Skip to content

TIdSimpleWebSocketClient TLS error - 400 Bad request, the plain HTTP request was sent to HTTPS port #10

New issue
New issue
Open
Open
TIdSimpleWebSocketClient TLS error - 400 Bad request, the plain HTTP request was sent to HTTPS port#10
@rlebeau

Description

@rlebeau
rlebeau
opened on Apr 18, 2022

TIdSimpleWebSocketClient.Connect() does not assign TIdSSLIOHandlerSocketBase.PassThrough=False before calling inherited Connect when connecting to a secure wss: URL. It assumes the caller has already set PassThrough=False before calling TIdSimpleWebSocketClient.Connect(). But, if the user has not done so, or worse if an IOHandler is not assigned and AutoCreateHandler=True, the inherited Connect ends up being called with PassThrough=True instead of PassThrough=False.

Also, TIdSimpleWebSocketClient is dependent on TIdSSLIOHandlerSocketOpenSSL specifically, which is not a good idea. That happens to be Indy's default SSLIOHandler class right now, but that may change in the future, and also other SSLIOHandler classes do exist in the world, which users may want to use instead of Indy's. So, rather than creating TIdSSLIOHandlerSocketOpenSSL directly, you should use TIdIOHandler.[Try]MakeIOHandler(TIdSSLIOHandlerSocketBase) instead (like TIdHTTP does), so Indy's default registered SSLIOHandler class gets used. This will allow Indy to change the default SSLIOHandler in the future, as well as allow users to register custom SSLIOHandlers.

Note, of course, that TIdSSLIOHandlerSocketOpenSSL does not currently enable TLS 1.1/1.2 by default (IndySockets/IndyTLS-OpenSSL#13), but that may be fixed in the future. But if the user really wants to use OpenSSL w/ TLS 1.1/1.2 today, they can simply assign the TIdSimpleWebSocketClient.IOHandler themselves and not rely on AutoCreateHandler. TIdSimpleWebSocketClient itself should not force the user to use a specific SSL/TLS implementation.

Try something more like this:

if lSecure and not (self.IOHandler is TIdSSLIOHandlerSocketBase) then
begin
  if (self.IOHandler = nil) and self.AutoCreateHandler then //for simple life
  begin
    self.IOHandler := TIdIOHandler.MakeIOHandler(TIdSSLIOHandlerSocketBase, self);
    self.ManagedIOHandler := True;
  end else
    raise Exception.Create('Please, inform a TIdSSLIOHandlerSocketBase descendant');
end;

if (self.IOHandler is TIdSSLIOHandlerSocketBase) then
  TIdSSLIOHandlerSocketBase(self.IOHandler).PassThrough := not lSecure;
inherited Connect;
...

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions