Re: [Synalist] Error with OpenSSL 1.1
OpenSSL 1.1.1 compiles on Windows by default to different filenames, then 1.0.2. libcrypto-1_1.dll and libssl-1_1.dll. So I changed in non-CRL version DLLSSLName and DLLUtilName to array[1..LIB_COUNT] of string (LIB_COUNT being 3 on Windows and 1 on another platforms). In that way matching pairs library names can be defined from newest to oldest. When LoadLib one of the pair fails, then other is also freed (if other was successful) and next one is tried until all versions are tried or both are loaded successfully. After that 1.1.1 seems to work with current version. PS: SslMethodTLS has problems with lineendings. Diff is below. ssl_openssl_lib.pas | 53 ++--- 1 file changed, 34 insertions(+), 19 deletions(-) diff --git a/ssl_openssl_lib.pas b/ssl_openssl_lib.pas index b689a05..d7e3161 100644 --- a/ssl_openssl_lib.pas +++ b/ssl_openssl_lib.pas @@ -110,29 +110,31 @@ const DLLUtilName = 'libeay32.dll'; {$ENDIF} {$ELSE} -var +const {$IFNDEF MSWINDOWS} + //Arrays must have same length, must describe combinations of names... +LIB_COUNT = 1; {$IFDEF DARWIN} -DLLSSLName: string = 'libssl.dylib'; -DLLUtilName: string = 'libcrypto.dylib'; +DLLSSLName: array[1..LIB_COUNT] of string = ('libssl.dylib'); +DLLUtilName: array[1..LIB_COUNT] of string = ('libcrypto.dylib'); {$ELSE} {$IFDEF OS2} {$IFDEF OS2GCC} -DLLSSLName: string = 'kssl.dll'; -DLLUtilName: string = 'kcrypto.dll'; +DLLSSLName: array[1..LIB_COUNT] of string = ('kssl.dll'); +DLLUtilName: array[1..LIB_COUNT] of string = ('kcrypto.dll'); {$ELSE OS2GCC} -DLLSSLName: string = 'ssl.dll'; -DLLUtilName: string = 'crypto.dll'; +DLLSSLName: array[1..LIB_COUNT] of string = ('ssl.dll'); +DLLUtilName: array[1..LIB_COUNT] of string = ('crypto.dll'); {$ENDIF OS2GCC} {$ELSE OS2} -DLLSSLName: string = 'libssl.so'; -DLLUtilName: string = 'libcrypto.so'; +DLLSSLName: array[1..LIB_COUNT] of string = ('libssl.so'); +DLLUtilName: array[1..LIB_COUNT] of string = ('libcrypto.so'); {$ENDIF OS2} {$ENDIF} {$ELSE} - DLLSSLName: string = 'ssleay32.dll'; - DLLSSLName2: string = 'libssl32.dll'; - DLLUtilName: string = 'libeay32.dll'; + LIB_COUNT = 3; + DLLSSLName: array[1..LIB_COUNT] of string = ('libssl-1_1.dll', 'ssleay32.dll', 'libssl32.dll'); + DLLUtilName: array[1..LIB_COUNT] of string = ('libcrypto-1_1.dll', 'libeay32.dll', 'libeay32.dll'); {$ENDIF} {$ENDIF} @@ -1861,7 +1863,7 @@ end; function InitSSLInterface: Boolean; var s: string; - x: integer; + x, i: integer; begin {pf} if SSLLoaded then @@ -1878,12 +1880,25 @@ begin SSLLibHandle := 1; SSLUtilHandle := 1; {$ELSE} - SSLUtilHandle := LoadLib(DLLUtilName); - SSLLibHandle := LoadLib(DLLSSLName); - {$IFDEF MSWINDOWS} - if (SSLLibHandle = 0) then -SSLLibHandle := LoadLib(DLLSSLName2); - {$ENDIF} + i := 1; + repeat +SSLUtilHandle := LoadLib(DLLUtilName[i]); +SSLLibHandle := LoadLib(DLLSSLName[i]); +if not ((SSLUtilHandle <> 0) and (SSLLibHandle <> 0)) then +begin//Both libraries were not initialized... + if SSLLibHandle <> 0 then + begin +FreeLibrary(SSLLibHandle); +SSLLibHandle := 0; + end; + if SSLUtilHandle <> 0 then + begin +FreeLibrary(SSLUtilHandle); +SSLUtilHandle := 0; + end; + Inc(i);//try next +end; + until (i > LIB_COUNT) or ((SSLLibHandle <> 0) and (SSLUtilHandle <> 0)); {$ENDIF} if (SSLLibHandle <> 0) and (SSLUtilHandle <> 0) then begin -- Virgo Pärna virgo.pa...@mail.ee ___ synalist-public mailing list synalist-public@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/synalist-public
Re: [Synalist] Error with OpenSSL 1.1
Is this the current SVN? https://sourceforge.net/p/synalist/code/HEAD/tree/trunk/ On 12 April 2017 at 12:46, Lukas Gebauerwrote: > > Latest changes are a few months ago... I have no time for huge > development now, however Synapse still working fine. > > Fact is - OpenSSL 1.1 still not sopported yet. Sorry. > > > I wouldn't count on it, I think Synapse has been abandoned for a very > long > > time. > > > > On 7 April 2017 at 20:12, Mattia Verga wrote: > > > > > Hi, > > > > > > I'm not a developer, but just a user of Skychart > > > (http://www.ap-i.net/skychart), which uses Synapse in its code. > > > I've found that using Synapse with OpenSSL gives an error: > > > Error: 500 error:140A90C4:SSL routines:func(169):reason(196) > > > > > > I suspect that this is due to the fact that OpenSSL now uses > > > TLS_method() as default instead of SSLv23_method() (see > > > https://www.openssl.org/docs/man1.1.0/ssl/SSL_CTX_new.html). > > > At the moment only Fedora 26 has switched to OpenSSL 1.1, but this will > > > probably become a problem with other distributions too in future. > > > > > > I would like to put this under your attention and ask if there's any > > > workaround or Synapse update planned to fix that. > > > > > > Thanks > > > Mattia > > > > > > > > > > > > -- > > > Check out the vibrant tech community on one of the world's most > > > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > > > ___ > > > synalist-public mailing list > > > synalist-public@lists.sourceforge.net > > > https://lists.sourceforge.net/lists/listinfo/synalist-public > > > > > > > > > -- > Lukas Gebauer. > > http://synapse.ararat.cz/ - Ararat Synapse - TCP/IP Lib. > http://geoget.ararat.cz/ - Geocaching solution > > > > -- > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > ___ > synalist-public mailing list > synalist-public@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/synalist-public > -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ synalist-public mailing list synalist-public@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/synalist-public
Re: [Synalist] Error with OpenSSL 1.1
Il 12/04/2017 12:46, Lukas Gebauer ha scritto: Latest changes are a few months ago... I have no time for huge development now, however Synapse still working fine. Fact is - OpenSSL 1.1 still not sopported yet. Sorry. Thanks, I wrote the attached patch for Skychart and Fedora specifically to make Synapse use the new TLS_method as default. It's not backward compatible with OpenSSL 1.0 (which does not recognize the new method), but I hope it helps. Mattia diff -U 3 -dHrN -- a/skychart/component/synapse/source/lib/blcksock.pas b/skychart/component/synapse/source/lib/blcksock.pas --- a/skychart/component/synapse/source/lib/blcksock.pas 2017-04-12 09:21:36.872249313 +0200 +++ b/skychart/component/synapse/source/lib/blcksock.pas 2017-04-12 09:21:58.686247010 +0200 @@ -240,7 +240,7 @@ {:Specify requested SSL/TLS version for secure connection.} TSSLType = ( LT_all, -LT_SSLv2, +LT_SSLv23, LT_SSLv3, LT_TLSv1, LT_TLSv1_1, diff -U 3 -dHrN -- a/skychart/component/synapse/source/lib/ssl_openssl_lib.pas b/skychart/component/synapse/source/lib/ssl_openssl_lib.pas --- a/skychart/component/synapse/source/lib/ssl_openssl_lib.pas 2017-03-05 10:27:48.0 +0100 +++ b/skychart/component/synapse/source/lib/ssl_openssl_lib.pas 2017-04-12 09:16:06.067282537 +0200 @@ -125,8 +125,8 @@ DLLUtilName: string = 'crypto.dll'; {$ENDIF OS2GCC} {$ELSE OS2} -DLLSSLName: string = 'libssl.so'; -DLLUtilName: string = 'libcrypto.so'; +DLLSSLName: string = 'libssl.so.1.1'; +DLLUtilName: string = 'libcrypto.so.1.1'; {$ENDIF OS2} {$ENDIF} {$ELSE} @@ -283,11 +283,6 @@ [DllImport(DLLSSLName, CharSet = CharSet.Ansi, SetLastError = False, CallingConvention= CallingConvention.cdecl, -EntryPoint = 'SSLv2_method')] -function SslMethodV2 : PSSL_METHOD; external; - - [DllImport(DLLSSLName, CharSet = CharSet.Ansi, -SetLastError = False, CallingConvention= CallingConvention.cdecl, EntryPoint = 'SSLv3_method')] function SslMethodV3 : PSSL_METHOD; external; @@ -313,6 +308,11 @@ [DllImport(DLLSSLName, CharSet = CharSet.Ansi, SetLastError = False, CallingConvention= CallingConvention.cdecl, +EntryPoint = 'TLS_method')] +function SslMethodTLS : PSSL_METHOD; external; + + [DllImport(DLLSSLName, CharSet = CharSet.Ansi, +SetLastError = False, CallingConvention= CallingConvention.cdecl, EntryPoint = 'SSL_CTX_use_PrivateKey')] function SslCtxUsePrivateKey(ctx: PSSL_CTX; pkey: SslPtr):Integer; external; @@ -713,12 +713,12 @@ function SslCtxNew(meth: PSSL_METHOD):PSSL_CTX; procedure SslCtxFree(arg0: PSSL_CTX); function SslSetFd(s: PSSL; fd: Integer):Integer; - function SslMethodV2:PSSL_METHOD; function SslMethodV3:PSSL_METHOD; function SslMethodTLSV1:PSSL_METHOD; function SslMethodTLSV11:PSSL_METHOD; function SslMethodTLSV12:PSSL_METHOD; function SslMethodV23:PSSL_METHOD; + function SslMethodTLS:PSSL_METHOD; function SslCtxUsePrivateKey(ctx: PSSL_CTX; pkey: SslPtr):Integer; function SslCtxUsePrivateKeyASN1(pk: integer; ctx: PSSL_CTX; d: AnsiString; len: integer):Integer; // function SslCtxUsePrivateKeyFile(ctx: PSSL_CTX; const _file: PChar; _type: Integer):Integer; @@ -841,12 +841,12 @@ TSslCtxNew = function(meth: PSSL_METHOD):PSSL_CTX; cdecl; TSslCtxFree = procedure(arg0: PSSL_CTX); cdecl; TSslSetFd = function(s: PSSL; fd: Integer):Integer; cdecl; - TSslMethodV2 = function:PSSL_METHOD; cdecl; TSslMethodV3 = function:PSSL_METHOD; cdecl; TSslMethodTLSV1 = function:PSSL_METHOD; cdecl; TSslMethodTLSV11 = function:PSSL_METHOD; cdecl; TSslMethodTLSV12 = function:PSSL_METHOD; cdecl; TSslMethodV23 = function:PSSL_METHOD; cdecl; + TSslMethodTLS = function:PSSL_METHOD; cdecl; TSslCtxUsePrivateKey = function(ctx: PSSL_CTX; pkey: sslptr):Integer; cdecl; TSslCtxUsePrivateKeyASN1 = function(pk: integer; ctx: PSSL_CTX; d: sslptr; len: integer):Integer; cdecl; TSslCtxUsePrivateKeyFile = function(ctx: PSSL_CTX; const _file: PAnsiChar; _type: Integer):Integer; cdecl; @@ -948,12 +948,12 @@ _SslCtxNew: TSslCtxNew = nil; _SslCtxFree: TSslCtxFree = nil; _SslSetFd: TSslSetFd = nil; - _SslMethodV2: TSslMethodV2 = nil; _SslMethodV3: TSslMethodV3 = nil; _SslMethodTLSV1: TSslMethodTLSV1 = nil; _SslMethodTLSV11: TSslMethodTLSV11 = nil; _SslMethodTLSV12: TSslMethodTLSV12 = nil; _SslMethodV23: TSslMethodV23 = nil; + _SslMethodTLS: TSslMethodTLS = nil; _SslCtxUsePrivateKey: TSslCtxUsePrivateKey = nil; _SslCtxUsePrivateKeyASN1: TSslCtxUsePrivateKeyASN1 = nil; _SslCtxUsePrivateKeyFile: TSslCtxUsePrivateKeyFile = nil; @@ -1106,14 +1106,6 @@ Result := 0; end; -function SslMethodV2:PSSL_METHOD; -begin - if InitSSLInterface and Assigned(_SslMethodV2) then -Result := _SslMethodV2 - else -Result := nil; -end; - function SslMethodV3:PSSL_METHOD; begin if InitSSLInterface and Assigned(_SslMethodV3) then @@ -1154,6
Re: [Synalist] Error with OpenSSL 1.1
Latest changes are a few months ago... I have no time for huge development now, however Synapse still working fine. Fact is - OpenSSL 1.1 still not sopported yet. Sorry. > I wouldn't count on it, I think Synapse has been abandoned for a very long > time. > > On 7 April 2017 at 20:12, Mattia Vergawrote: > > > Hi, > > > > I'm not a developer, but just a user of Skychart > > (http://www.ap-i.net/skychart), which uses Synapse in its code. > > I've found that using Synapse with OpenSSL gives an error: > > Error: 500 error:140A90C4:SSL routines:func(169):reason(196) > > > > I suspect that this is due to the fact that OpenSSL now uses > > TLS_method() as default instead of SSLv23_method() (see > > https://www.openssl.org/docs/man1.1.0/ssl/SSL_CTX_new.html). > > At the moment only Fedora 26 has switched to OpenSSL 1.1, but this will > > probably become a problem with other distributions too in future. > > > > I would like to put this under your attention and ask if there's any > > workaround or Synapse update planned to fix that. > > > > Thanks > > Mattia > > > > > > > > -- > > Check out the vibrant tech community on one of the world's most > > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > > ___ > > synalist-public mailing list > > synalist-public@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/synalist-public > > > -- Lukas Gebauer. http://synapse.ararat.cz/ - Ararat Synapse - TCP/IP Lib. http://geoget.ararat.cz/ - Geocaching solution -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ synalist-public mailing list synalist-public@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/synalist-public
Re: [Synalist] Error with OpenSSL 1.1
I wouldn't count on it, I think Synapse has been abandoned for a very long time. On 7 April 2017 at 20:12, Mattia Vergawrote: > Hi, > > I'm not a developer, but just a user of Skychart > (http://www.ap-i.net/skychart), which uses Synapse in its code. > I've found that using Synapse with OpenSSL gives an error: > Error: 500 error:140A90C4:SSL routines:func(169):reason(196) > > I suspect that this is due to the fact that OpenSSL now uses > TLS_method() as default instead of SSLv23_method() (see > https://www.openssl.org/docs/man1.1.0/ssl/SSL_CTX_new.html). > At the moment only Fedora 26 has switched to OpenSSL 1.1, but this will > probably become a problem with other distributions too in future. > > I would like to put this under your attention and ask if there's any > workaround or Synapse update planned to fix that. > > Thanks > Mattia > > > > -- > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > ___ > synalist-public mailing list > synalist-public@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/synalist-public > -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ synalist-public mailing list synalist-public@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/synalist-public
[Synalist] Error with OpenSSL 1.1
Hi, I'm not a developer, but just a user of Skychart (http://www.ap-i.net/skychart), which uses Synapse in its code. I've found that using Synapse with OpenSSL gives an error: Error: 500 error:140A90C4:SSL routines:func(169):reason(196) I suspect that this is due to the fact that OpenSSL now uses TLS_method() as default instead of SSLv23_method() (see https://www.openssl.org/docs/man1.1.0/ssl/SSL_CTX_new.html). At the moment only Fedora 26 has switched to OpenSSL 1.1, but this will probably become a problem with other distributions too in future. I would like to put this under your attention and ask if there's any workaround or Synapse update planned to fix that. Thanks Mattia -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ synalist-public mailing list synalist-public@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/synalist-public