在 Delphi 中存在一个问题,即网络代码在 Win 10 上运行正常,但在 Win 7 上却不行。我正在尝试连接到 haveibeenpwned.com(HIBP)的小项目中。Win 7 返回“Error getting Server Certificate”。
为了解决 Win 7 的问题,我在 TNetHTTPRequest 和 TNetHTTPClient 中都添加了 OnValidateServerCertificate。在 Win 10 和 Win 7 上,OnValidateServerCertificate 看起来都没有被调用。
我在 2 台 Win 10 计算机和 2 台 Win 7 计算机上进行了测试,结果相同。 1)为什么 Win 7 返回“Error getting Server Certificate”? 2)为什么在 Win 10 或 Win 7 上不会调用 OnValidateServerCertificate?
感谢任何帮助!
unit MainUnt;
interface
uses
Winapi.Windows, Winapi.Messages, System.SysUtils, System.Variants,
System.Classes, Vcl.Graphics,
Vcl.Controls, Vcl.Forms, Vcl.Dialogs, Vcl.StdCtrls, System.Net.URLClient,
System.Net.HttpClientComponent,
System.Net.HttpClient;
type
TForm9 = class(TForm)
Button1: TButton;
procedure Button1Click(Sender: TObject);
function HIBPGetRangeResults( const AFirst5CharHashStr: String;
out ARangeResultsStr: String;
out AErrStr: String ): Boolean; inline;
procedure OnValidateServerCertificate( const Sender: TObject;
const ARequest: TURLRequest;
const Certificate: TCertificate;
var Accepted: Boolean );
end;
var
Form9: TForm9;
implementation
{$R *.dfm}
//SHA1( Pa$$word ): 775440A2B268C2F58A9A61B10CC10125703B3015
procedure TForm9.Button1Click(Sender: TObject);
var
TmpErrStr: String;
TmpResultsStr: String;
begin
//HIBP Range wants only the first 5 charactsers so search is anonymous.
if HIBPGetRangeResults( '77544', TmpResultsStr, TmpErrStr ) then
ShowMessage( TmpResultsStr )
else
ShowMessage( TmpErrStr );
end;
function TForm9.HIBPGetRangeResults( const AFirst5CharHashStr: String;
out ARangeResultsStr, AErrStr: String):
Boolean;
const
//GET https://api.pwnedpasswords.com/range/{first 5 hash chars}
//I don't know of another site at this point that works on Win 10, but
fails on Win 7.
kServiceNameStr = 'https://api.pwnedpasswords.com/range/';
var
TmpNetHTTPRequest: TNetHTTPRequest;
TmpNetHTTPClient: TNetHTTPClient;
TmpIHTTPResponse: IHTTPResponse;
begin
Result := False;
try
TmpNetHTTPRequest := TNetHTTPRequest.Create( Nil );
TmpNetHTTPClient := TNetHTTPClient.Create( Nil );
try
TmpNetHTTPClient.OnValidateServerCertificate :=
OnValidateServerCertificate;
TmpNetHTTPClient.ConnectionTimeout := 3000;
TmpNetHTTPClient.ResponseTimeout := 3000;
TmpNetHTTPClient.UserAgent := 'Testing'; //HIBP wants User Agent
filled.
TmpNetHTTPRequest.OnValidateServerCertificate :=
OnValidateServerCertificate;
TmpNetHTTPRequest.ConnectionTimeout := 3000;
TmpNetHTTPRequest.Client := TmpNetHTTPClient;
TmpNetHTTPRequest.URL := kServiceNameStr + AFirst5CharHashStr;
TmpIHTTPResponse := TmpNetHTTPRequest.Execute;
if TmpIHTTPResponse.StatusCode=200 then
begin
ARangeResultsStr := TmpIHTTPResponse.ContentAsString;
Result := True;
end
else
begin
AErrStr := 'Result:' + TmpIHTTPResponse.StatusText;
end;
finally
FreeAndNil( TmpNetHTTPClient );
FreeAndNil( TmpNetHTTPRequest );
end;
except on E: Exception do
AErrStr := E.Message;
end;
end;
procedure TForm9.OnValidateServerCertificate( const Sender: TObject;
const ARequest: TURLRequest;
const Certificate:
TCertificate;
var Accepted: Boolean );
begin
//Just to know it's been called at all.
//Not called in Win 10 or Win 7.
Beep;
end;
end.
链接https://api.pwnedpasswords.com/range/55555(哈希值的前5个字符样本)在IE中返回了证书错误。我在Win 7 Internet选项的高级设置中添加了TLS 1.1和1.2。这使得浏览器可以正常工作。
但是,程序仍然无法正常工作。因此,我搜索了Delphi源代码(Berlin)中的“获取服务器证书错误”,找到了“SNetHttpGetServerCertificate”。它位于System.Net.HttpClient中。
procedure THTTPClient.DoValidateServerCertificate(LRequest: THTTPRequest);
...
LServerCertificate := DoGetSSLCertificateFromServer(LRequest);
if LServerCertificate.Expiry = 0 then
raise
ENetHTTPCertificateException.CreateRes(@SNetHttpGetServerCertificate);
这似乎是唯一会引发异常的地方。不幸的是,在那里设置断点(即使启用了Debug DCUs)也没有触发。
在TWinHTTPClient.DoExecuteRequest中存在ServerCertificateInvalid的可能性,我正在跟踪此问题。我无法确定我的Win 10机器是否在Win 7上触发了该问题。
另外,我调用的域似乎使用了非常现代化的SSL配置:https://www.ssllabs.com/ssltest/analyze.html?d=api.pwnedpasswords.com&s=104.17.70.67。
也许某些内容与此配置、Delphi(Berlin)和Win 7不兼容?
感谢任何帮助!