РУС Site Map Contact Us Home
E-mail Newsletter
Subscribe to get informed about
Clever Components news.

Your Name:
Your Email:
 
SUBSCRIBE
 
Previous Newsletters
 




Products Articles Downloads Order Support
Customer Portal   

SSL / TLS support

SSL / TLS support | Using certificates | FTP + SSL | FTP + SSH

All protocol components from the Clever Internet Suite fully support the SSL / TLS negotiation mode: HTTPS, FTPS, SMTP, POP3, IMAP and NNTP.

For all these protocols (except for HTTPS) the Clever Internet Suite supports the explicit mode for establishing the secured connection. This means that the component will first connect in plaintext, and then explicitly start SSL negotiation through a protocol command such as STARTTLS.

For specifying the used SSL / TLS communication mode, the UseTLS property is implemented.

Client Components

In the client-side components, this property can accept the following values:

  • ctAutomatic - If the Port property is set to the standard plaintext port of the protocol, the component will behave the same as if UseTLS is set to ctExplicit. In all other cases, SSL negotiation will be implicit (ctImplicit).
  • ctImplicit - The SSL negotiation will start immediately after the connection is established.
  • ctExplicit - The component will first connect in plaintext, and then explicitly start SSL negotiation through a protocol command such as STARTTLS.
  • ctNone - No SSL negotiation, no SSL security. All communication will be in plaintext mode.

The OnVerifyServer event occurs when the server presents its certificate to the client and the client can decide whether to continue with the connection process:

// [Delphi]
procedure TMainForm.clHTTPVerifyServer(Sender: TObject;
   ACertificate: TclCertificate; const AStatusText: String;
   AStatusCode: Integer; var AVerified: Boolean);
var
   newInstance: TclCertificate;
begin
   if not AVerified and (MessageDlg(AStatusText + #13#10' Do you wish to proceed ?',
      mtWarning, [mbYes, mbNo], 0) = mrYes) then
   begin
      newInstance := clCertificateStore1.Items.AddFrom(ACertificate);
      clCertificateStore1.StoreName := 'CA';
      clCertificateStore1.Install(newInstance);
      AVerified := True;
   end;
end;

Also the CertificateFlags client property allows you to resolve the problems concerned with an invalid certificate common name, expired certificate date and unknown authority. Currently the following flags are available: cfIgnoreCommonNameInvalid, cfIgnoreDateInvalid, cfIgnoreUnknownAuthority, cfIgnoreRevocation, cfIgnoreWrongUsage.

Using the StartTls client method, you can explicitly initiate the TLS / SSL negotiation and establish the secured Network communication with the server.

Server Components

In the server-side components, the UseTLS property accepts other values:

  • stNone - No SSL negotiation, no SSL security. All communication will be in plaintext mode.
  • stImplicit - The SSL negotiation will start immediately after the connection is established.
  • stExplicitAllow - The component will first connect in plaintext, and then explicitly start SSL negotiation through a protocol command such as STARTTLS. The non-secured communication is allowed.
  • stExplicitRequire - The component will first connect in plaintext, and then explicitly start SSL negotiation through a protocol command such as STARTTLS. The non-secured communication is not allowed.

The OnGetCertificate server event allows you to specify a server certificate for establishing the secured connection. You can create your own self-signed certificate, as well as load any other certificate from a certificate store:

// [Delphi]
procedure TMainForm.clImap4Server1GetCertificate(Sender: TObject;
   var ACertificate: TclCertificate;
   AExtraCerts: TclCertificateList; var Handled: Boolean);
begin
   if clCertificateStore1.Items.Count = 0 then
   begin
   clCertificateStore1.ValidFrom := Now();
      clCertificateStore1.ValidTo := Now() + 365;
      ACertificate := clCertificateStore1.CreateSelfSigned('CN=CleverTester,O=CleverComponents,E=CleverTester@company.mail', 0);
      clCertificateStore1.Items.Add(ACertificate);
   end;
   ACertificate := clCertificateStore1.Items[0];
   Handled := True;
end;

// [Delphi]
procedure TMainForm.clImap4Server1GetCertificate(Sender: TObject;
   var ACertificate: TclCertificate;
   AExtraCerts: TclCertificateList; var Handled: Boolean);
begin
   if clCertificateStore1.Count = 0 then
   begin
      clCertificateStore1.Open('MY', slLocalMachine);
   end;
   ACertificate := clCertificateStore1.CertificateByIssuedTo('John Doe');
   Handled := True;
end;

    Copyright © 2000-2017