TROOpenSSL

Overview

Location

  • Unit: uROSocket.pas
  • Ancestry: TPersistent | TROOpenSSL


 

constructor Create

Creates a new instance.

constructor Create

Assign  override

Copies data from a given source.

procedure Assign(Source: TPersistent)

Parameters:

  • Source: Instance whose properties will be copied

CADir

Default locations for trusted CA certificates

property CADir: string read write

CAFile

Default CA certificate file

property CAFile: string read write

CAKeyFile

CA private file, is needed for generating self-signed certificate

property CAKeyFile: string read write

CertFile

Certificate file that contains cert.pem and key.pem:

-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
-----BEGIN ENCRYPTED PRIVATE KEY-----
...
-----END ENCRYPTED PRIVATE KEY-----

optionally, it can contain also CAcert.pem and/or rootcert.pem like

-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
-----BEGIN ENCRYPTED PRIVATE KEY-----
...
-----END ENCRYPTED PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----

property CertFile: string read write

Ciphers

Simple colon (':') separated list of TLSv1.3 ciphersuite names in order of preference.
When empty, default openssl value is used

property Ciphers: string read write

LastError

property LastError: Integer read

LastErrorDesc

property LastErrorDesc: string read

OnCertificateGenerating

Allow to specify fields for self-signed certificate (server-side only)

property OnCertificateGenerating: TROOpenSSLCertificateGenerating read write
delegate:  procedure OnCertificateGenerating(var Subject: string; var Issuer: string; var HashAlgorithm: string; var BitNumber: Word)

OnPassword

Allows to specify default password for encrypted PEM file

property OnPassword: TROOpenSSLPassword read write
delegate:  procedure OnPassword(Sender: TROOpenSSL; var aPassword: string; const IsWrite: Boolean)

OnVerifyCeft

Allows to use custom validation

property OnVerifyCeft: TROOpenSSLVerifyCeft read write
delegate:  procedure OnVerifyCeft(anIssuer: string; aSubject: string; aSerial: Cardinal; ErrorCode: Cardinal; Depth: Cardinal; var Ok: Boolean)

Options

Options

property Options: TROOpenSSLOptions read write

SecurityLevel

Security level. valid values: 0..5

property SecurityLevel: Integer read write

SNIHost

Server Name Identification (server-side only)

property SNIHost: string read write

SSLEnabled

Allows/disallows to use SSL

property SSLEnabled: Boolean read write

SubjectAltName

Subject Alt Name (server-side only), comma separated. Can contain DNS:host and/or IP:address

examples: - DNS:localhost - IP:127.0.0.1 - IP:::1 - DNS:localhost,IP:127.0.0.1,IP:::1

property SubjectAltName: string read write

VerifyDepth

The maximum depth for the certificate chain verification

property VerifyDepth: Integer read write

VerifyModes

Verify mode

property VerifyModes: TOpenSSLVerifyModes read write

 

CADir

Default locations for trusted CA certificates

property CADir: string read write

CAFile

Default CA certificate file

property CAFile: string read write

CAKeyFile

CA private file, is needed for generating self-signed certificate

property CAKeyFile: string read write

CertFile

Certificate file that contains cert.pem and key.pem:

-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
-----BEGIN ENCRYPTED PRIVATE KEY-----
...
-----END ENCRYPTED PRIVATE KEY-----

optionally, it can contain also CAcert.pem and/or rootcert.pem like

-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
-----BEGIN ENCRYPTED PRIVATE KEY-----
...
-----END ENCRYPTED PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----

property CertFile: string read write

Ciphers

Simple colon (':') separated list of TLSv1.3 ciphersuite names in order of preference.
When empty, default openssl value is used

property Ciphers: string read write

LastError

property LastError: Integer read

LastErrorDesc

property LastErrorDesc: string read

Options

Options

property Options: TROOpenSSLOptions read write

SecurityLevel

Security level. valid values: 0..5

property SecurityLevel: Integer read write

SNIHost

Server Name Identification (server-side only)

property SNIHost: string read write

SSLEnabled

Allows/disallows to use SSL

property SSLEnabled: Boolean read write

SubjectAltName

Subject Alt Name (server-side only), comma separated. Can contain DNS:host and/or IP:address

examples: - DNS:localhost - IP:127.0.0.1 - IP:::1 - DNS:localhost,IP:127.0.0.1,IP:::1

property SubjectAltName: string read write

VerifyDepth

The maximum depth for the certificate chain verification

property VerifyDepth: Integer read write

VerifyModes

Verify mode

property VerifyModes: TOpenSSLVerifyModes read write

 

constructor Create

Creates a new instance.

constructor Create

Assign  override

Copies data from a given source.

procedure Assign(Source: TPersistent)

Parameters:

  • Source: Instance whose properties will be copied

 

OnCertificateGenerating

Allow to specify fields for self-signed certificate (server-side only)

property OnCertificateGenerating: TROOpenSSLCertificateGenerating read write
delegate:  procedure OnCertificateGenerating(var Subject: string; var Issuer: string; var HashAlgorithm: string; var BitNumber: Word)

OnPassword

Allows to specify default password for encrypted PEM file

property OnPassword: TROOpenSSLPassword read write
delegate:  procedure OnPassword(Sender: TROOpenSSL; var aPassword: string; const IsWrite: Boolean)

OnVerifyCeft

Allows to use custom validation

property OnVerifyCeft: TROOpenSSLVerifyCeft read write
delegate:  procedure OnVerifyCeft(anIssuer: string; aSubject: string; aSerial: Cardinal; ErrorCode: Cardinal; Depth: Cardinal; var Ok: Boolean)