RTC Server as a service and SSL (StreamSec)

[HalcyonLogic]

Hello all,

I have been evaluating StreamSec and had great support so far from Hendrick (thank you). Everything seems to work pretty good. However, I just noticed that if the RTC Server is ran a service, I get the following error in Chrome (which I do not get if the RTC Server is ran as an app).

SSL connection error
Unable to make a secure connection to the server. This may be a problem with the server, or it may be requiring a client authentication certificate that you don't have.
Error 107 (net::ERR_SSL_PROTOCOL_ERROR): SSL protocol error.

<DELPHI CODE SNIPPET>
procedure TMyService.ServiceStart( Sender: TService; var Started: Boolean );
begin
...
  ReleaseCryptPlugins;
  AddServerRootCertFile( 'root.cer' ); 
  AddServerPFXFile( 'server.pfx', 'abc' );
  RtcHttpServer1.CryptPlugin := GetServerCryptPlugin;
  RtcHttpServer1.Listen();
...
end
</DELPHI CODE SNIPPET>

Any idea of what is going on (i used the same kind of code when ran as an app)?

Richard

[D.Tkalcec (RTC)]

Windows Services are running from the Windows System folder and not from the EXE folder. You need to use absolute paths for all file names (SSL certificate files?)

Best Regards,
Danijel Tkalcec

[HalcyonLogic]

Thanks Danijel,
I tried using GetFullPath (see: http://docwiki.embarcadero.com/VCL/XE/en/IOUtils.TPath.GetFullPath which Returns the absolute path for a given path.), but still can't get my RTC/SSL Server to run as a service.

begin
  ...
  ReleaseCryptPlugins;

  // Windows Services are running from the Windows System folder and not from the
  // EXE folder. Use absolute paths for all file names (SSL certificate files).

  CertFile := TPath.GetFullPath( MyCertFile );
  AddServerRootCertFile( CertFile {'c:\MyDemo\root.cer'} ); 

  PFXFile := TPath.GetFullPath( MyPFXFile );
  AddServerPFXFile( PFXFile {'c:\MyDemo\server.pfx'}, MyPFXKey { 'abc' });

  RtcHttpServer1.CryptPlugin := GetServerCryptPlugin;
  RtcHttpServer1.Listen();
  ...
end;

Is that what you meant? Got a code example?

[D.Tkalcec (RTC)]

As far as I know, GetFullPath and ExpandFileName functions use the current working directory to expland paths. Because Windows Services are running from the Windows System folder, their current working directory will be the Windows System folder and NOT the folder where the EXE file is located. This is why these functions won't work.

The "AppFileName" variable in the "rtcInfo.pas" unit will be pointing to the EXE file, including the absolute path, so you can use something like this to add the absolute path to files inside the same folder as your EXE:

MyAbsoluteFileName := ExtractFilePath(AppFileName) + MyRelativeFileName;

Best Regards,
Danijel Tkalcec

[HalcyonLogic]

In that case, perhaps something else is going on because it still doesn't work.
Technically, I should now be using the AbsolutePath (using the AppFileName), but I still get the same SSL error (which I do not if my RTC Server is ran as an app).

uses
  rtcInfo;

begin
  ...
  MyAbsoluteFileName := ExtractFilePath( AppFileName );

  CertFile := ExcludeTrailingPathDelimiter( MyAbsoluteFileName ) + '\root.cer';
  AddServerRootCertFile( CertFile {'root.cer'} );

  PFXFile := ExcludeTrailingPathDelimiter( MyAbsoluteFileName ) + '\server.pfx';
  AddServerPFXFile( PFXFile {'server.pfx'}, 'abc' );

  RtcHttpServer1.CryptPlugin := GetServerCryptPlugin;
  RtcHttpServer1.Listen();
  ...
end;

Been starring at this small piece of code for too long now :-)
Would you happen to have a working demo of an RTC Server (using SSL) AND running as a Service?

Richard

[D.Tkalcec (RTC)]

I'm sorry, but this is as far as my knowledge of StreamSec components goes. If using absolute paths does not solve your problem, then you will have to contact StreamSec for support.

Best Regards,
Danijel Tkalcec

[Henrick (StreamSec)]

It seems likely that you have been hit by a side effect the way of some versions of ST 2.1 work in threaded environments. There is an optimization for event driven sockets, that makes it possible to by-pass some time consuming critical sections in event driven applications, at the expense of requiring the components to always be created in the main VCL thread (where all the windows event listening takes place).

Hence, there simplest solutions that would solve your issue: Make sure the ST 2.1 components are created in the main thread, e.g. by calling GetServerCryptPlugin from OnCreate of a data module that is auto-created by the dpr file (check View Source to make sure).

This behavior has, to some extent, been changed in later versions of ST 2.1 and ST 2.2, but the relevant code is still there, so the recommendation to create the components in the main thread, remains.

[HalcyonLogic]

Sir, you are a true gentlemen.

That totally fixed it. No way I would have figured this little peculiarity out on my own.

People out there thinking about using StreamSec, please know that their support is rock solid (just like RTC's :-)

Thanks for the reply (to both of you),
Richard

[Henrick (StreamSec)]

Thank you for your kind words, glad to be of service.