Site Map Email Us Home
 
All Products
Clever Internet Suite
Clever Internet .NET Suite
Clever Internet ActiveX Suite
Clever Keyboard Indicator
Database Comparer
Database Comparer VCL
Database Comparer ActiveX
Interbase DataPump
Subscribe and receive email notifications on all major releases and other important events.
Your Name:
Your Email:
 
Latest News

Access repair download
Repair Database Files



Best Offer for Delphi / C++ Builder Developers
 

Buy FIBPlus at discount price !
 
 
Products Articles Downloads Order Support
Components  | Samples  | FAQ  | Download  | Order  | History 
 

SSL / TLS support

SSL / TLS support  | Using certificates  | FTP + SSL 
 

All protocol components from the Clever Internet Suite fully support the SSL / TLS negotiation mode: HTTPS, SFTP, SMTP, POP3, IMAP and NNTP.

For all these protocols (except for HTTPS) the Clever Internet Suite supports the explicit mode for establishing the secured connection. This means that the component will first connect in plaintext, and then explicitly start SSL negotiation through a protocol command such as STARTTLS.

For specifying the used SSL / TLS communication mode, the UseTLS property is implemented.

Client Components

In the client-side components, this property can accept the following values:

  • ctAutomatic - If the Port property is set to the standard plaintext port of the protocol, the component will behave the same as if UseTLS is set to ctExplicit. In all other cases, SSL negotiation will be implicit (ctImplicit).
  • ctImplicit - The SSL negotiation will start immediately after the connection is established.
  • ctExplicit - The component will first connect in plaintext, and then explicitly start SSL negotiation through a protocol command such as STARTTLS.
  • ctNone - No SSL negotiation, no SSL security. All communication will be in plaintext mode.

The OnVerifyServer event occurs when the server presents its certificate to the client and the client can decide whether to continue with the connection process:

procedure TMainForm.clHTTPVerifyServer(Sender: TObject;
   ACertificate: TclCertificate; const AStatusText: String;
   AStatusCode: Integer; var AVerified: Boolean);
var
   newInstance: TclCertificate;
begin
   if not AVerified and (MessageDlg(AStatusText + #13#10' Do you wish to proceed ?',
      mtWarning, [mbYes, mbNo], 0) = mrYes) then
   begin
      newInstance := clCertificateStore1.AddFrom(ACertificate);
      clCertificateStore1.StoreName := 'CA';
      clCertificateStore1.Install(newInstance);
      AVerified := True;
   end;
end;

Also the CertificateFlags client property allows you to resolve the problems concerned with an invalid certificate common name, expired certificate date and unknown authority. Currently the following flags are available: cfIgnoreCommonNameInvalid, cfIgnoreDateInvalid, cfIgnoreUnknownAuthority, cfIgnoreRevocation, cfIgnoreWrongUsage.

Using the StartTls client method, you can explicitly initiate the TLS / SSL negotiation and establish the secured Network communication with the server.

Server Components

In the server-side components, the UseTLS property accepts other values:

  • stNone - No SSL negotiation, no SSL security. All communication will be in plaintext mode.
  • stImplicit - The SSL negotiation will start immediately after the connection is established.
  • stExplicitAllow - The component will first connect in plaintext, and then explicitly start SSL negotiation through a protocol command such as STARTTLS. The non-secured communication is allowed.
  • stExplicitRequire - The component will first connect in plaintext, and then explicitly start SSL negotiation through a protocol command such as STARTTLS. The non-secured communication is not allowed.

The OnGetCertificate server event allows you to specify a server certificate for establishing the secured connection. You can create your own self-signed certificate, as well as load any other certificate from a certificate store:

procedure TMainForm.clImap4Server1GetCertificate(Sender: TObject;
   var ACertificate: TclCertificate;
   AExtraCerts: TclCertificateList; var Handled: Boolean);
begin
   if clCertificateStore1.Items.Count = 0 then
   begin
   clCertificateStore1.ValidFrom := Now();
      clCertificateStore1.ValidTo := Now() + 365;
      ACertificate := clCertificateStore1.CreateSelfSigned('CN=CleverTester,O=CleverComponents,E=CleverTester@company.mail', 0);
      clCertificateStore1.Items.Add(ACertificate);
   end;
   ACertificate := clCertificateStore1.Items[0];
   Handled := True;
end;

procedure TMainForm.clImap4Server1GetCertificate(Sender: TObject;
   var ACertificate: TclCertificate;
   AExtraCerts: TclCertificateList; var Handled: Boolean);
begin
   if clCertificateStore1.Count = 0 then
   begin
      clCertificateStore1.Open('MY', slLocalMachine);
   end;
   ACertificate := clCertificateStore1.CertificateByIssuedTo('John Doe');
   Handled := True;
end;

 
Home  | Site Map  | Products  | Articles  | Downloads  | Order  | Support
 
    Copyright © 2000-2010