On 12/5/2017 8:58 AM, Angus Robertson - Magenta Systems Ltd wrote:
Client SSL applications rarely need to send certificates, so just leave
SslCertFile and SslPrivKeyFile blank and everything should work.

The confusion here is that the SslContext is used for both client and
server applications, and it's not obvious which properties relate only
to servers, clients, or both.  Worse, most of the samples just offer
all the options without explaining which are needed or why.

Some background.

Angus, thank you so much for taking the time to provide this explanation for SSL client component usage. I recently began migrating quite a few applications that use client components to SSL; and while marveling at how easy you all made it, I do have some questions related to those of the originator of this post.


Clients do still need Certificate Authority roots to be able to check
the server is sending a valid certificate, so leave:

SslCAFile := GlobalUserSettings.fCertDir + '\TrustedCABundle.pem';

What happens if this value is left blank as well -- does it skip checking validity of CA? Is there any way to have the components instead use the CA roots that Windows maintains in the Certificate Store? My concern is that installing a TrustedCABundle.pem file along with an application would lead to problems with it going stale.

To unsubscribe or change your settings for TWSocket mailing list
please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be

Reply via email to