Delphi - 与Indy组件的SSL TCP通信 [英] Delphi - SSL TCP communication with Indy components

问题描述

我在Delphi XE2中使用TIdSSLIOHandlerSocketOpenSSL Indy组件通过TCP向SSL服务器（Apple Push Notification Service）发送数据。我已经在一定程度上工作了，但不知道我是否会做最好的方法。我正在执行以下操作：

I'm using the TIdSSLIOHandlerSocketOpenSSL Indy component in Delphi XE2 to send data to an SSL server (Apple Push Notification Service) over TCP. I've got it working to a degree but not sure if I'm going about it the best way. I'm doing the following :

• 设置SSL属性公司。 $路由证书


• 调用.Open方法打开连接


• 检查OnStatusInfoEx事件中的AType参数，直到获得握手完成


• 使用.WriteDirect
发送数据

• 使用.Close
关闭连接

• Set the SSL properties inc. path to certificates
• Call the .Open method to open the connection
• Check the AType parameter in the OnStatusInfoEx event until I get a 'Handshake Done'
• Send the data using .WriteDirect
• Close the connection with .Close

有更好的方法知道连接准备好发送数据吗？有没有人直接通过TCP使用TIdSSLIOHandlerSocketOpenSSL组件的示例代码？我发现的样本主要是用于HTTP调用，其中TIdSSLIOHandlerSocketOpenSSL组件被附加以保护连接。

Is there a better way to know when the connection is ready to send data? Does anybody have sample code using the TIdSSLIOHandlerSocketOpenSSL component directly over TCP? The samples I've found are mainly for HTTP calls where the TIdSSLIOHandlerSocketOpenSSL component is just attached to secure the connection.

推荐答案

自从你正在使用客户端组件，如果服务器要验证客户端的证书，您只需要在客户端上设置证书。

Since you are using the client component, you only need to setup the certificates on the client if the server is going to authenticate the client's certificate.

否则，设置TIdSSLIOHandlerSocketOpenSSL的SSLOptions.Mode到sslmClient，您应该可以连接。

Otherwise, set the TIdSSLIOHandlerSocketOpenSSL's SSLOptions.Mode to sslmClient, and you should be able to connect.

启用VerifyMode并在套接字组件上使用OnVerifyPeer事件来验证服务器上的指纹是个好主意证书，以避免中间人发生攻击。

It's a good idea to enable the VerifyMode and use the OnVerifyPeer event on the socket component to verify the fingerprint on the server certificate in order to avoid man in the middle attacks.

根据您的Indy版本，您可能需要将SSLOptions方法设置为sslvTLSv1。一些Web服务器不再支持SSLv2，Indy 9默认为。

Depending on your version of Indy, you may need to set the SSLOptions Method to sslvTLSv1. Some web servers no longer support SSLv2, which Indy 9 defaults to.

下面是一些示例代码，演示了使用TCP组件通过SSL检索网页：

Here's some sample code that demonstrates retrieving a web page over SSL using the TCP component:

procedure TForm1.Button1Click(Sender: TObject);
var
  s: String;
begin
  IdTCPClient1.Host := 'example.com';
  IdTCPClient1.Port := 443;
  IdTCPClient1.Connect;
  IdTCPClient1.WriteLn('GET / HTTP/1.1');
  IdTCPClient1.WriteLn('Host: example.com');
  IdTCPClient1.WriteLn('');
  // Retrieve all the data until the server closes the connection
  s := IdTCPClient1.AllData;
  Memo1.Lines.Add(s);
end;

不要忘记包含OpenSSL库 libeay32.sll 和 ssleay32.dll 在与Windows上的EXE相同的文件夹中。使用Indy 10的标准（最新）二进制文件。

Don't forget to include the OpenSSL libraries libeay32.sll and ssleay32.dll in the same folder as your EXE on Windows. Use the standard (latest) binaries for Indy 10.

这篇关于Delphi - 与Indy组件的SSL TCP通信的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！