Delphi - 与 Indy 组件的 SSL TCP 通信 [英] Delphi - SSL TCP communication with Indy components

问题描述

我在 Delphi XE2 中使用 TIdSSLIOHandlerSocketOpenSSL Indy 组件通过 TCP 将数据发送到 SSL 服务器(Apple 推送通知服务).我已经在一定程度上工作了，但不确定我是否以最好的方式去做.我正在做以下事情:

I'm using the TIdSSLIOHandlerSocketOpenSSL Indy component in Delphi XE2 to send data to an SSL server (Apple Push Notification Service) over TCP. I've got it working to a degree but not sure if I'm going about it the best way. I'm doing the following :

• 设置 SSL 属性.证书路径
• 调用.Open方法打开连接
• 检查 OnStatusInfoEx 事件中的 AType 参数，直到我收到握手完成"
• 使用 .WriteDirect 发送数据
• 使用 .Close 关闭连接

有没有更好的方法可以知道连接何时准备好发送数据?有人有直接通过 TCP 使用 TIdSSLIOHandlerSocketOpenSSL 组件的示例代码吗?我发现的示例主要用于 HTTP 调用，其中仅附加了 TIdSSLIOHandlerSocketOpenSSL 组件以保护连接.

Is there a better way to know when the connection is ready to send data? Does anybody have sample code using the TIdSSLIOHandlerSocketOpenSSL component directly over TCP? The samples I've found are mainly for HTTP calls where the TIdSSLIOHandlerSocketOpenSSL component is just attached to secure the connection.

推荐答案

由于您使用的是客户端组件，因此如果服务器要对客户端的证书进行身份验证，您只需要在客户端上设置证书.

Since you are using the client component, you only need to setup the certificates on the client if the server is going to authenticate the client's certificate.

否则，将 TIdSSLIOHandlerSocketOpenSSL 的 SSLOptions.Mode 设置为 sslmClient，您应该能够连接.

Otherwise, set the TIdSSLIOHandlerSocketOpenSSL's SSLOptions.Mode to sslmClient, and you should be able to connect.

启用VerifyMode 并使用套接字组件上的OnVerifyPeer 事件来验证服务器证书上的指纹是一个好主意，以避免中间人攻击.

It's a good idea to enable the VerifyMode and use the OnVerifyPeer event on the socket component to verify the fingerprint on the server certificate in order to avoid man in the middle attacks.

根据您的 Indy 版本，您可能需要将 SSLOptions 方法设置为 sslvTLSv1.某些 Web 服务器不再支持 Indy 9 默认支持的 SSLv2.

Depending on your version of Indy, you may need to set the SSLOptions Method to sslvTLSv1. Some web servers no longer support SSLv2, which Indy 9 defaults to.

以下是一些示例代码，演示了使用 TCP 组件通过 SSL 检索网页:

Here's some sample code that demonstrates retrieving a web page over SSL using the TCP component:

procedure TForm1.Button1Click(Sender: TObject);
var
  s: String;
begin
  IdTCPClient1.Host := 'example.com';
  IdTCPClient1.Port := 443;
  IdTCPClient1.Connect;
  IdTCPClient1.WriteLn('GET / HTTP/1.1');
  IdTCPClient1.WriteLn('Host: example.com');
  IdTCPClient1.WriteLn('');
  // Retrieve all the data until the server closes the connection
  s := IdTCPClient1.AllData;
  Memo1.Lines.Add(s);
end;

不要忘记将 OpenSSL 库 libeay32.sll 和 ssleay32.dll 包含在与 Windows 上的 EXE 相同的文件夹中.使用 Indy 10 的标准(最新)二进制文件.

Don't forget to include the OpenSSL libraries libeay32.sll and ssleay32.dll in the same folder as your EXE on Windows. Use the standard (latest) binaries for Indy 10.

这篇关于Delphi - 与 Indy 组件的 SSL TCP 通信的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！