EldoS | Feel safer!

Software components for data protection, secure storage and transfer

https client GET

Also by EldoS: MsgConnect
Cross-platform protocol-independent communication framework for building peer-to-peer and client-server applications and middleware components.
#37071
Posted: 06/23/2016 01:39:50
by Walter Schrabmair (Priority Standard support level)
Joined: 05/03/2013
Posts: 150

HI
I tried the supplied HTTPS Client with GET and get on one PC (Server WIN 2012) an error (see attachment) . On another WIN 7 PC it works fine.
What to do? I have Delphi XE6 and the latest SSB.


#37072
Posted: 06/23/2016 01:56:09
by Walter Schrabmair (Priority Standard support level)
Joined: 05/03/2013
Posts: 150

I also tried:

Code
      begin    

      for i := SB_SUITE_FIRST to SB_SUITE_LAST do
         ElHttpsClient1.CipherSuites[i] := false;

     ElHttpsClient1.CipherSuites[SB_SUITE_RSA_3DES_SHA] := true;
     ElHttpsClient1.CipherSuites[SB_SUITE_RSA_RC4_SHA] := true;
     ElHttpsClient1.CipherSuites[SB_SUITE_RSA_AES128_SHA] := true;
     ElHttpsClient1.CipherSuites[SB_SUITE_RSA_DES_SHA] := true;
    
      Elhttpsclient1.Get('https://api.clickatell.com/http/sendmsg?user='+trim(edit2.Text)+
                        '&password='+trim(edit3.Text)+'&api_id='+trim(edit4.Text)+
                        '&to='+trim(edit1.Text)+'&text='+httpencode(stringreplace(smstext.Text,'_',' ',[rfreplaceAll])));
      end;


But no success....
What can I do?
THanks
WALTER
#37073
Posted: 06/23/2016 02:24:05
by Walter Schrabmair (Priority Standard support level)
Joined: 05/03/2013
Posts: 150

I also tried:
ElHttpsClient1.CipherSuites[SB_SUITE_ECDHE_RSA_AES128_CBC_SHA] := true;
but the CONSTANT is not know. I have added SHSSLConstants in the uses clause.

In the Help there is the Constant. WHy is it not recognized?
thanks
Walter


#37075
Posted: 06/23/2016 03:51:57
by Ken Ivanov (EldoS Corp.)

Hi Walter,

Thank you for contacting us.

As per the symptoms you described, the server closes the connection on the TLS layer shortly after its initiation. This may happen for a number of reasons, the most likely of which is SSL/TLS version incompatibility. Since June 2016 the use of SSL2 and SSL3 versions of the protocol are prohibited in most European secure environments, and including those versions in the client's requests may result in connection failures. Please try setting the component's Versions property to [sbTLS1, sbTLS11, sbTLS12] and check if it helps.

If adjusting the version set doesn't help, please handle the OnError event and check whether it is fired, and the error code passed to it if it is.

Ken
#37077
Posted: 06/23/2016 04:09:32
by Walter Schrabmair (Priority Standard support level)
Joined: 05/03/2013
Posts: 150

Hi Ken,
I got this ErrorCode. The Strange is that in an other Subnet with another Firewall it works fine. Can you help me again?
I also have set the component's Versions property to [sbTLS1, sbTLS11, sbTLS12] .

Thanks
Walter


#37078
Posted: 06/23/2016 04:18:46
by Walter Schrabmair (Priority Standard support level)
Joined: 05/03/2013
Posts: 150

I also tried:
set CertificateValidator.MandatoryCRLCheck to 'false';

I also set CHECKCRL to false and the tow other CHECK Properties to false.
Nothing helped.

walter
#37079
Posted: 06/23/2016 04:24:14
by Ken Ivanov (EldoS Corp.)

Thanks for checking that out Walter,

The problem seems to have something to do with server certificate validation. Error 75784 (ERROR_SSL_BAD_CERTIFICATE) is returned if the server certificate doesn't pass the validation routine on the client computer. This explains the difference in behaviours of the app on different computers in your network. It is likely that the problematic computer is missing one of the certificates comprising the server chain, and fails to validate the chain as a result.

The chain validation is performed by the CertificateValidator.ValidateForSSL() call in the OnCertificateValidate event handler. Please check the contents of the CertificateValidator.InternalLogger.Log.Text property after the validation completes to get a hint about what might be causing the validation failure.

Ken
#37081
Posted: 06/23/2016 04:32:13
by Walter Schrabmair (Priority Standard support level)
Joined: 05/03/2013
Posts: 150

I got this error in Validator.


#37082
Posted: 06/23/2016 04:36:02
by Walter Schrabmair (Priority Standard support level)
Joined: 05/03/2013
Posts: 150

Here the LOG.
What can I do?
Must I install a Cert in my SErver too?

I could intall the Tawthe ROOT CA Bundle in my server, now it works.
https://search.thawte.com/support/ssl-digital-certificates/index?page=content&id=INFO1374&actp=RSS&viewlocale=en_US

Thanks
Walter


#37084
Posted: 06/23/2016 04:58:06
by Ken Ivanov (EldoS Corp.)

You need the 'thawte Primary Root CA' certificate to be available somewhere on the client system to complete the validation. A typical place for it is Windows ROOT ('Trusted Root Certification Authorities') system store. I am pasting this certificate below (I've taken it from my ROOT store):

-----BEGIN CERTIFICATE-----
MIIEIDCCAwigAwIBAgIQNE7VVyDV7exJ9C/ON9srbTANBgkqhkiG9w0BAQUFADCB
qTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYGA1UECxMf
Q2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMvKGMpIDIw
MDYgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxHzAdBgNV
BAMTFnRoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EwHhcNMDYxMTE3MDAwMDAwWhcNMzYw
NzE2MjM1OTU5WjCBqTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5j
LjEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYG
A1UECxMvKGMpIDIwMDYgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNl
IG9ubHkxHzAdBgNVBAMTFnRoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EwggEiMA0GCSqG
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsoPD7gFnUnMekz52hWXMJEEUMDSxuaPFs
W0hoSVk3/AszGcJ3f8wQLZU0HObrTQmnHNK4yZc2AreJ1CRfBsDMRJSUjQJib+ta
3RGNKJpchJAQeg29dGYvajig4tVUROsdB58Hum/u6f1OCyn1PoSgAfGcq/gcfomk
6KHYcWUNo1F77rzSImANuVud37r8UVsLr5iy6S7pBOhih94ryNdOwUxkHt3Ph1i6
Sk/KaAcdHJ1KxtUvkcx8cXIcxcBn6zL9yZJclNqFwJu/U30rCfSMnZEfl2pSy94J
NqR32HuHUETVPm4pafs5SSYeCaWAe0At6+gnhcn+Yf1+5nyXHdWdAgMBAAGjQjBA
MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBR7W0XP
r87Lev0xkhpqtvNG61dIUDANBgkqhkiG9w0BAQUFAAOCAQEAeRHAS7ORtvzw6WfU
DW5FvlXok9LOAz/t2iWwHVfLHjp2oEzsUHboZHIMpKnxuIvW1oeEuzLlQRHAd9mz
YJ3rG9XRbkREqaYB7FViHXe4XI5ISXycO1cRrK1zN44veFyQaEfZYGDm/Ac9IiAX
xPcW6cTYcvnIc3zfFi8VqT79aie2oetaupgf1eNNZAqdE8hhuvU5HIe6uL17In/2
/qxAeeWsEG89jxt5dovEN7MhGITlNgDrYyCZuen+MwS7QcjBAvlEYyCegc5C09Y/
LHbTY5xZ3Y+m4Q6gLkH3LpVHz7z9M/P2C2F+fpErgUfCJzDupxBdN49cOSvkBPB7
jVaMaA==
-----END CERTIFICATE-----

You can install it to the ROOT store on the PC in problem to have the validation problem resolved.

Ken
Also by EldoS: Callback File System
Create virtual file systems and disks, expose and manage remote data as if they were files on the local disk.

Reply

Statistics

Topic viewed 1218 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!