Saturday, August 24, 2019

Use Indy SSL Connection in C++ Builder 6

In C++ Builder 6, the default indy doesn't support SSL security. I don't like it. I want secure communication between client and server in my application.
In order to do that, here is what we need to do:

1. Remove default C++ Builder 6 indy component. 

We need to remove the default indy in the default C++ Builder 6 by removing the "Internet Direct (Indy) for D6 property and components editor" component.
Default C++ Builder Indy Component
Go to C:\Program Files (x86)\Borland\CBuilder6\Include\Vcl and find files with prefix "id" and hpp extension. These are indy header files (idabout.hpp, idantifreeze.hpp, idantifreezebase.hpp, etc). Delete those files (you can save them somewhere save just in case something bad happen).

2. Install Indy 10

Today is 25th May 2019 and the link I use to download is https://indy.fulgan.com. Go to ZIP directory and download Indy10_5515.zip. Extract it to your own directory and go to that folder. Go to lib folder. Find a bat file corresponding to your version of C++ Builder. For me, I want to install it for C++ Builder 6, so I look for Fullc_6.bat. Run it from cmd. This process create a folder in parent folder named C6. Go there and you'll find the indy10 library.
fulgan.com zip folder



Copy all .hpp files to folder where you delete the original indy hpp files. The default is in C:\Program Files (x86)\Borland\CBuilder6\Include\Vcl directory. Copy the rest of files in the C6 folder to C:\Program Files (x86)\Borland\CBuilder6\Projects\Bpl directory.

Now open C++ Builder 6 and fire up menu Component>Install Packages. Add the component dclIndyCore60.bpl and dclIndyProtocols60.bpl. Your new component is now installed. You should have new tab Indy I/O Handlers, Indy Intercepts, Indy SASL tab at the most right of the component palette.

Indy 10 component

3. Install OpenSSL

This is the most important. You need OpenSSL library. Download OpenSSL from https://indy.fulgan.com. This time, go to SSL folder. There are many SSL that you can download from. Most of them don't work in my case. For me, even tough my PC is using 64 bit, I download the 32 bit because the 64 bit doesn't work for me. You can download them one by one and try which one works for you which one doesn't. If you get error "could not load SSL library", you probably still don't use the right dll. The version that I tried is openssl-1.0.0d-i386-win32-rev2.zip (it is inside archive folder). Extract it and copy them all. Create folder where you want to put your SSL library (ex: Program Files (x86)/OpenSSL). Paste the SSL files that you've copied. Now add PATH to the environment variable in windows and C++ Builder (Tools>Environment options>Environment variables).

Note: the version above 1.0.0d always show exception connection closed gracefully if you use version above 1.0.0d and you set the SSL version to sslvTLSv1_2. This is normal in release mode. However, in the debugger, you always get that exception pop up and it irritates me. To shut it up, go to Tools>Debugger Options>Language Exceptions. Add exception EIdSilentException and it won't pop up anymore (source: https://www.swissdelphicenter.ch/en/showarticle.php?id=1). 

1 comment:

  1. The very first sentence is wrong: "In C++ Builder 6, the default indy doesn't support SSL security." Indy has always supported SSL security, it is just that different versions of Indy implement it in different ways. Indy 8 has a TIdConnectionInterceptOpenSSL component. Indy 9 has a TIdSSLIOHandlerSocket component. Indy 10 has a TIdSSLIOHandlerSocketOpenSSL component. These components can be linked to any TCP component to provide SSL/TLS security.

    Also note that the Fulgan mirror is retired. Indy is now on GitHub at https://github.com/IndySockets/Indy/, and its OpenSSL binaries are now at https://github.com/IndySockets/OpenSSL-Binaries. You should be using the OpenSSL 1.0.2 DLLs with Indy 10, not 1.0.0. If you get runtime errors when Indy tries to load OpenSSL, Indy has a WhichFailedToLoad() function you can call to find out why. Rather than using the system PATH to tell Indy where to find the DLLs, Indy 10 has an IdOpenSSLSetLibPath() function you can call at runtime.

    If you want to use OpenSSL 1.1.x or 3.0.x with Indy 10, use this code (which has not been merged into the main code yet): https://github.com/IndySockets/Indy/pull/299

    ReplyDelete