IdHTTP question

This is the forum for miscellaneous technical/programming questions.

Moderator: 2ffat

IdHTTP question

Postby HsiaLin » Fri May 25, 2018 3:18 pm

I have a IdHTTP and SSLIOhandler partnered together, they will download most
http and https images i enter into it, but a few urls give the following error:

First chance exception at $766BD722. Exception class EIdOSSLUnderlyingCryptoError with message
'Error connecting with SSL.
error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure'.
Process Project1.exe (7612)

What do i need to set on the IdHTTP or SSL to remedy this?

This is one of the urls that gives the error:
https://i.warosu.org/data/vr/img/0007/8 ... 614706.png

----------------------------

Edit:
Went with URLDownloadToFile with IBindStatusCallback for download progress,
much easier to use, including attachment of simple use for future googlers.
Attachments
DownloadTest.zip
URLDownloadToFile Example
(46.98 KiB) Downloaded 338 times
HsiaLin
BCBJ Master
BCBJ Master
 
Posts: 299
Joined: Sun Jul 08, 2007 6:29 pm

Re: IdHTTP question

Postby rlebeau » Tue May 29, 2018 3:15 pm

HsiaLin wrote:I have a IdHTTP and SSLIOhandler partnered together, they will download most
http and https images i enter into it, but a few urls give the following error:

First chance exception at $766BD722. Exception class EIdOSSLUnderlyingCryptoError with message
'Error connecting with SSL.
error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure'.
Process Project1.exe (7612)


How do you have the TIdSSLIOHandlerSocketOpenSSL configured exactly?

HsiaLin wrote:What do i need to set on the IdHTTP or SSL to remedy this?


I can't answer that without knowing why it is failing. The server is rejecting the SSL/TLS handshake, which usually means you are using the wrong SSL/TLS version, or don't have certificates configured correctly, or other similar misconfiguration. At what stage does the handshake fail exactly? What does the raw handshake traffic look like? Use a packet sniffer to get that, such as Wireshark.

HsiaLin wrote:This is one of the urls that gives the error:
https://i.warosu.org/data/vr/img/0007/8 ... 614706.png


I do not get an SSL/TLS error when accessing that URL using the latest version of Indy 10 and OpenSSL 1.0.2. I do, however, get an HTTP "403 Forbidden" error instead (presumably because it requires user credentials to access), but that is after the SSL/TLS handshake completes without error.

HsiaLin wrote:Went with URLDownloadToFile with IBindStatusCallback for download progress,
much easier to use, including attachment of simple use for future googlers.


URLDownloadToFile() is notoriously buggy, and lacks decent error reporting.
Remy Lebeau (TeamB)
Lebeau Software
User avatar
rlebeau
BCBJ Author
BCBJ Author
 
Posts: 1544
Joined: Wed Jun 01, 2005 3:21 am
Location: California, USA

Re: IdHTTP question

Postby HsiaLin » Wed May 30, 2018 1:59 am

I`d rather use IdHTTP but i am not a network professional.
I do like being able to DL via stream like IdHTTP does but i dont want
to have to configure IT settings for every picture i want to DL off google
images.

"How do you have the TIdSSLIOHandlerSocketOpenSSL configured exactly?"

Which one of the 500 settings should be configured to just get an image from a https?
I have no idea. Its like trying to use a jumbo jet to just cross the street. It would be
nice if there were some examples of how to use Indy.
HsiaLin
BCBJ Master
BCBJ Master
 
Posts: 299
Joined: Sun Jul 08, 2007 6:29 pm

Re: IdHTTP question

Postby rlebeau » Wed May 30, 2018 10:44 am

HsiaLin wrote:i dont want to have to configure IT settings for every picture i want to DL off google images.


You don't need to.

HsiaLin wrote:"How do you have the TIdSSLIOHandlerSocketOpenSSL configured exactly?"

Which one of the 500 settings should be configured to just get an image from a https?


You didn't answer my question. What are your EXACT settings? There aren't that many settings. Also, which versions of C++Builder, Indy, and OpenSSL are you actually using? Be specific.

In any case, the IOHandler's defaults will usually suffice just fine (such as for the URL you provided). Make sure you are using up-to-date versions of Indy and OpenSSL. If anything, you might just need to enable TLS 1.1 and TLS 1.2, at least (only TLS 1.0 is enabled by default).

In the URL you provided, the problem was not with SSL/TLS, but with HTTP authentication instead. That is a very different issue, not related to OpenSSL at all.

HsiaLin wrote:It would be nice if there were some examples of how to use Indy.


There are plenty of examples floating around, if you look around.
Remy Lebeau (TeamB)
Lebeau Software
User avatar
rlebeau
BCBJ Author
BCBJ Author
 
Posts: 1544
Joined: Wed Jun 01, 2005 3:21 am
Location: California, USA

Re: IdHTTP question

Postby HsiaLin » Wed May 30, 2018 6:07 pm

Threw together a test prog.
I use XE5 and whatever Indy version that came with it.


All i did was enable HandleRedirects, everything else is as it was dropped on form.
I dont know what other settings would need enabled. I noticed the UserAgent
setting might need to be more mainstream but other than that, no idea.

Theres 2 errors that occur often, one is the one you see about ssl, the other is
a 403 error. Neither of those happen, that i have seen, with URLDownloadToFile.
Attachments
DownloadTest_IDHTTP.zip
(49.43 KiB) Downloaded 325 times
HsiaLin
BCBJ Master
BCBJ Master
 
Posts: 299
Joined: Sun Jul 08, 2007 6:29 pm

Re: IdHTTP question

Postby rlebeau » Wed May 30, 2018 6:29 pm

HsiaLin wrote:I use XE5 and whatever Indy version that came with it.


Then you are using quite an old version, as XE5 is 5 years old. You should seriously upgrade to the latest version of Indy (currently 10.6.2.5461), there have been many fixes and updates made during the past 5 years.

HsiaLin wrote:All i did was enable HandleRedirects, everything else is as it was dropped on form.

I dont know what other settings would need enabled. I noticed the UserAgent
setting might need to be more mainstream but other than that, no idea.


You are focusing on the TIdHTTP settings, but what about the TIdSSLIOHandlerSocketOpenSSL settings? Have you tried enabling TLS 1.1 and TLS 1.2, like I suggested?

HsiaLin wrote:Theres 2 errors that occur often, one is the one you see about ssl, the other is
a 403 error. Neither of those happen, that i have seen, with URLDownloadToFile.


As I said, I can't reproduce any SSL errors using the URL you provided earlier, only the HTTP 403 error, and that has is going to be related to how you configure authentication in TIdHTTP (unless it is related to the UserAgent instead).

Once you get past the SSL issue, since URLDownloadToFile() is part of WinInet, you should be able to use Fiddler to capture its HTTP traffic, and then compare that to Indy's HTTP traffic to see what is different between them to cause the 403 error.
Remy Lebeau (TeamB)
Lebeau Software
User avatar
rlebeau
BCBJ Author
BCBJ Author
 
Posts: 1544
Joined: Wed Jun 01, 2005 3:21 am
Location: California, USA


Return to Technical

Who is online

Users browsing this forum: Baidu [Spider], Bing [Bot] and 4 guests

cron