EldoS | Feel safer!

Software components for data protection, secure storage and transfer

SSLBlackbox, SOAP, and Indy

Also by EldoS: CallbackDisk
Create virtual disks backed by memory or custom location, expose disk images as disks and more.
Posted: 06/25/2008 19:18:49
by Kevin Donn (Standard support level)
Joined: 08/16/2007
Posts: 20

This question is mainly to see whether you know of anyone being successful with the combination I'm considering. I've gotten SSLBlackbox to work nicely with an Indy10 TIdCustomHTTPServer, no problem, just like I was told. Now, this server will need to support both https requests from standard web browsers as well as SOAP clients. One solution would be to have it listen on two different ports, one listening for https requests coming in from the browsers, and the other listening for http requests coming in from the SOAP clients. But I would rather that I only listen to a single port. This would require that my SOAP clients be able to talk to an https server.

Now, I'm currently using THTTPRIO for my SOAP clients. To make them capable of using HTTPS I'll need to do two things: 1) make THTTPRIO use Indy10 for transport, and 2) make Indy10 use SSLBlackbox for the IOHandler.

I see that D2007's SOAPHTTPTrans unit supports compilation with the define USE_INDY, but this is only defined for LINUX. So question #1 is: Can SOAPHTTPTrans be compiled with USE_INDY in Windows? I realize this isn't directly a question Eldos can answer, but I'm more interested in whether you know that someone has been successful doing this.

Next, assuming the last answer is yes, can SSLBlackbox be substituted as the IOHandler? I think the answer here will definitely be yes.

Another alternative would be if Delphi's old WinSock/WinInet suite can be made to use SSLBlackbox. Then I could use THTTPRIO as it is. Is this possible?

Kevin Donn
Posted: 06/26/2008 01:52:40
by Stephane Grobety (Priority Standard support level)
Joined: 04/18/2006
Posts: 170


No, you don't need to do this. Unless you're using linux, THTTPRio uses the wininet component for transport by default and this one supports HTTPS on it's own: just point it to a https:// URL and you'll have a secure channel.

However, it won't give you all the possibilities of using SBB+Indy. For instance, you won't be able to use X509 client authentication or implement your own certificate validation scheme. If you need to do that, then you need to define the USE_INDY global yourself, add the SOAPHTTPTrans.pas file to your project (to be sure it's compiled) and do a full build.

After this, you'll need to change the SOAPHTTPTrans.pas file. In my version (D6), I had to change the "PostData" sub-function of the THTTPReqResp.Execute methode to call an even handler of my own that would setup the the IOHandler property of the TIdHTTP component used to process the request.

It's a bit tricky because the way SSL in dsigned is geared toward handling events and you don't have much of a container to put them in, but with the help of a helper class providing these event handlers (and state management), the reste is pretty simple.
Posted: 06/29/2008 12:08:55
by Kevin Donn (Standard support level)
Joined: 08/16/2007
Posts: 20

Thanks, Stephane, for you answer. It never crossed my mind that THTTPRIO supported https.

Kevin Donn
Posted: 08/15/2008 09:32:45
by John Faubion (Basic support level)
Joined: 08/15/2008
Posts: 1


I've got to do an SSL SOAP call and use an X509 cert also.

Did you have any success with this?

Jay Faubion (jfaubion@hhgregg.com)



Topic viewed 2753 times



Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!