Hi,
so it seems to work on Kubuntu 20.10
But why not update the old plugin? There is a patch to make that one
work with OpenSSL 1.1.
With two plugins, how should we build programs that work with old and
new OpenSSL?
The plugins always load OpenSSL at startup even if it is not used. This
is really unnecessary slow. I benchmarked my program today, almost a
third of the running time was spend loading OpenSSL and never using it.
It also works somewhat with cert verification.
connection.Sock.SSL.VerifyCert := true;
connection.Sock.SSL.CertCAFile:= '/etc/ssl/certs/ca-certificates.crt';
However, it also accepts a connection https://wrong.host.badssl.com/
which is invalid
OpenSSL 1.1 has hostname validation, that just needs to be enabled.
Ubuntu has further CA certs in /etc/ssl/certs/. That directory must be
passed to SslCtxLoadVerifyLocations
Also on Android the OpenSSL .so files are in| $PREFIX/lib|
Best,
Benito
On 19.05.21 17:34, Lukas Gebauer wrote:
Hello,
on the SVN is new SSL plugin designed for OpenSSL 1.1.0 and 1.1.1
named as ssl_openssl11.
Why new plugin?
- new OpenSSL libraries naming convention
- lot of OpenSSL API is obsolette
- some new API is here
- Older weak OpenSSL versions cannot be used by this plugin.
- removed NET support (as obsolette)
Where you can get OpenSSL binaries? Try:
https://wiki.openssl.org/index.php/Binaries
Binaries from F. PIETTE is good start!
Please, consider this plugin as beta! I cannot test it on all
platforms. Test it please, and report bugs.
Of course, old ssl_openssl plugin is still here, but not all features
working well with new OpenSSL 1.1.0.
Thanks!
_______________________________________________
synalist-public mailing list
synalist-public@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/synalist-public
