No possibility of ignoring invalid SSL certificates

[patrick-heuer]

I cannot access our .NET/C# HTTP(S) RESTful applicationserver, because it seems that it is not to be possible to ignore invalid developer SSL certificates! In C# you can set a property or handle an event “OnValidateCertificate” in order to ignore invalid SSl certificates (to allow them anyway), but in this delphi component I wasn´t able to find a similar property, so I cannot use it with our REST server…

[ronaldhoek]

As the transport of the data itself is done by ohter components (WinHTTP or Indy). The SSL options need to be set at that level.

For WinHTTP see the option 'WinHttpRequestOption_SslErrorIgnoreFlags' I'm not sure, but I think Indy ignores them by default, when using SSL.

[patrick-heuer]

So, as solution you mean I shall build my own class (similar to WinHTTP), Setting the 'WinHttpRequestOption_SslErrorIgnoreFlags' properties there and use the OnCustomCreateConnection event to create the instance of my own class instead of using the original WinHTTP-class? Or shall we create a new property on TRestClient "IgnoreSSLErrors", and enhance the IHttpConnection Interface by that new propery?

[ronaldhoek]

I'd would rather suggest the latter - But it requires the implementation of this flag in each HTTP implementation - can you can create a PULL request for it ;)

But when you need a very quick sollution, you could just extend the current THttpConnectionWinHttp-class and set the options there... Then create that one in the OnCustomCreateConnection event

[thomaserlang]

Check the new VerifyCert option.

RestClient.VerifyCert := false;