#1 2013-09-04 07:25:20

DigDiver
Member
Registered: 2013-04-29
Posts: 137

SSL now WORKS!

Using the article from http://www.codeproject.com/Articles/240 … CF-Service

I registered the SSL certificate on my dev computer. But the SSL connection to the mORMot server fails.

After editing unit mORMotHttpServer.pas SSL connection works fine.

I added the optional parameter UseSSL: boolean;

TSQLHttpServer = class
...
    constructor Create(const aPort: AnsiString;
      const aServers: array of TSQLRestServer;
      UseSSL: Boolean = False;
      const aDomainName: AnsiString='+';
      aHttpServerKind: TSQLHttpServerOptions=useHttpApi; ServerThreadPoolCount: Integer=32); reintroduce; overload;
...
    constructor Create(const aPort: AnsiString; aServer: TSQLRestServer;
      UseSSL: Boolean = False;
      const aDomainName: AnsiString='+';
      aHttpServerKind: TSQLHttpServerOptions=useHttpApi; aRestAccessRights: PSQLAccessRights=nil;
      ServerThreadPoolCount: Integer=32); reintroduce; overload;
...
   function AddServer(aServer: TSQLRestServer; UseSSL: boolean = False; aRestAccessRights: PSQLAccessRights=nil): boolean;


...
function TSQLHttpServer.AddServer(aServer: TSQLRestServer;  UseSSL: Boolean;
  aRestAccessRights: PSQLAccessRights): boolean;
var i, n: integer;
{$ifdef WITHLOG}
    Log: ISynLog;
{$endif}
begin
  result := False;
{$ifdef WITHLOG}
  Log := TSQLLog.Enter(self);
  try
{$endif}
    if (self=nil) or (aServer=nil) or (aServer.Model=nil) then
      exit;
    for i := 0 to high(fDBServers) do
      if fDBServers[i].Server.Model.Root=aServer.Model.Root then
        exit; // register only once per URI Root address
    if fHttpServer.InheritsFrom(THttpApiServer) then
      // try to register the URL to http.sys
      if THttpApiServer(fHttpServer).
          AddUrl(aServer.Model.Root,fPort,UseSSL, fDomainName)<>NO_ERROR then   
...



constructor TSQLHttpServer.Create(const aPort: AnsiString;
  const aServers: array of TSQLRestServer;
  UseSSL: Boolean;
   const aDomainName: AnsiString;
  aHttpServerKind: TSQLHttpServerOptions; ServerThreadPoolCount: Integer);
var i,j: integer;
    ErrMsg: string;
{$ifdef WITHLOG}
    Log: ISynLog;
{$endif}
begin
...
  if aHttpServerKind in [useHttpApi,useHttpApiRegisteringURI] then
  try
    // first try to use fastest http.sys
    fHttpServer := THttpApiServer.Create(false);
    for i := 0 to high(aServers) do begin
      j := THttpApiServer(fHttpServer).AddUrl(
        aServers[i].Model.Root,aPort,UseSSL,aDomainName,     // false
        (aHttpServerKind=useHttpApiRegisteringURI));

...


constructor TSQLHttpServer.Create(const aPort: AnsiString;
  aServer: TSQLRestServer;
  UseSSL: Boolean;
  const aDomainName: AnsiString;
  aHttpServerKind: TSQLHttpServerOptions; aRestAccessRights: PSQLAccessRights;
  ServerThreadPoolCount: integer);
begin
  Create(aPort,[aServer],UseSSL, aDomainName,aHttpServerKind,ServerThreadPoolCount);
  if aRestAccessRights<>nil then
    DBServerAccessRight[0] := aRestAccessRights;
end;        

Offline

#2 2013-09-04 10:59:17

ab
Administrator
From: France
Registered: 2010-06-21
Posts: 14,183
Website

Re: SSL now WORKS!

Thanks for the feedback and patch.
Should be implemented by http://synopse.info/fossil/info/8122a8c339

I also updated the documentation, and write a blog article:
http://blog.synopse.info/post/2013/09/0 … -in-mORMot

Thanks again for sharing!

Offline

#3 2015-01-30 10:18:07

esmondb
Member
From: London
Registered: 2010-07-20
Posts: 299

Re: SSL now WORKS!

I've just set up SSL on my server and it works great!

btw when using windows 2012 the IIS Manager can simply install the certificate and registered it without having to use makecert and netsh as described in the docs (was using a free certificate from www.startssl.com)

I've noticed that TSQLHttpServer still responds to non SSL requests on port 80. Is there a way to stop this?

Offline

#4 2015-01-30 13:23:32

ab
Administrator
From: France
Registered: 2010-06-21
Posts: 14,183
Website

Re: SSL now WORKS!

esmondb wrote:

btw when using windows 2012 the IIS Manager can simply install the certificate and registered it without having to use makecert and netsh as described in the docs

I've updated the documentation.
See http://synopse.info/fossil/info/afca04fed5

esmondb wrote:

I've noticed that TSQLHttpServer still responds to non SSL requests on port 80. Is there a way to stop this?

Should be fixed by http://synopse.info/fossil/info/c6e0a46f42

Offline

#5 2015-02-01 08:19:28

esmondb
Member
From: London
Registered: 2010-07-20
Posts: 299

Re: SSL now WORKS!

esmondb wrote:

I've noticed that TSQLHttpServer still responds to non SSL requests on port 80. Is there a way to stop this?

Sorry, this statement was incorrect.
I'd forgotten to delete my old HTTPServer creation code, so in my code I should have deleted the first of these two lines:

  aHTTPServer := TSQLHttpServer.Create('80',[aServer]);
  aHTTPServer := TSQLHttpServer.Create('443',[aServer],'+',useHttpApiRegisteringURI,32,secSSL);

However, if I want to enable both SSL and plain connections is the above thread safe? ie having two TSQLHttpServer using one TSQLRestServer (yes, above I need to rename the second HttpServer.)

Offline

#6 2015-02-01 08:38:22

ab
Administrator
From: France
Registered: 2010-06-21
Posts: 14,183
Website

Re: SSL now WORKS!

Two TSQLHttpServer using one TSQLRestServer should be safe IMHO.
TSQLRestServer.URI is fully re-entrant and thread-safe.
There is no link from the TSQLHttpServer within the TSQLRestServer structure.
But we never tested this particular configuration.

Offline

#7 2015-02-01 08:41:20

esmondb
Member
From: London
Registered: 2010-07-20
Posts: 299

Re: SSL now WORKS!

Thanks for the quick answer.

Offline

Board footer

Powered by FluxBB