Board index » delphi » Proxy Server, Indy, & SSL

Proxy Server, Indy, & SSL

I'm trying to build a SSL Proxy Server. What I mean is, there is data on a
web server that needs to be encrypted (using SSL) but the server does not
know how to handle SSL. What I want to do is write a "middle man" that will
decrypt incoming information and pass it to the server, then encrypt
information coming from the server and pass it to the client.

What is the best way to do this (I'm using Indy)?

I figure that I'll use a mapped port so that requests/responses go directly
from my proxy to the web server... but what about the SSL? How do I use the
SSL components that come with Indy in this case?

Also, where do I get SSL certificates and keys?

Thanks -

--
- Jimmy                                  -
------------------------------------------
- http://www.used-disks.com/Programming/ -
------------------------------------------
- No direct email unless requested       -
:

 

Re:Proxy Server, Indy, & SSL


ji...@NOSPAMused-disks.com (Jimmy \(Used-Disks\)) wrote in <3a54d1cf_1
@dnews>:

Quote
>I figure that I'll use a mapped port so that requests/responses go directly
>from my proxy to the web server... but what about the SSL? How do I use the
>SSL components that come with Indy in this case?

Have you looked at the SSL tunnel demo? Thats how I get onto SSL newsgroups
with XNews which does not support SSL.

Quote
>Also, where do I get SSL certificates and keys?

From a certificate authority.

--
Chad Z. Hower (Kudzu) - Church Hill, TN - Team Indy
      "Programming is an art form that fights back"
Forget the Y2K problem, Lets fix the W2K problem.
http://www.pbe.com/Kudzu/ - Free Delphi/CBuilder components and articles

Re:Proxy Server, Indy, & SSL


Quote
> Have you looked at the SSL tunnel demo? Thats how I get onto SSL
newsgroups
> with XNews which does not support SSL.

Looks good! I'll test it out as soon as I get a certificate.

Quote
> >Also, where do I get SSL certificates and keys?

> From a certificate authority.

Any suggestions? I heard verisign is very expensive and that there are
cheaper alternatives... any ideas?
--
- Jimmy                                  -
------------------------------------------
- http://www.used-disks.com/Programming/ -
------------------------------------------
- No direct email unless requested       -
:

Re:Proxy Server, Indy, & SSL


Quote
> Looks good! I'll test it out as soon as I get a certificate.

Ok... I got a trial certificate; but there are a couple problems...

One; I had to use IIS to generate a request for the certificate, is there
any way to do this without IIS or another web server?
Two; How do I use the certificate with Indy? I can't tell where the files
went or what they're called... how do I get started?

--
- Jimmy                                  -
------------------------------------------
- http://www.used-disks.com/Programming/ -
------------------------------------------
- No direct email unless requested       -
:

Re:Proxy Server, Indy, & SSL


I am sorry but there is a long story about certificates and formats.
Indy uses PEM format (OpenSSL) certificates.

Regards,
Gregor

Quote
"Jimmy (Used-Disks)" <ji...@NOSPAMused-disks.com> wrote in message

news:3a561a28$1_2@dnews...
Quote
> > Looks good! I'll test it out as soon as I get a certificate.

> Ok... I got a trial certificate; but there are a couple problems...

> One; I had to use IIS to generate a request for the certificate, is there
> any way to do this without IIS or another web server?
> Two; How do I use the certificate with Indy? I can't tell where the files
> went or what they're called... how do I get started?

> --
> - Jimmy                                  -
> ------------------------------------------
> - http://www.used-disks.com/Programming/ -
> ------------------------------------------
> - No direct email unless requested       -
> :

Re:Proxy Server, Indy, & SSL


Quote
> Indy uses PEM format (OpenSSL) certificates.

Where do I get those from? I looked on the site the Indy Help links to, but
found nothing.

--
- Jimmy                            -
------------------------------------
- URL: http://www.used-disks.com/  -
- ICQ: 94565958                    -
- AOL: UsedDisks                   -
------------------------------------
- No direct email unless requested -
:

Re:Proxy Server, Indy, & SSL


ji...@NILSPAMused-disks.com (Jimmy \(Used-Disks\)) wrote in <3a5749f5$1_2
@dnews>:

Quote
>Where do I get those from? I looked on the site the Indy Help links to, but
>found nothing.

There is a utility to convert them somewhere. Im sure Gregor will elaborate.

--
Chad Z. Hower (Kudzu) - Church Hill, TN - Team Indy
      "Programming is an art form that fights back"
Forget the Y2K problem, Lets fix the W2K problem.
http://www.pbe.com/Kudzu/ - Free Delphi/CBuilder components and articles

Re:Proxy Server, Indy, & SSL


You can download the instructions on how to build OpenSSL and build it with
some C compiler.
You need OpenSSL.exe to create certificates any keys.
Or you can browse the Internet and find the compiled version.
Or you can tell me to post the OpenSSL to Intetlicom's web site.

Which one will you choose?

Regards,
Gregor

"Kudzu - Team Indy" <chad...@pbe.com> wrote in message
news:9021CAE33chadngpbecom@207.105.83.62...

Quote
> ji...@NILSPAMused-disks.com (Jimmy \(Used-Disks\)) wrote in <3a5749f5$1_2
> @dnews>:
> >Where do I get those from? I looked on the site the Indy Help links to,
but
> >found nothing.

> There is a utility to convert them somewhere. Im sure Gregor will
elaborate.

> --
> Chad Z. Hower (Kudzu) - Church Hill, TN - Team Indy
>       "Programming is an art form that fights back"
> Forget the Y2K problem, Lets fix the W2K problem.
> http://www.pbe.com/Kudzu/ - Free Delphi/CBuilder components and articles

Re:Proxy Server, Indy, & SSL


Quote
> You can download the instructions on how to build OpenSSL and build it
with
> some C compiler.
> You need OpenSSL.exe to create certificates any keys.
> Or you can browse the Internet and find the compiled version.
> Or you can tell me to post the OpenSSL to Intetlicom's web site.

> Which one will you choose?

Hmm... I think I'll go with "tell you to post the OpenSSL to Intelicom's web
site."

That's my final answer :-)

Thanks Gregor.

--
- Jimmy                            -
------------------------------------
- URL: http://www.used-disks.com/  -
- ICQ: 94565958                    -
- AOL: UsedDisks                   -
------------------------------------
- No direct email unless requested -
:

Re:Proxy Server, Indy, & SSL


gregor.i...@intelicom.si (Gregor Ibic) wrote in <93a0gu$m5p1
@bornews.inprise.com>:

Quote
>Or you can tell me to post the OpenSSL to Intetlicom's web site.

>Which one will you choose?

Regardless or which one he chooses, please do zip it with whatever docs are
needed and post it along with the SSL DLLs. Im sure others will be interested
in it as well.

--
Chad Z. Hower (Kudzu) - Church Hill, TN - Team Indy
      "Programming is an art form that fights back"
Forget the Y2K problem, Lets fix the W2K problem.
http://www.pbe.com/Kudzu/ - Free Delphi/CBuilder components and articles

Re:Proxy Server, Indy, & SSL


Interested,  aha?

I will package it and add some docs. Probably I will put some Faq list on my
page, cause I'm answering same questions over and over again.
Just give me some time.

Regards,
Gregor

"Kudzu - Team Indy" <chad...@pbe.com> wrote in message
news:9022E5F45chadngpbecom@207.105.83.62...

Quote
> gregor.i...@intelicom.si (Gregor Ibic) wrote in <93a0gu$m5p1
> @bornews.inprise.com>:
> >Or you can tell me to post the OpenSSL to Intetlicom's web site.

> >Which one will you choose?

> Regardless or which one he chooses, please do zip it with whatever docs
are
> needed and post it along with the SSL DLLs. Im sure others will be
interested
> in it as well.

> --
> Chad Z. Hower (Kudzu) - Church Hill, TN - Team Indy
>       "Programming is an art form that fights back"
> Forget the Y2K problem, Lets fix the W2K problem.
> http://www.pbe.com/Kudzu/ - Free Delphi/CBuilder components and articles

Re:Proxy Server, Indy, & SSL


gregor.i...@intelicom.si (Gregor Ibic) wrote in <93bov0$8q12
@bornews.inprise.com>:

Quote
>I will package it and add some docs. Probably I will put some Faq list on my
>page, cause I'm answering same questions over and over again.

A SSL FAQ would be a very good idea... If you want the Indy SSL site to link
to somewhere different on Intellicom just let me know.

--
Chad Z. Hower (Kudzu) - Church Hill, TN - Team Indy
      "Programming is an art form that fights back"
Forget the Y2K problem, Lets fix the W2K problem.
http://www.pbe.com/Kudzu/ - Free Delphi/CBuilder components and articles

Re:Proxy Server, Indy, & SSL


Quote
> I will package it and add some docs. Probably I will put some Faq list on
my
> page, cause I'm answering same questions over and over again.
> Just give me some time.

Hey Gregor, any updates on this?

Thanks for your help.

--
- Jimmy                                  -
------------------------------------------
- http://www.used-disks.com/Programming/ -
------------------------------------------
- No direct email unless requested       -
:

Other Threads