I need to use TIdHTTP to request an HTTPS URL for an IP address on an SSL connection, so certificate validation will fail (if the peer even has a cert).
curl has the -insecure parameter and it works just fine, but I can't find anything in TIdHTTP to accomplish the same thing.
SSESocket := TIdHTTP.Create;
SSESocket.Request.Accept := 'text/event-stream';
SSESocket.Request.CacheControl := 'no-store';
SSESocket.Get('https://'+Host+'/eventstream/clip/v2', SSEventStream);
What am I missing?
You can explicitly assign a TIdSSLIOHandlerSocketOpenSSL component to the TIdHTTP.IOHandler property, and then you can set the IOHandler's SSLOptions.VerifyMode property to [] and its SSLOptions.VerifyDepth property to 0.
SSESocket := TIdHTTP.Create;
// add this ...
SSEIO := TIdSSLIOHandlerSocketOpenSSL.Create(SSESocket);
SSEIO.SSLOptions.SSLVersions := [sslvTLSv1,sslvTLSv1_1,sslvTLSv1_2];
SSEIO.SSLOptions.Mode := sslmClient;
SSEIO.SSLOptions.VerifyMode := [];
SSEIO.SSLOptions.VerifyDepth := 0;
SSESocket.IOHandler := SSEIO;
//
SSESocket.Request.Accept := 'text/event-stream';
SSESocket.Request.CacheControl := 'no-store';
SSESocket.Get('https://'+Host+'/eventstream/clip/v2',SSEventStream);
In your example, TIdHTTP is implicitly creating an internal TIdSSLIOHandlerSocketOpenSSL with default settings for you.
You can optionally also assign a handler to the TIdSSLIOHandlerSocketOpenSSL.OnVerifyPeer event and have it return True to accept the server's certificate, regardless of whether OpenSSL would normally reject it.