## Summary **Objective: do a GET request over HTTPS.** Using TFPHTTPClient with GnuTLS gives positive results in some cases, but leads to exceptions in other cases. The successes/failures are consistent for a chosen web address. It may have to do with the settings or certificate of these websites, but `gnutls-cli` has no problem connecting to them and it concerns very common websites, like Google and Microsoft. ## System Information - **Operating system:** Linux, both Ubuntu 22.10 and Arch - **Processor architecture:** x86-64 - **Compiler version:** 3.2.2 - **Device:** Laptop ## Steps to reproduce Pascal program to reproduce: ```pascal program project1; {$mode objfpc}{$H+} uses SysUtils, fphttpclient, gnutls, gnutlssockets; const URLS: array[0..7] of string = ( 'https://www.belastingdienst.nl', 'https://www.overheid.nl', 'https://fancyssl.hboeck.de/', 'https://www.badssl.com', 'https://www.freepascal.org', 'https://www.ubuntu.com', 'https://www.google.com', 'https://www.microsoft.com' ); procedure TryURLs; var URL: string; begin for URL in URLS do try with TFPHTTPClient.Create(nil) do try AllowRedirect := True; Get(URL); finally Free; end; WriteLn(URL, ' succeeded.'); except on E: Exception do WriteLn(Format('%s failed! (%s)', [URL, E.Message])); end; end; begin TryURLs; end. ``` Result of running this program: ``` $ ./project1 https://www.belastingdienst.nl succeeded. https://www.overheid.nl succeeded. https://fancyssl.hboeck.de/ succeeded. https://www.badssl.com succeeded. https://www.freepascal.org failed! (Error reading data from socket) https://www.ubuntu.com failed! (Error reading data from socket) https://www.google.com failed! (Error reading data from socket) https://www.microsoft.com failed! (Error reading data from socket) ``` Result of using `gnutls-cli` for the same web addresses: ``` $ for url in www.belastingdienst.nl www.overheid.nl fancyssl.hboeck.de badssl.com www.freepascal.org www.ubuntu.com www.google.com www.microsoft.com; do echo $url; echo "^C" | gnutls-cli $url | grep -E "Status|Handshake"; done www.belastingdienst.nl - Status: The certificate is trusted. - Handshake was completed www.overheid.nl - Status: The certificate is trusted. - Handshake was completed fancyssl.hboeck.de - Status: The certificate is trusted. - Handshake was completed badssl.com - Status: The certificate is trusted. - Handshake was completed www.freepascal.org - Status: The certificate is trusted. - Handshake was completed www.ubuntu.com - Status: The certificate is trusted. - Handshake was completed www.google.com - Status: The certificate is trusted. - Handshake was completed www.microsoft.com - Status: The certificate is trusted. - Handshake was completed ``` ## What is the current bug behavior? For some web addresses, an exception is raised (Error reading data from socket). For other web addresses, the GET request succeeds flawlessly. ## What is the expected (correct) behavior? The GET request should succeed for all web addresses (at least those having a valid certificate).