to request insecure SSL with TIdHTTP?

There are 1 best solutions below

Related Questions in DELPHI

Related Questions in INDY10

Related Questions in IDHTTP

Trending Questions

Popular # Hahtags

Popular Questions