0

I am trying to add HTTPS support to an existing web server written in Delphi XE7 using Indy. I have written a simple application which just returns a date/time stamp on each HTTPS request.

I added handlers to the OnCommandGet and OnException events:

procedure TForm13.HTTPServerCommandGet(AContext: TIdContext; ARequestInfo: TIdHTTPRequestInfo; AResponseInfo: TIdHTTPResponseInfo);
begin
  AResponseInfo.ContentText := DateTimeToStr(Now());
  AResponseInfo.ContentEncoding := 'utf8';

  Log('Request: %s', [ARequestInfo.URI]);
end;

procedure TForm13.HTTPServerException(AContext: TIdContext; AException: Exception);
begin
  Log('Exception raised %s:%s', [AException.ClassName, AException.Message]);
end;

Bindings code:

  with HTTPServer do
   begin
     with Bindings.Add() do
      begin
        IP := '0.0.0.0';
        Port := 443;
      end;

     Active := true;
   end;

When I perfrom a request from a browser, in most cases I get this:

12.03.2019 0:50:29  Exception raised EIdConnClosedGracefully:Connection Closed Gracefully.
12.03.2019 0:50:29  Exception raised EIdConnClosedGracefully:Connection Closed Gracefully.
12.03.2019 0:50:30  Request: /
12.03.2019 0:50:30  Exception raised EIdConnClosedGracefully:Connection Closed Gracefully.
12.03.2019 0:50:30  Request: /favicon.ico
12.03.2019 0:51:00  Exception raised EIdSocketError:Socket Error # 10060    Connection timed out.

It serves the request and the browser shows the timestamp. But why does a graceful connection close raise an exception?

What bothers me more is that sometimes after 30 seconds after the last request, I get another exception, like this:

12.03.2019 1:44:53  Exception raised EIdConnClosedGracefully:Connection Closed Gracefully.
12.03.2019 1:44:53  Exception raised EIdConnClosedGracefully:Connection Closed Gracefully.
12.03.2019 1:44:53  Request: /
12.03.2019 1:44:54  Exception raised EIdConnClosedGracefully:Connection Closed Gracefully.
12.03.2019 1:44:54  Request: /favicon.ico
12.03.2019 1:45:24  Exception raised EIdOSSLAcceptError:Error accepting connection with SSL. EOF was observed that violates the protocol

It happens randomly, sometimes it is a timeout, sometimes this one. This looks wrong for me. Any ideas why this happens?

PS: In Delphi 10.3 it happens the same way as in Delphi XE7, so probably all Indy versions are affected.

Дмитрий Алферьев
  • 173
  • 1
  • 7
  • 1
    On a side note, `utf8` is not a valid value for the `AResponseInfo.ContentEncoding` property. If you want the text to be UTF-8 encoded, you need to set the `AResponseInfo.CharSet` property instead. – Remy Lebeau Mar 12 '19 at 06:25
  • 1
    You did not show the code that sets up the server's `Bindings` collection. Are you making the server listen on port 80 or 443? Do you have an `OnQuerySSLPort` event handler assigned? The symptoms you describe are caused by the client disconnecting on its end. The `EIdConnClosedGracefully` is perfectly normal, just ignore it. It means the client disconnected in between requests. The EOF error means the client disconnected in the middle of the SSL/TLS handshake. – Remy Lebeau Mar 12 '19 at 06:36
  • I have added bindings code to the post, but I am sure there is nothing special in it. I also tryed to add OnQuerySSLPort (always returning true), it does not change anything. – Дмитрий Алферьев Mar 12 '19 at 12:45
  • how exactly have your configured the `SSLIOHandler` that you have assigned to the server? – Remy Lebeau Mar 12 '19 at 16:08
  • I have tried different variants in SSLOptions: Mode: sslmServer or sslmUnassigned, SSLVersions: different sets, CertFile, KeyFile and RootCertFile are all assigned to a same file with self-created certificate. – Дмитрий Алферьев Mar 12 '19 at 16:13
  • Then I suggest you use a packet sniffer like Wireshark to look at the actual SSL/TLS handshake and see at what stage the browser is disconnecting. There is probably something in your handshake that the browser doesn't like. For example, if you use a self-signed certificate, did you install it in your browser beforehand? Browsers don't generally like self-signed certificates without user approval. – Remy Lebeau Mar 12 '19 at 18:02
  • Try to update you SSL dlls to the latest verison.. – Moore Mar 26 '19 at 19:41

1 Answers1

0

Finally found that all this strange errors appear only in case of self-generated certificate which is not installed on client device.

Дмитрий Алферьев
  • 173
  • 1
  • 7