date:20170412

Re: [Synalist] Error with OpenSSL 1.1

2017-04-12 Thread Mattia Verga


Il 12/04/2017 12:46, Lukas Gebauer ha scritto:

Latest changes are a few months ago... I have no time for huge
development now, however Synapse still working fine.

Fact is - OpenSSL 1.1 still not sopported yet. Sorry.



Thanks,
I wrote the attached patch for Skychart and Fedora specifically to make 
Synapse use the new TLS_method as default.
It's not backward compatible with OpenSSL 1.0 (which does not recognize 
the new method), but I hope it helps.


Mattia
diff -U 3 -dHrN -- a/skychart/component/synapse/source/lib/blcksock.pas b/skychart/component/synapse/source/lib/blcksock.pas
--- a/skychart/component/synapse/source/lib/blcksock.pas	2017-04-12 09:21:36.872249313 +0200
+++ b/skychart/component/synapse/source/lib/blcksock.pas	2017-04-12 09:21:58.686247010 +0200
@@ -240,7 +240,7 @@
   {:Specify requested SSL/TLS version for secure connection.}
   TSSLType = (
 LT_all,
-LT_SSLv2,
+LT_SSLv23,
 LT_SSLv3,
 LT_TLSv1,
 LT_TLSv1_1,
diff -U 3 -dHrN -- a/skychart/component/synapse/source/lib/ssl_openssl_lib.pas b/skychart/component/synapse/source/lib/ssl_openssl_lib.pas
--- a/skychart/component/synapse/source/lib/ssl_openssl_lib.pas	2017-03-05 10:27:48.0 +0100
+++ b/skychart/component/synapse/source/lib/ssl_openssl_lib.pas	2017-04-12 09:16:06.067282537 +0200
@@ -125,8 +125,8 @@
 DLLUtilName: string = 'crypto.dll';
   {$ENDIF OS2GCC}
  {$ELSE OS2}
-DLLSSLName: string = 'libssl.so';
-DLLUtilName: string = 'libcrypto.so';
+DLLSSLName: string = 'libssl.so.1.1';
+DLLUtilName: string = 'libcrypto.so.1.1';
  {$ENDIF OS2}
 {$ENDIF}
   {$ELSE}
@@ -283,11 +283,6 @@
 
   [DllImport(DLLSSLName, CharSet = CharSet.Ansi,
 SetLastError = False, CallingConvention= CallingConvention.cdecl,
-EntryPoint = 'SSLv2_method')]
-function SslMethodV2 : PSSL_METHOD; external;
-
-  [DllImport(DLLSSLName, CharSet = CharSet.Ansi,
-SetLastError = False, CallingConvention= CallingConvention.cdecl,
 EntryPoint = 'SSLv3_method')]
 function SslMethodV3 : PSSL_METHOD;  external;
 
@@ -313,6 +308,11 @@
 
   [DllImport(DLLSSLName, CharSet = CharSet.Ansi,
 SetLastError = False, CallingConvention= CallingConvention.cdecl,
+EntryPoint = 'TLS_method')]
+function SslMethodTLS : PSSL_METHOD; external;
+
+  [DllImport(DLLSSLName, CharSet = CharSet.Ansi,
+SetLastError = False, CallingConvention= CallingConvention.cdecl,
 EntryPoint = 'SSL_CTX_use_PrivateKey')]
 function SslCtxUsePrivateKey(ctx: PSSL_CTX; pkey: SslPtr):Integer;  external;
 
@@ -713,12 +713,12 @@
   function SslCtxNew(meth: PSSL_METHOD):PSSL_CTX;
   procedure SslCtxFree(arg0: PSSL_CTX);
   function SslSetFd(s: PSSL; fd: Integer):Integer;
-  function SslMethodV2:PSSL_METHOD;
   function SslMethodV3:PSSL_METHOD;
   function SslMethodTLSV1:PSSL_METHOD;
   function SslMethodTLSV11:PSSL_METHOD;
   function SslMethodTLSV12:PSSL_METHOD;
   function SslMethodV23:PSSL_METHOD;
+  function SslMethodTLS:PSSL_METHOD;
   function SslCtxUsePrivateKey(ctx: PSSL_CTX; pkey: SslPtr):Integer;
   function SslCtxUsePrivateKeyASN1(pk: integer; ctx: PSSL_CTX; d: AnsiString; len: integer):Integer;
 //  function SslCtxUsePrivateKeyFile(ctx: PSSL_CTX; const _file: PChar; _type: Integer):Integer;
@@ -841,12 +841,12 @@
   TSslCtxNew = function(meth: PSSL_METHOD):PSSL_CTX; cdecl;
   TSslCtxFree = procedure(arg0: PSSL_CTX); cdecl;
   TSslSetFd = function(s: PSSL; fd: Integer):Integer; cdecl;
-  TSslMethodV2 = function:PSSL_METHOD; cdecl;
   TSslMethodV3 = function:PSSL_METHOD; cdecl;
   TSslMethodTLSV1 = function:PSSL_METHOD; cdecl;
   TSslMethodTLSV11 = function:PSSL_METHOD; cdecl;
   TSslMethodTLSV12 = function:PSSL_METHOD; cdecl;
   TSslMethodV23 = function:PSSL_METHOD; cdecl;
+  TSslMethodTLS = function:PSSL_METHOD; cdecl;
   TSslCtxUsePrivateKey = function(ctx: PSSL_CTX; pkey: sslptr):Integer; cdecl;
   TSslCtxUsePrivateKeyASN1 = function(pk: integer; ctx: PSSL_CTX; d: sslptr; len: integer):Integer; cdecl;
   TSslCtxUsePrivateKeyFile = function(ctx: PSSL_CTX; const _file: PAnsiChar; _type: Integer):Integer; cdecl;
@@ -948,12 +948,12 @@
   _SslCtxNew: TSslCtxNew = nil;
   _SslCtxFree: TSslCtxFree = nil;
   _SslSetFd: TSslSetFd = nil;
-  _SslMethodV2: TSslMethodV2 = nil;
   _SslMethodV3: TSslMethodV3 = nil;
   _SslMethodTLSV1: TSslMethodTLSV1 = nil;
   _SslMethodTLSV11: TSslMethodTLSV11 = nil;
   _SslMethodTLSV12: TSslMethodTLSV12 = nil;
   _SslMethodV23: TSslMethodV23 = nil;
+  _SslMethodTLS: TSslMethodTLS = nil;
   _SslCtxUsePrivateKey: TSslCtxUsePrivateKey = nil;
   _SslCtxUsePrivateKeyASN1: TSslCtxUsePrivateKeyASN1 = nil;
   _SslCtxUsePrivateKeyFile: TSslCtxUsePrivateKeyFile = nil;
@@ -1106,14 +1106,6 @@
 Result := 0;
 end;
 
-function SslMethodV2:PSSL_METHOD;
-begin
-  if InitSSLInterface and Assigned(_SslMethodV2) then
-Result := _SslMethodV2
-  else
-Result := nil;
-end;
-
 function SslMethodV3:PSSL_METHOD;
 begin
   if InitSSLInterface and Assigned(_SslMethodV3) then
@@ -1154,6

Re: [Synalist] Error with OpenSSL 1.1

2017-04-12 Thread Lukas Gebauer


Latest changes are a few months ago... I have no time for huge 
development now, however Synapse still working fine.

Fact is - OpenSSL 1.1 still not sopported yet. Sorry.

> I wouldn't count on it, I think Synapse has been abandoned for a very long
> time.
> 
> On 7 April 2017 at 20:12, Mattia Verga  wrote:
> 
> > Hi,
> >
> > I'm not a developer, but just a user of Skychart
> > (http://www.ap-i.net/skychart), which uses Synapse in its code.
> > I've found that using Synapse with OpenSSL gives an error:
> > Error: 500  error:140A90C4:SSL routines:func(169):reason(196)
> >
> > I suspect that this is due to the fact that OpenSSL now uses
> > TLS_method() as default instead of SSLv23_method() (see
> > https://www.openssl.org/docs/man1.1.0/ssl/SSL_CTX_new.html).
> > At the moment only Fedora 26 has switched to OpenSSL 1.1, but this will
> > probably become a problem with other distributions too in future.
> >
> > I would like to put this under your attention and ask if there's any
> > workaround or Synapse update planned to fix that.
> >
> > Thanks
> > Mattia
> >
> >
> > 
> > --
> > Check out the vibrant tech community on one of the world's most
> > engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> > ___
> > synalist-public mailing list
> > synalist-public@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/synalist-public
> >
> 



-- 
Lukas Gebauer.

http://synapse.ararat.cz/ - Ararat Synapse - TCP/IP Lib.
http://geoget.ararat.cz/ - Geocaching solution


--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
synalist-public mailing list
synalist-public@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/synalist-public

Re: [Synalist] Error with OpenSSL 1.1

Re: [Synalist] Error with OpenSSL 1.1

2 matches

Site Navigation

Mail list logo

Footer information