Delphi with Indy10 using OpenSSL libraries. Are there any good references to use Windows certificates (including self assigned certificates) on the internet?
Sam Shaw You are correct that a client is being implemented.
Just to try and understand, OpenSSL can't use a certificated that is installed in the Windows certificate store directly (on the fly). It first needs to be converted to a format the OpenSSL can use (pem).
From what I have been told, some self-assigned certificates can be marked as untrusted (as they are self- assigned). How does OpenSSL handle this?
AFAK, If you don't wanna check trust server certification at all, just NOT implement OnVerifyPeer event, that means trust everything. If you wanna filter site by site, You have to implement OnVerifyPeer event. And in newer indy there is an ultra paramter AError indicate that site wheather self-signed or not. There is an good answer from stackoverflow FYR: http://stackoverflow.com/questions/13577706/delphi-indy-verify-server-certificate-ssl
Sam Shaw You are correct that a client is being implemented.
ReplyDeleteJust to try and understand, OpenSSL can't use a certificated that is installed in the Windows certificate store directly (on the fly). It first needs to be converted to a format the OpenSSL can use (pem).
From what I have been told, some self-assigned certificates can be marked as untrusted (as they are self- assigned). How does OpenSSL handle this?
AFAK, If you don't wanna check trust server certification at all, just NOT implement OnVerifyPeer event, that means trust everything.
ReplyDeleteIf you wanna filter site by site, You have to implement OnVerifyPeer event. And in newer indy there is an ultra paramter AError indicate that site wheather self-signed or not. There is an good answer from stackoverflow FYR:
http://stackoverflow.com/questions/13577706/delphi-indy-verify-server-certificate-ssl
Sam Shaw Thanks for the info.
ReplyDelete