|
All client components from the Clever Internet Suite fully support the SSL / TLS encryption: HTTPS, SFTP, SMTP, POP3, IMAP and NNTP.
The following method is called when the server presents its certificate to the client and the client can decide whether to continue with the connection process. This sample uses FTP Client, but it is also applied to any Client components mentioned above.
procedure TMainForm.clFTPVerifyServer(Sender: TObject;
ACertificate: TclCertificate; const AStatusText: String;
AStatusCode: Integer; var AVerified: Boolean);
var
newInstance: TclCertificate;
begin
if not AVerified then
begin
AVerified := FCertificateVerified;
end;
if not AVerified and (MessageDlg(AStatusText + #13#10' Do you wish to proceed ?',
mtWarning, [mbYes, mbNo], 0) = mrYes) then
begin
newInstance := clCertificateStore1.AddFrom(ACertificate);
clCertificateStore1.StoreName := 'CA';
clCertificateStore1.Install(newInstance);
AVerified := True;
FCertificateVerified := True;
end;
end; |
The following Server components support SSL / TLS encryption and allow specifying a certificate and its private key used for secured communication: HTTPS, SFTP, SMTP, POP3, IMAP and NNTP.
The method below is called when the needs a certificate for establishing connection. You can create your own self-signed certificate, as well as load any other certificate from a certificate store.
procedure TMainForm.clFtpServer1GetCertificate(Sender: TObject;
var ACertificate: TclCertificate; var Handled: Boolean);
begin
if clCertificateStore1.Count = 0 then
begin
clCertificateStore1.AddSelfSigned('CN=CleverTester,O=CleverComponents,E=CleverTester@company.mail', 0, Now(), Now() + 365);
end;
ACertificate := clCertificateStore1[0];
Handled := True;
end; |
To set up SSL connection you have to assign the URL component property with HTTPS protocol and the engine adjusts to use this encrypted kind of connection automatically. See Downloader, Uploader, Multi Downloader and Multi Uploader
In case of the connection requires a certificate to authenticate a connected user you can choose one of two possible methods:
- Allow users to setup a certificate in interactive GUI mode.
- Setup all the certificate settings programmically.
The first method is the simplest to coding and enabled by default. To activate this mechanism you just need set the UseInternetErrorDialog component property to TRUE. After that any of authentication problems will be shown in the standard Internet Explorer error dialog box. Within this dialog you can setup both certificate itself and many authentication problems, such as reaction on if certificate date is invalid, certificate common name is invalid and many others. You can learn more about setup of the Microsoft Internet Explorer authentication modes from the MSDN Library and Microsoft online-resource- MSDN.
The second method requires some programming.
Setup the UseInternetErrorDialog component property to FALSE to deactivate the interactive GUI authentication mode.
Use the CertificateFlags component property with any set of values cfIgnoreCommonNameInvalid, cfIgnoreDateInvalid, cfIgnoreUnknownAuthority to resolve problems with invalid certificate common name, expired certificate date and unknown authority respectively.
To select client certificate in any of components from Clever Internet Suite you may use the OnGetCertificate component event. The handler procedure for this event is defined as follows:
| TclOnGetCertificate = procedure (Sender: TObject; var ACertificate: TclCertificate; var Handled: Boolean) of object; |
The ACertificate is a wrapper class for the digital certificate object.
You can obtain the certificate by using the Certificate Store component:
procedure TForm1.clDownloaderGetCertificate (Sender: TObject;
var ACertificate: TclCertificate; var Handled: Boolean);
begin
ACertificate := clCertificateStore.CertificateByIssuedTo ('John Doe');
Handled := True;
end; |
Note! The OnGetCertificate event is not supported in Internet Explorer versions earlier than 5.5. The result is unpredictable if the client has more than one client certificate on the computer. On Internet Explorer 5.01 and earlier, it is not possible to select a client certificate programmatically (without using the user interface). So if you have IE version earlier than 5.5 you should use the UseInternetErrorDialog option to authenticate in GUI mode.
When the S/MIME Message component is about to Encrypt, Sign, Decrypt or Verify the current mail message, it requires client certificates. Please use the OnGetCertificate component event to select a client certificate within the certificate store or from the local file on the disk.
The following code displays how to use this event:
procedure TForm1.clSMimeMessageGetCertificate (Sender: TObject;
var ACertificate: TclCertificate; var Handled: Boolean);
begin
ACertificate := CertificateStore.CertificateByEmail('clevertester@company.mail');
Handled := True;
end; |
Use the same OnGetCertificate event when the SOAP Message component is about to Sign or Verify the current SOAP message.
The code below demonstrates how to load a certificate from the PFX file:
procedure TForm1.clSoapMessageGetCertificate(Sender: TObject;
var ACertificate: TclCertificate; var Handled: Boolean);
begin
clCertificateStore.ImportFromPFX(edtCertFile.Text, edtCertPassword.Text);
ACertificate := clCertificateStore[0];
Handled := True;
end; |
| 
Copyright © 2000-2007