This code works for me just fine on Windows 7 - Windows 10
IdPOP31.IOHandler := IdSSLIOHandlerSocketOpenSSL1;
IdPop31.Autologin:=True;
IdPop31.AuthType := patUserPass;
IdPOP31.UseTLS := utUseImplicitTLS;
IdPOP31.Host := 'mail.*****com';
IdPOP31.Port := 995;
IdPOP31.Username := '*******';
IdPOP31.Password := 'password';
Try
IdPOP31.Connect;
ShowMessage('Connected!')
Except
Exit;
End;
But when I try to run it on Server 2008 or 2012 it does nothing.
When Port 110 was available all worked fine, now, as I said it works only on Windows but not on Servers.
Please, give me any idea how to solve this problem.
Thank you.
Related
I have a project that still works on Windows 10, and it was working on Windows 11. But, after I installed updates for Windows 11 (not 22H2):
I now get an error:
error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert
handshake failure.
My setup is Indy 10.6.2.5263, OpenSSL 1.0.2u, Delphi XE8, and I am using the following code:
CInitialized := false;
idHttpC := TIdHTTP.Create(nil);
idHttpC.ConnectTimeout := 80000;
idHttpC.ReadTimeout := 80000;
idHttpC.AllowCookies := true;
// config Redirect's
idHttpC.RedirectMaximum := 35;
idHttpC.HandleRedirects := true;
idHttpC.HTTPOptions := [hoTreat302Like303, hoKeepOrigProtocol];
idHttpC.OnRedirect := IdHTTP1Redirect;
// create Cookie's
idCookieC := TIdCookieManager.Create(IdHttpC);
idHttpC.CookieManager := idCookieC;
// create gzip Compressor
idHttpC.Compressor := TIdCompressorZLib.Create(idHttpC);
// create OpenSSL
lIOHandlerC := TIdSSLIOHandlerSocketOpenSSL.Create(nil);
lIOHandlerC.SSLOptions.Mode := sslmClient;
lIOHandlerC.SSLOptions.SSLVersions := [sslvTLSv1, sslvTLSv1_1, sslvTLSv1_2];
idHttpC.IOHandler := lIOHandlerC;
On my request:
Result := idHttpC.Get('https://leinestern.de/');
I get:
error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure.
What's is wrong here? Maybe I have to change some new settings?
I am not using any antivirus or firewall, the built-in antivirus and firewall are disabled.
i updated Indy from GitHub and it's working again.
The code below works perfectly on Windows 7 machines 32 and 64 bits, it posts data to a https server on 5443 port and receive its response. However, machines with windows 10 it throws an Access violation at address 00000000. Read of address 00000000 message.
Some situations we might consider:
- Delphi XE2
- Indy 10.5.8.0
- [OpenSSL v1.1.1g][1]
- Windows 10 Version 1909
- No firewall and antivirus for tests
Here's the code:
_idHTTP := TIdHTTP.Create(Self);
_idHTTP.AllowCookies := True;
_idHTTP.HandleRedirects := True;
_idHTTP.HTTPOptions := [hoForceEncodeParams];
_idHTTP.ProxyParams.BasicAuthentication := False;
_idHTTP.Request.Accept := 'text/html, */*';
_idHTTP.Request.BasicAuthentication := False;
_idHTTP.Request.ContentLength := -1;
_idHTTP.Request.ContentRangeEnd := -1;
_idHTTP.Request.ContentRangeInstanceLength := -1;
_idHTTP.Request.ContentRangeStart := -1;
_idHTTP.Request.UserAgent := 'Mozilla/3.0 (compatible; Indy Library)';
_idHTTP.IOHandler := TIdSSLIOHandlerSocketOpenSSL.Create(_idHTTP);
_idHTTP.Request.CustomHeaders.Clear;
_idHTTP.Request.CustomHeaders.AddValue('Content-Type', 'application/json');
_idHTTP.Request.CustomHeaders.AddValue('Accept', 'application/json');
try
json := '{user: "<myuser>", pass: "<mypass>"}';
RequestBody := TStringStream.Create(json, TEncoding.UTF8);
try
sRet := _idHTTP.Post('https://10.200.200.213:5443/auth', RequestBody);
except
raise ex;
end;
finally
_idHTTP.Free;
end;
Edit:
The error message is throwing by the line
sRet := _idHTTP.Post('https://10.200.200.213:5443/auth', RequestBody);
As #zed commented, the problem is my OpenSSL version, it cannot be 1.1.1.
I installed 1.0.2 version from here and it's working now!
I'm trying to POST to a https Web service from Delphi 7. Initially the error was "Unable to Load SSL library". So placed ssleay32.dll & libeay32.dll (from indy_openssl096k.zip in https://indy.fulgan.com/SSL/Archive/) in the folder containing my executable.
Now the error is "Error connecting to SSL". In the exception, I also used WhichFailedToLoad() function and below is also reported
"Failed To Load: EVP_md5 X509_digest X509_NAME_hash"
From different sites, I could understand, above functions is part of libeay32.dll. But why is this still reported as FailedToLoad ?
I saw suggestions that updating to Indy10 ca solve this. But the applications I'm working on uses Indy functions on large number of modules and I don't want to cause any issues if Indy update fails. Is there anyway to resolve this error with Indy9. Any help is greatly appreciated.
I have been trying to find out a solution for the past few days and can't get one. Could someone kindly help me please ?
My Code
Protocol := TIdHTTP.Create(nil);
try
jsonToSend := TStringList.create;
Id_HandlerSocket := TIdSSLIOHandlerSocket.create(nil);
Id_HandlerSocket.SSLOptions.Method := sslvTLSv1;
Id_HandlerSocket.SSLOptions.Mode := sslmClient;
Id_HandlerSocket.SSLOptions.VerifyMode := [];
Id_HandlerSocket.SSLOptions.VerifyDepth := 0;
try
jsonToSend.Add('{"Branch":"' + branch + '", "Country":"' + country + '"}');
Protocol.IOHandler := Id_HandlerSocket;
Protocol.Request.ContentType := 'application/json';
Protocol.Request.Accept := '*/*';
Protocol.Post(ServerURL,jsonToSend);
except
on E:EIdOSSLConnectError do
begin
showmessage(E.Message);
showmessage('Failed to Load: ' + IdSSLOpenSSLHeaders.WhichFailedToLoad);
end;
end;
finally
Protocol.Destroy;
Id_HandlerSocket.Free;
jsonToSend.Destroy;
end;
My question is: why gmail gives me that error:
Username and Password not accepted. Learn more at
http://support.google.com/mail/bin/answer.py?answer=14257 lp8sm18275694wic.17 - gsmtp
I tried everything, whole bunch of options: SSL, TSL, SASL and still nothing. Somewhere I found that google demands some OAUTH2 SASL method wchich is to be done in Indy.
Of course on Delphi 6 and Indy 9 with proper eay dlls on port 465 with ssl works fine.
Anyone has some idea what to do with that?
O course I installed http://slproweb.com/products/Win32OpenSSL.html i anyone asked...
here is the code:
procedure send(Recipientemail, AccountName, Pass, EmailSMTP,EmailPortNo :string);
var
lTextPart: TIdText;
lImagePart: TIdAttachmentfile;
IdSMTP1: TIdSMTP;
IdMsg: TIdMessage;
SSLHandler:TIdSSLIOHandlerSocketOpenSSL;
IdUserPassProv1: TIdUserPassProvider;
IdSASLLogin1: TIdSASLLogin;
IdSASLCRAMMD5: TIdSASLCRAMMD5;
IdSASLCRAMSHA1: TIdSASLCRAMSHA1;
IdSASLPlain: TIdSASLPlain;
IdSASLLogin: TIdSASLLogin;
IdSASLSKey: TIdSASLSKey;
IdSASLOTP: TIdSASLOTP;
IdSASLAnonymous: TIdSASLAnonymous;
IdSASLExternal: TIdSASLExternal;
begin
IdSMTP1:=TIdSMTP.Create(nil);
IdMsg:=TIdMessage.Create(nil);
IdSMTP1.Host:=EmailSMTP;
IdSMTP1.Port:=EmailPortNo;
//IdSMTP1.Username:=trim(AccountName);//tried with or without
//IdSMTP1.Password:=trim(Pass);//tried with or without
TIdSSLContext.Create.Free;
SSLHandler:=TIdSSLIOHandlerSocketOpenSSL.Create(IdSMTP1);
SSLHandler.SSLOptions.Method := sslvSSLv3;
SSLHandler.SSLOptions.Mode := sslmClient;
IdSMTP1.IOHandler := SSLHandler;
if (IdSMTP1.port = 465) then
IdSMTP1.UseTLS := utUseImplicitTLS
else
IdSMTP1.UseTLS := utUseExplicitTLS;
IdSASLLogin1:=TIdSASLLogin.Create(IdSMTP1);
IdUserPassProv1:=TIdUserPassProvider.Create(IdSMTP1);
IdUserPassProv1.Password:=trim(EmailHasloKonta);
IdUserPassProv1.Username:=trim(EmailNazwaKonta);
IdSMTP1.AuthType:=satSASL;
IdSASLCRAMSHA1 := TIdSASLCRAMSHA1.Create(idSMTP1);
IdSASLCRAMSHA1.UserPassProvider := IdUserPassProv1;
IdSASLCRAMMD5 := TIdSASLCRAMMD5.Create(idSMTP1);
IdSASLCRAMMD5.UserPassProvider := IdUserPassProv1;
IdSASLSKey := TIdSASLSKey.Create(idSMTP1);
IdSASLSKey.UserPassProvider := IdUserPassProv1;
IdSASLOTP := TIdSASLOTP.Create(idSMTP1);
IdSASLOTP.UserPassProvider := IdUserPassProv1;
IdSASLAnonymous := TIdSASLAnonymous.Create(idSMTP1);
IdSASLExternal := TIdSASLExternal.Create(idSMTP1);
IdSASLLogin := TIdSASLLogin.Create(idSMTP1);
IdSASLLogin1.UserPassProvider:=IdUserPassProv1;
IdSASLPlain := TIdSASLPlain.Create(idSMTP1);
IdSASLPlain.UserPassProvider := IdUserPassProv1;
IdSMTP1.SASLMechanisms.Add.SASL := IdSASLCRAMSHA1;
IdSMTP1.SASLMechanisms.Add.SASL := IdSASLCRAMMD5;
IdSMTP1.SASLMechanisms.Add.SASL := IdSASLSKey;
IdSMTP1.SASLMechanisms.Add.SASL := IdSASLOTP;
IdSMTP1.SASLMechanisms.Add.SASL := IdSASLAnonymous;
IdSMTP1.SASLMechanisms.Add.SASL := IdSASLExternal;
IdSMTP1.SASLMechanisms.Add.SASL := IdSASLLogin1;
IdSMTP1.SASLMechanisms.Add.SASL := IdSASLPlain;
IdMsg.CharSet:=CmbEncod.Text;
IdMsg.From.Address:=EmailAdresNadawcy;
IdMsg.From.Name:=ToISO_8859_2(true, EmailNadawca);
IdMsg.Recipients.Add.Address:=email;
if EmailDoWiad<>'' then IdMsg.BccList.Add.Address:=EmailDoWiad;
IdMsg.ContentType:='multipart/relative';//; charset='+CmbEncod.Text;
IdMsg.Subject:=ifthen(TytulEmaila='',translate('Potwierdzenie rezerwacji'),TytulEmaila);
IdMsg.Body.Clear;
IdMsg.Body.Text:='';
lTextPart := TIdText.Create(IdMsg.MessageParts);
lTextPart.Body.text:='Some body text';
lTextPart.ContentType := 'text/plain';
try
IdSMTP1.Connect;
//IdSMTP1.Authenticate; //tried with or without
try
try
IdSMTP1.Send(IdMsg);
except
on e: exception do
MessageDlg('Sending error:'#13+
e.message,
mtinformation,[mbok],0);
end;
finally
IdSMTP1.Disconnect;
end;
finally
IdSMTP1.Disconnect;
IdUserPassProv1.free;
IdSASLLogin1.free;
IdSASLCRAMMD5.free;
IdSASLCRAMSHA1.free;
IdSASLPlain.free;
IdSASLLogin.free;
IdSASLSKey.free;
IdSASLOTP.free;
IdSASLAnonymous.free;
IdSASLExternal.free;
lTextPart.Free;
lImagePart.Free;
SSLHandler.free;
IdSMTP1.Free;
IdMsg.Free;
SSLHandler.Free;
end;
end;
Using the latest Indy version (10.6.1), I can successfully connect and authenticate TIdSMTP to Gmail using Indy's SASL components with both SSL (UseTLS=utUseImplicitTLS on port 465) and TLS (UseTLS=utUseExplicitTLS on port 587) using similar code to what you have shown. Despite popular belief, OAUTH2 is not required yet.
The fact that you are getting a human-readable authentication error means the SSL/TLS portion is working fine, so this is strictly a SASL issue.
If your Gmail account is using 2-step verification, make sure you have created an Application Password in your Gmail account settings, you cannot use your primary Gmail password. Read Gmail's documentation for more details:
Application-specific password required
Sign in using App Passwords
With that said, the only changes I would suggest you make to the code you have showed are:
setting the UseTLS property may change the Port property value, so you should set UseTLS first and then set the Port to the desired value afterwards:
if (EmailPortNo = 465) then
IdSMTP1.UseTLS := utUseImplicitTLS
else
IdSMTP1.UseTLS := utUseExplicitTLS;
IdSMTP1.Port := EmailPortNo;
you do not need to create and destroy a TIdSSLContext object, so get rid of that. The only reason to create a TIdSSLContext manually is so it can call the IdSSLOpenSSL.LoadOpenSSLLibrary() function, which is public so you can call it directly if needed (which you don't really need to in this situation).
multipart/relative is not a valid ContentType. Did you mean multipart/related instead? Your TIdMessage does not contain multiple parts so you should not be using multipart ContentType to begin with.
Most of your calls to Free() are redundant since you assigned the TIdSMTP as the Owner for everything except the TIdMessage. You don't need to free the SASL components manually, you can let TIdSMTP do that for you.
you are calling IdSMTP1.Disconnect() twice. You don't need that.
Here is the solution:
After all tries is seems to I have had the wrong version of two dlls libeay.dll and ssleay.dll.
Using Delphi XE2, Indy 10 that ships with it and OpenSSL dll's version 1.0.1c.
We are in the final stages of converting our Delphi 6 project to Delphi XE2.
We have solved every show stopper so far but I am running into one trying to connect to Gmail smtp server.
Our Delphi 6 app works fine using SSL v2.3 and SSL v3 and Indy 9 components connecting to port 465 per Google's own documentation. Google Support
Our Delphi XE2 app does not connect at all. The call to connect goes into the ether and nothing happens for some 7 minutes until I get bored waiting for the thing to timeout and kill it off. I actually traced the program execution all the way to the IdWinsock2 funcion here:
function Stub_select(nfds: Integer; readfds, writefds, exceptfds: PFDSet; timeout: PTimeVal): Integer; stdcall;
begin
#select := FixupStub(hWinSockDll, 'select'); {Do not Localize}
Result := select(nfds, readfds, writefds, exceptfds, timeout);//<-this line never returns and timeout is always nil
end;
I need to maintain the old SSL connectivity for existing users' configurations.
New users will be able to connect using TLS (to port 587) and that DOES work!?!?
I am at a loss as to why the non-TLS SSL options do not work and do not report any error and do not time out but just go off to Never-Never Land. Please help!
TJ
Here is the code:
SMTPClient.Host := trim(EditSMTPServer.Text);
SMTPClient.Port := EditSMTPServerPort.AsInteger;//<- value from custom edit box
SMTPClient.Username := trim(EditSMTPLogon.Text);
SMTPClient.Password := trim(EditSMTPPassword.Text);
SMTPClient.AuthType := satDefault;
if CheckBoxUseSSL.Checked then begin
SMTPClient.IOHandler := IdSSLIOHandlerSocket1;
IdSSLIOHandlerSocket1.ReadTimeout := 30000;//30 second timeout which does not appear to work
case ComboBoxSSLMode.ItemIndex of
0 : IdSSLIOHandlerSocket1.SSLOptions.Method := sslvSSLv2;
1 : IdSSLIOHandlerSocket1.SSLOptions.Method := sslvSSLv23;
2 : IdSSLIOHandlerSocket1.SSLOptions.Method := sslvSSLv3;
3 : begin
IdSSLIOHandlerSocket1.SSLOptions.Method := sslvTLsv1;
SMTPClient.UseTLS := utUseImplicitTLS;
end;
end;//case
IdSSLIOHandlerSocket2.SSLOptions.Method := IdSSLIOHandlerSocket1.SSLOptions.Method;
IdSSLIOHandlerSocket2.PassThrough := False;
end
else begin
SMTPClient.IOHandler := nil;
end;
try
SMTPClient.Connect;
if SMTPClient.Connected then begin
if SMTPClient.Authenticate then begin
... do some work ...
end;
end;
except
on e:Exception do begin
showmessage(e.message);
end;
end;
EDIT:
As usual, after I post a question I have stumbled across a workaround.
If I set the UsetTLS property to utUseImplicitTLS for all NON-SSL transactions and set it to utUseExplicitTLS for TLS transactions my connections appear to work in a timely manner.
Hopefully this helps someone out.
updated code:
if CheckBoxUseSSL.Checked then begin
SMTPClient.IOHandler := IdSSLIOHandlerSocket1;
SMTPClient.UseTLS := utUseImplicitTLS;
case ComboBoxSSLMode.ItemIndex of
0 : IdSSLIOHandlerSocket1.SSLOptions.Method := sslvSSLv2;
1 : IdSSLIOHandlerSocket1.SSLOptions.Method := sslvSSLv23;
2 : IdSSLIOHandlerSocket1.SSLOptions.Method := sslvSSLv3;
3 : begin
IdSSLIOHandlerSocket1.SSLOptions.Method := sslvTLsv1;
SMTPClient.UseTLS := utUseExplicitTLS;
end;
end;//case
IdSSLIOHandlerSocket2.SSLOptions.Method := IdSSLIOHandlerSocket1.SSLOptions.Method;
IdSSLIOHandlerSocket2.PassThrough := False;
end
else begin
SMTPClient.UseTLS := utNoTLSSupport;//reset TLS support flag
SMTPClient.IOHandler := nil;
end;
What you discovered is what you are supposed to be doing. SSL and TLS have different semantics, so you have to set UseTLS accordingly.
For SSL on port 465, the server expects your client to initiate an SSL handshake immediately upon connecting, before the server then sends an encrypted Greeting. UseTLS=utUseImplicitTLS does that, but UseTLS=utUseExplicitTLS does not. When UseTLS=utUseExplicitTLS, TIdSMTP will expect the server to send an unencrypted Greeting immediately, which would explain the hang in select() - the server is not sending any data!
For TLS on port 587, the server is expecting the client to connect initially unencrypted and then send an explicit STARTTLS command when it is ready to initiate encryption. UseTLS=utUseExplicitTLS does that, but UseTLS=utUseImplicitTLS does not.