我使用的是Delphi XE和10.1 Berlin。 我需要将xml发送到HTTPS(使用Indy 10)并验证我的智能卡证书。 在10.1柏林,此代码有效,但我收到错误SSL3_GET_SERVER_CERTIFICATE:证书验证失败。 我是否需要分配RootCertFile,CertFile或KeyFile,以及如何从智能卡或证书存储区进行分配?
这是我的代码的一部分:
procedure TFR_O1.Button4Click(Sender: TObject);
var
Req: TStream;
S, xml_file: String;
SSL1: TIdSSLIOHandlerSocketOpenSSL;
begin
OpenDialog1.InitialDir := ExtractFilePath(Application.ExeName);
if OpenDialog1.Execute then
begin
xml_file := OpenDialog1.FileName;
end;
Req := TStringStream.Create(xml_file, TEncoding.UTF8);
try
SSL1 := TIdSSLIOHandlerSocketOpenSSL.Create(nil);
try
SSL1.SSLOptions.Method := sslvSSLv23;
SSL1.SSLOptions.Mode := sslmClient;
SSL1.SSLOptions.VerifyMode := [sslvrfPeer,sslvrfFailIfNoPeerCert,sslvrfClientOnce];
SSL1.SSLOptions.VerifyDepth := 0;
//SSL1.SSLOptions.RootCertFile := '';
//SSL1.SSLOptions.CertFile := '';
//SSL1.SSLOptions.KeyFile := '';
SSL1.OnVerifyPeer := IdSSLIOHandlerSocketOpenSSL1VerifyPeer;
IdHTTP1.IOHandler := SSL1;
IdHTTP1.Request.ContentType := 'application/octet-stream';
IdHTTP1.Request.Charset := 'UTF-8';
S := IdHTTP1.Post('https://11.11.11.11:11/api/upload', Req);
finally
SSL1.Free;
end;
finally
Req.Free;
end;
end;
function TFR_O.IdSSLIOHandlerSocketOpenSSL1VerifyPeer(Certificate: TIdX509; AOk: Boolean; ADepth, AError: Integer): Boolean;
begin
ShowMessage(Certificate.FingerprintAsString);
ShowMessage(Certificate.Subject.OneLine);
ShowMessage(Certificate.Issuer.OneLine);
if ADepth = 0 then
begin
Result := AOk;
end
else
begin
Result := True;
end;
end;
我一直在网上搜索,但我找不到任何解决方案或示例如何从智能卡获得证书。