Delphi XE - error connect DropBox via Indy TidHTTP (htttps)

Question

I'm having trouble connecting to my DropBox account via TIdHTTP and I don't know what to do anymore. I want to send a simple text file to DropBox in the first stage.

procedure TForm2.btn1Click(Sender: TObject);
const
  API_URL = 'https://content.dropboxapi.com/2/files/upload';
  cFile   = 'D:\testfile.txt';
var
  wAccessToken : string;
  Source: TFileStream;
  IdHTTP: TIdHTTP;
  Res : string;
  Ssl: TIdSSLIOHandlerSocketOpenSSL;
begin
  wAccessToken := 'muj_token';
  IdHTTP := TIdHTTP.Create(nil);
  try
    (*
    ShowMessage('Indy version: ' + IdHTTP.Version);
    RESULT MESSAGE : INDY 10.5.9.0
    *)
    IdHTTP.HandleRedirects := True;
    ssl := TIdSSLIOHandlerSocketOpenSSL.Create();
    ssl.SSLOptions.Method := sslvTLSv1_2;
    ssl.SSLOptions.Mode := sslmUnassigned;
    ssl.SSLOptions.VerifyMode := [];
    ssl.SSLOptions.VerifyDepth := 0;
    ssl.host := '';

    Source := TFileStream.Create(cFile, fmOpenRead);

    IdHTTP.IOHandler := ssl;
    IdHTTP.Request.CustomHeaders.Values['Authorization'] := 'Bearer ' + wAccessToken;
    IdHTTP.Request.CustomHeaders.Values['Dropbox-API-Arg'] :=
           '{ "autorename": false,"mode": "add","mute": false,"path": "/test.txt","strict_conflict": false}';
    IdHTTP.Request.CustomHeaders.Values['Content-Type']  := 'application/octet-stream';

    Memo1.Lines.Add(IdHTTP.Request.CustomHeaders.Text);

    Res := IdHTTP.Post(API_URL, Source);

  finally
      IdHTTP.Free;
  end;

But, after the POST command, I get the error:

Project Project2.exe raised exception class EIdOSSLUnderlyingCryptoError with message "Error connecting with SSL. error:1409442E:SSL routines:SSL3_READ_BYTES:tlsv1 alert protocol version"

I don't know how to proceed, there is a stupid mistake somewhere. I found similar problems on StackOverflow:

TIdHTTP in Indy 10

Post problems with Indy TIdHTTP

And many other forums. Somewhere it says it may be an old Indy (which it is), but DropBox probably has TLS v1.2 required though TIdHTTP enables it:

ssl.SSLOptions.Method := sslvTLSv1_2

For the Request track, I stuck to DropBox's API structure:

DROPBOX API DOCUMENTATION
     https://www.dropbox.com/developers/documentation/http/documentation#files-upload
     Get access token for:
     ****************************************************** **************
     curl -X POST https://content.dropboxapi.com/2/files/upload \
     --header "Authorization: Bearer <get access token>" \
     --header "Dropbox-API-Arg: {\"autorename\":false,\"mode\":\"add\",\"mute\":false,\"path\":\"/Homework/ math/Matrices.txt\",\"strict_conflict\":false}" \
     --header "Content-Type: application/octet-stream" \
     --data-binary @local_file.txt
     ****************************************************** **************

Even more information:

• Delphi XE3
• Indy 10.5.9.0
• with the exe I have the OpenSSL files libeay32.dll (1.0.2.17) and ssleay32.dll (1.0.2.17) - but that will not be it. If I throw them away the error is the same.
• DropBox requires TLS 1.2 since April

On some forums, they wrote the same error with old OpenSSL files, old Indy, sending via TLS, which is not supported by the addressee. But I don't feel either way.

I downloaded OpenSSL from https://github.com/IndySockets/OpenSSL-Binaries

openssl-1.0.2u-x64_86-win64.zip (I don't know if it's good, there are a bunch of them in the table with differences in the name "r", "s", "t", "u", I chose the last one).

Answer 1

The error is complaining that the "protocol version" is not accepted. Even though you are setting the version to TLS 1.2, chances are that Indy or OpenSSL is falling back to TLS 1.0 or 1.1 instead, which will fail if the server actually requires TLS 1.2.

Also, something else to consider - even if TLS 1.2 were being used correctly, most TLS 1.2 servers nowadays require clients to use the SNI extension to send the requested hostname in the TLS handshake (so appropriate certificates can be used), but Indy 10.5.9 did not support SNI. So upgrading to an up-to-date Indy version will gain you that feature.

Even if you don't update Delphi/Indy, you should at least make sure you are using an updated OpenSSL. The last version of OpenSSL that Indy 10.6.2 officially supports is 1.0.2u (1.0.2.21). Support for OpenSSL 1.1+/3.0 is a WIP (https://github.com/IndySockets/Indy/pull/299), if you want to try it.

Answer 2

solved - thanks Remy

• update to latest Open SSL bin files https://indy.fulgan.com/SSL/?C=M;O=D
• if the software is v32, it is necessary to use openssl-1.0.2u-i386-win32.zip (even if the system is w64)
• reinstall Indy to the latest version (even though reinstalling Indy is a horror, reinstalled a total of 6 times, each time a different error, I ended up with Indy without components - installation just doesn't work)
• Current version of Indy https://github.com/IndySockets/Indy
• How to reinstall Indy https://github.com/IndySockets/Indy/wiki/Updating-Indy
• I had Indy on a different drive than "C" and that was probably a mistake, here too but different error messages every time
• I put the Open SSL bin files directly to the exe, to be sure I set the file path IdOpenSSLSetLibPath(ExtractFilePath(Application.ExeName))