Problem using IdTCPClient and IdTCPServer with ssl and certificates

Giganews Newsgroups
Subject: Problem using IdTCPClient and IdTCPServer with ssl and certificates
Posted by:  Chus GZ (nojegazaspam@nogmailspam.com)
Date: Wed, 3 Oct 2012

Hello, i'm trying to create a connection of one Client to one Server
using certificates, and also using client certificate.

I can connect without problem without using ssl, but if i set ssl to
true, i get this info in the log, when i execute FClient.Connect:

Client: SSL status: "before/connect initialization"
Client: SSL status: "before/connect initialization"
Client: SSL status: "SSLv3 write client hello A"
Client: SSL status: "SSLv3 read server hello A"
Socket Error # 10060
Connection timed out.

I have googled but I have not found examples of using ssl with
TCPServer-TCPClient connected using ssl.

Thanks for your help.

I have setup the server with:

FTCPServer := TIdTCPServer.Create( nil );
try
  FTCPServer.DefaultPort  := 23000;
  FTCPServer.OnConnect    := ServerConnect;
  FTCPServer.OnExecute    := ServerExecute;
  FTCPServer.OnDisConnect  := ServerDisconnect;
  FTCPServer.MaxConnections:= 0;

  if( SSL )then begin
      FIdSSLIOHandler := TIdServerIOHandlerSSLOpenSSL.Create( nil );
      FIdSSLIOHandler.OnGetPassword := SSLGetPassword;
      FIdSSLIOHandler.SSLOptions.CertFile := SSLArchivoCertificado;
      FIdSSLIOHandler.SSLOptions.RootCertFile:=SSLArchivoCertificadoCA;
      FIdSSLIOHandler.SSLOptions.KeyFile := SSLArchivoClavePrivada;
      FIdSSLIOHandler.SSLOptions.SSLVersions  := [sslvSSLv23,sslvTLSv1];

      // This is initially set to false
      if( RequierirCertificadoCliente )then
        FIdSSLIOHandler.SSLOptions.VerifyMode:= [sslvrfPeer,
sslvrfFailIfNoPeerCert, sslvrfClientOnce];
      FIdSSLIOHandler.OnVerifyPeer            := SSLVerifyPeer;
      FIdSSLIOHandler.OnStatusInfo            := SSLCallBack;
      FTCPServer.IOHandler                    := FIdSSLIOHandler;
  end;

  FTCPServer.Active        := True;
  CambiaEstado(ecNoConectado);
  FServerEstado        := esIniciado;
  FActivo              := True;
except
  on e: Exception do begin
      CambiaEstado(ecParado);
      FreeAndnil(FTCPServer);
      raise;
  end;
end;

I have setup the client with

FClient                := TIdTCPClient.Create( nil );
FClient.Host          := '127.0.0.1';
FClient.Port          := 23000;
FClient.ConnectTimeout := 10000;

if( SSL )then begin
  FIdSSLIOHandler := TIdSSLIOHandlerSocketOpenSSL.Create( nil );
  FIdSSLIOHandler.Port                    := 23000;
  FIdSSLIOHandler.Host                    := '127.0.0.1';
  FIdSSLIOHandler.OnGetPassword          := SSLGetPassword;
  FIdSSLIOHandler.SSLOptions.SSLVersions  := [sslvTLSv1];
  FIdSSLIOHandler.SSLOptions.Mode        := sslmUnassigned;
  FIdSSLIOHandler.SSLOptions.VerifyMode  := [];
  FIdSSLIOHandler.SSLOptions.VerifyDepth  := 0;
  FClient.ConnectTimeout                  := 0;

  // This is false in the test
  if( ( SSLArchivoCertificado <> ''  ) and ( EnviarCertificadoCliente
) )then begin
      FIdSSLIOHandler.SSLOptions.CertFile    := SSLArchivoCertificado;
      FIdSSLIOHandler.SSLOptions.RootCertFile :=
SSLArchivoCertificadoCA;
      FIdSSLIOHandler.SSLOptions.KeyFile      := SSLArchivoClavePrivada;
      FIdSSLIOHandler.SSLOptions.Mode        := sslmBoth;
      FIdSSLIOHandler.SSLOptions.SSLVersions  := [sslvSSLv23];
  end;
  FIdSSLIOHandler.OnStatusInfo            := SSLCallBack;
  FCLient.IOHandler                      := FIdSSLIOHandler;
  end;
end;

try
  if( ( FEncoding <> nil ) and ( FClient.IOHandler <> nil ) )then
      FClient.IOHandler.DefStringEncoding := FEncoding;
  FClient.Connect;
  if( FEncoding <> nil )then
      FClient.IOHandler.DefStringEncoding := FEncoding;
  Result := True;
except
  on e:Exception do begin
      FClient.Free;
      FCLient      := nil;
      Result      := False;
      FUltimoError := e.Message;
  end;
end;

Replies