SSL now WORKS!

DigDiver · 2013-09-04 07:25:20

Using the article from http://www.codeproject.com/Articles/240 … CF-Service

I registered the SSL certificate on my dev computer. But the SSL connection to the mORMot server fails.

After editing unit mORMotHttpServer.pas SSL connection works fine.

I added the optional parameter UseSSL: boolean;

TSQLHttpServer = class
...
    constructor Create(const aPort: AnsiString;
      const aServers: array of TSQLRestServer;
      UseSSL: Boolean = False;
      const aDomainName: AnsiString='+';
      aHttpServerKind: TSQLHttpServerOptions=useHttpApi; ServerThreadPoolCount: Integer=32); reintroduce; overload;
...
    constructor Create(const aPort: AnsiString; aServer: TSQLRestServer;
      UseSSL: Boolean = False;
      const aDomainName: AnsiString='+';
      aHttpServerKind: TSQLHttpServerOptions=useHttpApi; aRestAccessRights: PSQLAccessRights=nil;
      ServerThreadPoolCount: Integer=32); reintroduce; overload;
...
   function AddServer(aServer: TSQLRestServer; UseSSL: boolean = False; aRestAccessRights: PSQLAccessRights=nil): boolean;


...
function TSQLHttpServer.AddServer(aServer: TSQLRestServer;  UseSSL: Boolean;
  aRestAccessRights: PSQLAccessRights): boolean;
var i, n: integer;
{$ifdef WITHLOG}
    Log: ISynLog;
{$endif}
begin
  result := False;
{$ifdef WITHLOG}
  Log := TSQLLog.Enter(self);
  try
{$endif}
    if (self=nil) or (aServer=nil) or (aServer.Model=nil) then
      exit;
    for i := 0 to high(fDBServers) do
      if fDBServers[i].Server.Model.Root=aServer.Model.Root then
        exit; // register only once per URI Root address
    if fHttpServer.InheritsFrom(THttpApiServer) then
      // try to register the URL to http.sys
      if THttpApiServer(fHttpServer).
          AddUrl(aServer.Model.Root,fPort,UseSSL, fDomainName)<>NO_ERROR then   
...



constructor TSQLHttpServer.Create(const aPort: AnsiString;
  const aServers: array of TSQLRestServer;
  UseSSL: Boolean;
   const aDomainName: AnsiString;
  aHttpServerKind: TSQLHttpServerOptions; ServerThreadPoolCount: Integer);
var i,j: integer;
    ErrMsg: string;
{$ifdef WITHLOG}
    Log: ISynLog;
{$endif}
begin
...
  if aHttpServerKind in [useHttpApi,useHttpApiRegisteringURI] then
  try
    // first try to use fastest http.sys
    fHttpServer := THttpApiServer.Create(false);
    for i := 0 to high(aServers) do begin
      j := THttpApiServer(fHttpServer).AddUrl(
        aServers[i].Model.Root,aPort,UseSSL,aDomainName,     // false
        (aHttpServerKind=useHttpApiRegisteringURI));

...


constructor TSQLHttpServer.Create(const aPort: AnsiString;
  aServer: TSQLRestServer;
  UseSSL: Boolean;
  const aDomainName: AnsiString;
  aHttpServerKind: TSQLHttpServerOptions; aRestAccessRights: PSQLAccessRights;
  ServerThreadPoolCount: integer);
begin
  Create(aPort,[aServer],UseSSL, aDomainName,aHttpServerKind,ServerThreadPoolCount);
  if aRestAccessRights<>nil then
    DBServerAccessRight[0] := aRestAccessRights;
end;

ab · 2013-09-04 10:59:17

Thanks for the feedback and patch.
Should be implemented by http://synopse.info/fossil/info/8122a8c339

I also updated the documentation, and write a blog article:
http://blog.synopse.info/post/2013/09/0 … -in-mORMot

Thanks again for sharing!

esmondb · 2015-01-30 10:18:07

I've just set up SSL on my server and it works great!

btw when using windows 2012 the IIS Manager can simply install the certificate and registered it without having to use makecert and netsh as described in the docs (was using a free certificate from www.startssl.com)

I've noticed that TSQLHttpServer still responds to non SSL requests on port 80. Is there a way to stop this?

ab · 2015-01-30 13:23:32

esmondb wrote:

btw when using windows 2012 the IIS Manager can simply install the certificate and registered it without having to use makecert and netsh as described in the docs

I've updated the documentation.
See http://synopse.info/fossil/info/afca04fed5

esmondb wrote:

I've noticed that TSQLHttpServer still responds to non SSL requests on port 80. Is there a way to stop this?

Should be fixed by http://synopse.info/fossil/info/c6e0a46f42

esmondb · 2015-02-01 08:19:28

esmondb wrote:

I've noticed that TSQLHttpServer still responds to non SSL requests on port 80. Is there a way to stop this?

Sorry, this statement was incorrect.
I'd forgotten to delete my old HTTPServer creation code, so in my code I should have deleted the first of these two lines:

  aHTTPServer := TSQLHttpServer.Create('80',[aServer]);
  aHTTPServer := TSQLHttpServer.Create('443',[aServer],'+',useHttpApiRegisteringURI,32,secSSL);

However, if I want to enable both SSL and plain connections is the above thread safe? ie having two TSQLHttpServer using one TSQLRestServer (yes, above I need to rename the second HttpServer.)

ab · 2015-02-01 08:38:22

Two TSQLHttpServer using one TSQLRestServer should be safe IMHO.
TSQLRestServer.URI is fully re-entrant and thread-safe.
There is no link from the TSQLHttpServer within the TSQLRestServer structure.
But we never tested this particular configuration.

esmondb · 2015-02-01 08:41:20

Thanks for the quick answer.

mORMot Open Source

#1 2013-09-04 07:25:20

SSL now WORKS!

#2 2013-09-04 10:59:17

Re: SSL now WORKS!

#3 2015-01-30 10:18:07

Re: SSL now WORKS!

#4 2015-01-30 13:23:32

Re: SSL now WORKS!

#5 2015-02-01 08:19:28

Re: SSL now WORKS!

#6 2015-02-01 08:38:22

Re: SSL now WORKS!

#7 2015-02-01 08:41:20

Re: SSL now WORKS!

Board footer