0

I have a Delphi Intraweb application which is hosted on IIS using ISAPI DLL. This application internally connect with a Windows service application through IndyClient. Windows Service acts as an application server and written in Delphi itself.

I want to secure the communication performed between IndyClient and IndyServer (at Windows service side) through TLS/SSL. For this I am using TIdSSLIOHandlerSocketOpenSSL at client side and TIdServerIOHandlerSSLOpenSSL at service side. below code has been written in service side -

IdServerIOHandlerSSLOpenSSL1.SSLOptions.CertFile := Config.ServerCertificate; 
IdServerIOHandlerSSLOpenSSL1.SSLOptions.KeyFile := Config.ServerKey;

IdServerIOHandlerSSLOpenSSL1.SSLOptions.Mode := sslmServer;
IdServerIOHandlerSSLOpenSSL1.SSLOptions.VerifyMode := [];
IdServerIOHandlerSSLOpenSSL1.SSLOptions.VerifyDepth  := 0;
IdServerIOHandlerSSLOpenSSL1.SSLOptions.SSLVersions := [sslvTLSv1_2];

IndyServer.IOHandler := IdServerIOHandlerSSLOpenSSL1;
IndyServer.OnConnect := ServerConnect;

// Config object gets the correct path for certificate and key file

// Code for ServerConnect event 
if (AContext.Connection.IOHandler is TIdSSLIOHandlerSocketBase) then
   TIdSSLIOHandlerSocketBase(AContext.Connection.IOHandler).PassThrough := False;

Below code is written inside ISAPI DLL to connect with IndyServer

  IdSSLIOHandler.SSLOptions.VerifyMode := [];
  IdSSLIOHandler.SSLOptions.VerifyDepth := 0;
  IdSSLIOHandler.SSLOptions.SSLVersions := [sslvTLSv1_2];
  IdSSLIOHandler.SSLOptions.Mode := sslmClient;
  IndyClient.IOHandler := IdSSLIOHandler;
  TIdSSLIOHandlerSocketBase(IndyClient.IOHandler).PassThrough := False;

When I host the ISAPI DLL on IIS and try to connect with the Windows Service , getting below error message in Windows service side code -

EIdOSSLAcceptError with message 'Error accepting connection with SSL.EOF was observed that violates the protocol'

I have one desktop client application which connects with the same Windows service successfully using the same code written at client side.

I am using Self Signed certificates and tried configuring IIS to use HTTPS as well. My Delphi version is Delphi 10.2 Tokyo.

Deepak kumar jain
  • 115
  • 1
  • 10
  • 1
    The EOF error on the server side means the client is dropping the TCP connection on its side while the SSL/TLS handshake is in progress. Which might indicate the client is refusing the handshake. IIRC, OpenSSL will reject a self-signed peer certificate by default unless you trust the certificate (via `IdSSLIOHandler.RootCertFile` or `IdSSLIOHandler.VerifyDirs`), or use an `OnVerifyPeer` event handler to validate the certificate manually. – Remy Lebeau Jul 28 '21 at 22:15
  • @RemyLebeau Solutions suggested by you did not work for me. It turned out to be a different issue where ISAPI DLL was not able to load OpenSSL libraries. Since ISAPI DLL was hosted on IIS, program was trying to search for OpenSSL library inside `C:\Windows\System32\inetsrv` folder. This also explain to me that why exact same code is working with exe application and not working with ISAPI DLL. To resolve this issue I have added line `IdSSLOpenSSLHeaders.IdOpenSSLSetLibPath(LibPath)` and it worked. Again this answer was suggested by you on https://www.atozed.com/forums/thread-604.html. – Deepak kumar jain Jul 30 '21 at 06:30
  • @RemyLebeau The error message generated on server is somewhat misleading in this case. anyway thanks a lot for your help. – Deepak kumar jain Jul 30 '21 at 06:33
  • in order for the server to report that error in the first place, it had to have loaded the OpenSSL DLLs, but maybe it didn't load the correct version of them to be compatible with the client. There is just not enough info provided to diagnose the problem. – Remy Lebeau Jul 30 '21 at 06:45

0 Answers0