Hi Simon, The trusted CA's to check against can be specified with
HTTP.Sock.SSL.CertCAFile:='full.path.to.CAcert.pem'; You can find pem conversion of the Mozilla trusted CA's here: http://curl.haxx.se/ca/cacert.pem Here is a working example using above pem file(Form with Memo1 to display result or error) procedure TForm1.FormCreate(Sender: TObject); var HTTP:THTTPSend; res:boolean; s:string; begin HTTP := THTTPSend.Create; HTTP.Sock.SSL.VerifyCert:=true; HTTP.Sock.SSL.CertCAFile:='CAcert.pem'; s:='nothing'; try res := HTTP.HTTPMethod('GET', 'https://suivi.orange.fr'); if res then begin setlength(s,HTTP.Document.size); HTTP.Document.Write(s[1],HTTP.Document.size); end else s:= HTTP.Sock.SSL.LastErrorDesc; finally HTTP.Free; Memo1.Text:=s; end; end; Ludo -----Message d'origine----- De : Ludo Brands [mailto:ludo.bra...@free.fr] Envoyé : mardi 15 février 2011 10:32 À : 'Ararat Synapse' Objet : [Synalist] RE : RE : [HttpSend] How to verify server's certificate? Hi Simon, If HTTPMethod returns false then check HTTP.Sock.SSL.LastErrorDesc. When it says something like 'error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed' and the site opens correctly in your browser, then openssl probably hasn't any root certificate authorities to compare with. As www.openssl.org/support/faq.html says: "The OpenSSL software is shipped without any root CA certificate as the OpenSSL project does not have any policy on including or excluding any specific CA and does not intend to set up such a policy. Deciding about which CAs to support is up to application developers or administrators. " Ludo -----Message d'origine----- De : Simon L [mailto:sim...@gmail.com] Envoyé : lundi 14 février 2011 22:46 À : Ararat Synapse Objet : Re: [Synalist] RE : [HttpSend] How to verify server's certificate? Hi Ludo, Unfortunately this doesn't seem to work. When HTTP.Sock.SSL.VerifyCert is true, HTTPMethod returns immediately. Please advise. Thanks. Simon On Sun, Feb 13, 2011 at 9:00 AM, Ludo Brands <ludo.bra...@free.fr> wrote: > Hi, > > HTTP := THTTPSend.Create; > HTTP.Sock.SSL.VerifyCert:=true; > .... > > does the certificate verification. Works apparently only with the > openssl library. > > Ludo > > > -----Message d'origine----- > De : Simon L [mailto:sim...@gmail.com] > Envoyé : dimanche 13 février 2011 12:06 > À : synalist-public@lists.sourceforge.net > Objet : [Synalist] [HttpSend] How to verify server's certificate? > > > Before data is transfered over an HTTPS connection, I want to make > sure that the website's certificate is genuine. > > How to do that? Thanks. > > Simon > > ---------------------------------------------------------------------- > ------ > -- > The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio > XE: Pinpoint memory and threading errors before they happen. Find and > fix more than 250 security defects in the development cycle. Locate > bottlenecks in serial and parallel code that limit performance. > http://p.sf.net/sfu/intel-dev2devfeb > _______________________________________________ > synalist-public mailing list synalist-public@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/synalist-public > > > ---------------------------------------------------------------------- > -------- > The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio > XE: Pinpoint memory and threading errors before they happen. Find and > fix more than 250 security defects in the development cycle. Locate > bottlenecks in serial and parallel code that limit performance. > http://p.sf.net/sfu/intel-dev2devfeb > _______________________________________________ > synalist-public mailing list synalist-public@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/synalist-public > ---------------------------------------------------------------------------- -- The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE: Pinpoint memory and threading errors before they happen. Find and fix more than 250 security defects in the development cycle. Locate bottlenecks in serial and parallel code that limit performance. http://p.sf.net/sfu/intel-dev2devfeb _______________________________________________ synalist-public mailing list synalist-public@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/synalist-public ---------------------------------------------------------------------------- -- The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE: Pinpoint memory and threading errors before they happen. Find and fix more than 250 security defects in the development cycle. Locate bottlenecks in serial and parallel code that limit performance. http://p.sf.net/sfu/intel-dev2devfeb _______________________________________________ synalist-public mailing list synalist-public@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/synalist-public ------------------------------------------------------------------------------ The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE: Pinpoint memory and threading errors before they happen. Find and fix more than 250 security defects in the development cycle. Locate bottlenecks in serial and parallel code that limit performance. http://p.sf.net/sfu/intel-dev2devfeb _______________________________________________ synalist-public mailing list synalist-public@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/synalist-public
