How To Change HTTP Server Demo Into HTTPS Server Demo

It is easy. You must slightly modify current HTTP server demo. Make sure if you are using latest Synapse version first! (At least Synapse Release 36)

All changes was made in http.pas file.

  • Change listening port from 80 to 443. (in procedure TTCPHttpDaemon.Execute)
  • Add ssl_openssl unit to your project uses. You need OpenSsl DLL's and put it to same directory as your project executable.
  • Look to begin of procedure TTCPHttpThrd.Execute and add to their begin this lines:
  sock.SSLAcceptConnection;
  if sock.Lasterror <> 0 then
    Exit;

You have very simple HTTPS server now. Congratulations!

:?: When you try this code, then you can see delay with opening new HTTPS connection. It is because all SSL/TLS servers need to have their encryption key and certificate. Previous code using ad-hoc certificate Synapse's feature, where is created key and certificate for each incomming SSL/TLS connection separately at time of accepting of new connection. It cost some CPU time.

When you need fast accepting of HTTPS connections, then you must have their own server certificate and key. Create it by your favourite security tool. You can use self-signed certificate, when you need only encryption HTTPS feature. Otherwise you need signed certificate by some wold-known certificate issuer. (Like Verisign)

You need key and certificate in one of next formats: PEM, ASN1 DER or PFX. How to add your certificate to your code? For example, in case of PFX you must add before sock.SSLAcceptConnection line next code:

  sock.SSL.PFXfile := 'yourcert.pfx';
  sock.SSL.keyPassword:='your_pfx_secret_password';

Alternatively if you have PEM files and a self-signed CA, you can use:

  sock.SSL.CertificateFile:='cert.pem';
  sck.ssl.PrivateKeyFile:='key.pem';
  sock.ssl.CertCAFile:='cacert.pem';
  sock.SSL.KeyPassword:='your_pem_secret_password';

To make sure that clients do not identify content as being unencrypted, change the sock.sendstring line in TTCPHttpThrd.Execute to:

  sock.SendString('HTTPS/1.0 ' + IntTostr(ResultCode) + CRLF);

Note the change from HTTP/1.0 to HTTPS/1.0. Please note that this may work for some clients and not for others. You should examine the connection status on the client side to make sure it is encrypted. IE7 may not display the returned data if HTTP/1.0 is changed to HTTPS/1.0.

Not needed more changes in current HTP server demo. ;-)

public/howto/httpsserver.txt · Last modified: 2007/11/30 14:30 (external edit)
Driven by DokuWiki Recent changes RSS feed