Dimitris Botsis wrote: > OK, everything is fine now. > But may I ask something strange (at least for me) I noticed ? > When I use following code to retrieve remote cert : > > form1.SslHttpCli1.URL := 'https://<website>'; > form1.SslHttpCli1.Get; > form1.SslHttpCli1.SslContext.InitContext;
Calling SslContext.InitContext after Get is useless. Call it before Get once and wrap it in a try except block. > > I have noticed that the event "OnSSLVerifyPeer", after every call I > make to code above, on some sites event is fired 1 time, on other > sites 2 times, on other sites 4 times etc. > For example, when I call at https://www.facebook.com, event is fired 4 > times, all 4 instances have the same structure (of a certificate - > TX509) but are not all of them always the same. > > For example for https://www.facebook.com, I have following Serial > Numbers return on each reply (notice: I make 1 call) : > > 1) > Serial Number: 1116160165 (0x428740a5) > Issuer: C=US, O=Entrust.net, OU=www.entrust.net/CPS incorp. by ref. > (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Secure > Server Certification Authority > > 2) > Serial Number: 1116160165 (0x428740a5) > Issuer: C=US, O=Entrust.net, OU=www.entrust.net/CPS incorp. by ref. > (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Secure > Server Certification Authority > > 3) > Serial Number: 08:51:f9:59:81:41:45:ca:bd:e0:24:e2:12:c9:c2:0e > Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High > Assurance EV Root CA > > 4) > Serial Number: 0c:6f:c8:59:57:fa:1f:5f:c9:67:2c:9f:e6:5c:db:e6 > Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High > Assurance CA-3 > > Can you please explain that ? It's simple, if a certificate passed OpenSSL's verification OnSSLVerifyPeer is called once for the current certificate with OK = 1. If there is one or more errors OnSSLVerifyPeer triggers for each error of the certificate with OK = 0. -- Arno Garrels -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
