delphiindy10idhttp

How to request insecure SSL with TIdHTTP?


I need to use TIdHTTP to request an HTTPS URL for an IP address on an SSL connection, so certificate validation will fail (if the peer even has a cert).

curl has the -insecure parameter and it works just fine, but I can't find anything in TIdHTTP to accomplish the same thing.

SSESocket := TIdHTTP.Create;
SSESocket.Request.Accept := 'text/event-stream';
SSESocket.Request.CacheControl := 'no-store';
SSESocket.Get('https://'+Host+'/eventstream/clip/v2', SSEventStream);

What am I missing?


Solution

  • You can explicitly assign a TIdSSLIOHandlerSocketOpenSSL component to the TIdHTTP.IOHandler property, and then you can set the IOHandler's SSLOptions.VerifyMode property to [] and its SSLOptions.VerifyDepth property to 0.

    SSESocket := TIdHTTP.Create;
    
    // add this ...
    SSEIO := TIdSSLIOHandlerSocketOpenSSL.Create(SSESocket);
    SSEIO.SSLOptions.SSLVersions := [sslvTLSv1,sslvTLSv1_1,sslvTLSv1_2];
    SSEIO.SSLOptions.Mode := sslmClient;
    SSEIO.SSLOptions.VerifyMode := [];
    SSEIO.SSLOptions.VerifyDepth := 0;
    SSESocket.IOHandler := SSEIO;
    //
    
    SSESocket.Request.Accept := 'text/event-stream';
    SSESocket.Request.CacheControl := 'no-store';
    SSESocket.Get('https://'+Host+'/eventstream/clip/v2',SSEventStream);
    

    In your example, TIdHTTP is implicitly creating an internal TIdSSLIOHandlerSocketOpenSSL with default settings for you.

    You can optionally also assign a handler to the TIdSSLIOHandlerSocketOpenSSL.OnVerifyPeer event and have it return True to accept the server's certificate, regardless of whether OpenSSL would normally reject it.