I have scoured the internet and haven't found a solution or method on how to verify the certificate when connecting over HTTPS using TIdHTTP.
I have hooked up a IdSSLIOHandlerSocketOpenSSL component as the IOHandler, set the SSLModes, etc. but when I browse to https://s3.amazonaws.com it cannot verify the certificate.
OpenSSL (Indy) gives
"Error connecting with SSL. SSL3_GET_SERVER_CERTIFICATE: Certificate verify failed"
The OpenSSL libraries have successfully loaded (checked with WhichFailedToLoad). The OnStatusInfo event writes the following:
SSL status: "before/connect initialization"
SSL status: "before/connect initialization"
SSL status: "SSLv2/v3 write client hello A"
SSL status: "SSLv3 read server hello A"
SSL status: "SSLv3 read server certificate B"
SSL status: "SSLv3 read server certificate B"
SSL status: "SSLv3 read server certificate B"
And OnVerifyPeer, AOk = False.
How can I get it to verify correctly. What's going on?
Thanks for reading,
Adrian
Best Answer
You have to implement a event handler for the OnVerifyPeer event of your TIdSSLIOHandlerSocketOpenSSL component.
From IdSSLOpenSSL.pas:
If you just want to consider valid the same certificates the Library considers also valid, you just have to implement it this way:
As Indy first checks for the validity of the certificate and pass you if it is Ok or not in the AOk parameter. The last word is in your code, as you may want to let pass some kinds of minor validation errors, like being out of date, or even ask the user if the certificate is accepted or not in case of any error (minor or not).
To understand why it works this way, you may also want to read all the comments at the top of the IdSSLOpenSSL.pas file: