{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 一纸荒年 Trace。 的问题《Delphi: IdHTTP+SSL does not work. No errors!》','https://www.manongdao.com/q-1204088.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I use TidHTTP + TIdSSLIOHandlerSocketOpenSSL + 2 DLLs: ssleay32.dll and libeay32.dll from http://indy.fulgan.com/SSL.
But I can see all work of my program in HTTP Analyzer! It works as HTTP, not as HTTPS. If I use Opera I cannot see downloading with the same site (https://esta.cbp.dhs.gov/esta).
I did not set any special parameters for TidHTTP and TIdSSLIOHandlerSocketOpenSSL (may be I must but I do not know what exactly).
Must I use TIdSSLVersion(sslvSSLv23) + location of a SSL certificate? Where can I get this certificate? Or only RootCertFile?
How to change a port of idHttp to 443 (must I do it?)?
I use:
procedure TForm1.FormCreate(Sender: TObject);
var mem:tmemorystream;
begin
try
mem:=TMemoryStream.Create();
try
idhttp1.Get('https://esta.cbp.dhs.gov/esta/',Mem);
except
on E : Exception do ShowMessage(E.Message);
end;
finally
mem.Free;
idhttp1.Free;
end;
end;
Please see my video: http://liga-installer.realservers.info/ssl.mp4
Screen shots:
Thanks Thanks Thanks for help!!!
This simple example works in Delphi XE out of the box, so you don't need to change ports or use a certificate on the client side. It's based on an example from RosettaCode:
...
The problem is probably the version of the DLLs you need to deploy. Since recent versions fix security issues, I recommend upgrading your version of Indy to the latest and using the most recent OpenSSL libraries from the fulgan site.
Update: Did you mean that you can't see the site using a web browser, or that when you do you can't see the traffic in your HTTP analyser? As Rob mentioned, if the site isn't visible using a regular web browser, then the problem likely isn't your application.
you are using the wrong tool to check the communication. Your observation only shows the used protocol - which is HTTP 1.0 or 1.1 even if using SSL/TLS.
Try a tool like SmartSnif or Wireshark to check the real network traffic. You will see that the entire traffic is using port 443 with encrypted data.
The header response of HTTP/1.1 (or 1.0) is absolutely correct for HTTPS traffic, the SSL/TLS encryption does not change the transferred data but is a transport layer on top of HTTP traffic.
Regarding HTTP Analyzer (from their website at http://www.ieinspector.com/httpanalyzer/): "Main Features: Support HTTPS, show you unencrypted data sent over HTTPS / SSL connections as the same level of detail as HTTP."
So as I said it decodes the SSL and shows you the HTTP based, unencrypted traffic.
Regards, Arvid