I need to use TIdHTTP
to request an HTTPS URL for an IP address on an SSL connection, so certificate validation will fail (if the peer even has a cert).
curl has the -insecure
parameter and it works just fine, but I can't find anything in TIdHTTP
to accomplish the same thing.
SSESocket := TIdHTTP.Create;
SSESocket.Request.Accept := 'text/event-stream';
SSESocket.Request.CacheControl := 'no-store';
SSESocket.Get('https://'+Host+'/eventstream/clip/v2', SSEventStream);
What am I missing?
You can explicitly assign a TIdSSLIOHandlerSocketOpenSSL
component to the TIdHTTP.IOHandler
property, and then you can set the IOHandler's SSLOptions.VerifyMode
property to []
and its SSLOptions.VerifyDepth
property to 0.
SSESocket := TIdHTTP.Create;
// add this ...
SSEIO := TIdSSLIOHandlerSocketOpenSSL.Create(SSESocket);
SSEIO.SSLOptions.SSLVersions := [sslvTLSv1,sslvTLSv1_1,sslvTLSv1_2];
SSEIO.SSLOptions.Mode := sslmClient;
SSEIO.SSLOptions.VerifyMode := [];
SSEIO.SSLOptions.VerifyDepth := 0;
SSESocket.IOHandler := SSEIO;
//
SSESocket.Request.Accept := 'text/event-stream';
SSESocket.Request.CacheControl := 'no-store';
SSESocket.Get('https://'+Host+'/eventstream/clip/v2',SSEventStream);
In your example, TIdHTTP
is implicitly creating an internal TIdSSLIOHandlerSocketOpenSSL
with default settings for you.
You can optionally also assign a handler to the TIdSSLIOHandlerSocketOpenSSL.OnVerifyPeer
event and have it return True
to accept the server's certificate, regardless of whether OpenSSL would normally reject it.