Recent

Author Topic: Indy > Could not load SSL library  (Read 15711 times)

RDL

  • Jr. Member
  • **
  • Posts: 71
Indy > Could not load SSL library
« on: March 31, 2018, 03:33:57 pm »
Hi.
On my (manjaro linux) does not work SSL in Indy

Code: Pascal  [Select][+][-]
  1. var
  2. HTTP: TIdHTTP;
  3. SSL: TIdSSLIOHandlerSocketOpenSSL;
  4. begin
  5. SSL:=TIdSSLIOHandlerSocketOpenSSL.Create();
  6. HTTP:=TIdHTTP.Create();
  7. HTTP.IOHandler:=SSL;
  8. HTTP.Get(URL,IndyTextEncoding_UTF8);

I get an error:
Could not load SSL library.

Code: Pascal  [Select][+][-]
  1. ls -l /lib64/libcrypto*
  2. lrwxrwxrwx 1 root root            16 dec  3 01:20 /lib64/libcrypto.so -> libcrypto.so.1.1
  3. -r-xr-xr-x 1 root root    2850616 dec  9 21:23 /lib64/libcrypto.so.1.0.0
  4. -rwxr-xr-x 1 root root   2594952 dec  3 01:21 /lib64/libcrypto.so.1.1

Why is this happening?

PS: Indy version: svn rev.5444 (from OPM)
« Last Edit: May 05, 2018, 09:08:57 am by RDL »
Sorry for my english, google translation!

Phil

  • Hero Member
  • *****
  • Posts: 2737
Re: Indy > Could not load SSL library
« Reply #1 on: March 31, 2018, 03:52:48 pm »
I get an error:
Could not load SSL library.

On Windows, that error typically means the correct bitness OpenSSL libraries are not on the path. But on Linux you should already have these installed by default.

Make sure you also have the libssl .so in addition to the libcrypto .so.

Look in Indy code for what triggers that exception. You're probably looking for places where it throws EIdOSSLCouldNotLoadSSLLibrary.

Also, maybe test with Synapse or with FPC's HTTP client to help narrow down whether it's Indy, the SSL libs, or something else.

RDL

  • Jr. Member
  • **
  • Posts: 71
Re: Indy > Could not load SSL library
« Reply #2 on: March 31, 2018, 04:21:28 pm »
Quote
Also, maybe test with Synapse or with FPC's HTTP client to help narrow down whether it's Indy, the SSL libs, or something else.
checked, in synapse ssl working

Quote
Make sure you also have the libssl .so in addition to the libcrypto .so.
Code: Pascal  [Select][+][-]
  1. ls -l /lib64/libssl*
  2. -rwxr-xr-x 1 root root 385952 mar 10 08:54 /lib64/libssl3.so
  3. lrwxrwxrwx 1 root root     13 dec  3 01:20 /lib64/libssl.so -> libssl.so.1.1
  4. -r-xr-xr-x 1 root root 498544 dec  9 21:23 /lib64/libssl.so.1.0.0
  5. -rwxr-xr-x 1 root root 434176 mar  3 01:21 /lib64/libssl.so.1.1

Update:

Apparently indy does not support libcrypto.so.1.1
If the symbolic link libcryto.so refers to libcrypto.so.1.1, then the Could not load SSL library error occurs.

If you edit IdSSLOpenSSLHeaders.pas like this:
Row: 19483
Code: Pascal  [Select][+][-]
  1. SSLDLLVers: array [0..8] of string = ('', '.10', '. 1.0.2', '. 1.0.1', '. 1.0.0', '0.9.9', '. 0.9.8 ','. 0.9.7 ',' 0.9.6 ');
Replace with:
Code: Pascal  [Select][+][-]
  1. SSLDLLVers: array [0..8] of string = ('.0', '.10', '. 1.0.2', '. 1.0.1', '. 1.0.0', '0.9.9', '.0.9.8', '. 0.9.7', '0.9.6');
Loading libcrypto.so.1.0.0 runs currectly and SSL works!

Update:

Because of this editing, loading .so will not be possible and problems can arise on other systems.
« Last Edit: March 31, 2018, 04:56:15 pm by RDL »
Sorry for my english, google translation!

balazsszekely

  • Guest
Re: Indy > Could not load SSL library
« Reply #3 on: March 31, 2018, 04:37:29 pm »
What is the message returned by function WhichFailedToLoad(IdSSLOpenSSLHeaders.pas)?

RDL

  • Jr. Member
  • **
  • Posts: 71
Re: Indy > Could not load SSL library
« Reply #4 on: March 31, 2018, 04:46:09 pm »
I edited my post above.
Sorry for my english, google translation!

balazsszekely

  • Guest
Re: Indy > Could not load SSL library
« Reply #5 on: March 31, 2018, 04:53:07 pm »
@RDL
Quote
I edited my post above.
Ok. I'm glad it's working. @Remy regularly visits this forum, maybe he can incorporate your changes in Indy trunk, then I can update in OPM.

RDL

  • Jr. Member
  • **
  • Posts: 71
Re: Indy > Could not load SSL library
« Reply #6 on: March 31, 2018, 05:01:42 pm »
@GetMem
Let's wait for a response from @Remy
Thank.
Sorry for my english, google translation!

RDL

  • Jr. Member
  • **
  • Posts: 71
Re: Indy > Could not load SSL library
« Reply #7 on: April 01, 2018, 02:46:10 am »
I attach corrected IdSSLOpenSSLHeaders.pas (last svn rev. 5451) which correctly looks for:
libcrypto.so.1.0.0
libcrypto.so.1.0.0a
libcrypto.so.1.0.0b
libcrypto.so.1.0.0c
...
libcrypto.so.1.0.1
libcrypto.so.1.0.1a
libcrypto.so.1.0.1b
libcrypto.so.1.0.1c
....
libcrypto.so.1.0.2
libcrypto.so.1.0.2a
libcrypto.so.1.0.2b
libcrypto.so.1.0.2c
and so on.
« Last Edit: April 01, 2018, 05:46:53 am by RDL »
Sorry for my english, google translation!

Remy Lebeau

  • Hero Member
  • *****
  • Posts: 1312
    • Lebeau Software
Re: Indy > Could not load SSL library
« Reply #8 on: May 04, 2018, 04:47:53 am »
Apparently indy does not support libcrypto.so.1.1

That is because Indy doesn't support OpenSSL 1.1.0+ yet, only 1.0.2 and earlier.  Because there have been major API changes in 1.1.0 that break backwards compatibility, and Indy hasn't been updated to handle that yet (see #183: Support OpenSSL 1.1.0 in Indy's issue tracker).

If the symbolic link libcryto.so refers to libcrypto.so.1.1, then the Could not load SSL library error occurs.

Makes sense.  See above.

If you edit IdSSLOpenSSLHeaders.pas like this:
Row: 19483
Code: Pascal  [Select][+][-]
  1. SSLDLLVers: array [0..8] of string = ('', '.10', '. 1.0.2', '. 1.0.1', '. 1.0.0', '0.9.9', '. 0.9.8 ','. 0.9.7 ',' 0.9.6 ');
Replace with:
Code: Pascal  [Select][+][-]
  1. SSLDLLVers: array [0..8] of string = ('.0', '.10', '. 1.0.2', '. 1.0.1', '. 1.0.0', '0.9.9', '.0.9.8', '. 0.9.7', '0.9.6');
Loading libcrypto.so.1.0.0 runs currectly and SSL works!

Because of this editing, loading .so will not be possible and problems can arise on other systems.

By changing the first string from '' to '.0', Indy will no longer attempt to load the unversioned libcrypto.so or libssl.so symbolic links at all.  You are making it so it will skip them and find (in your case) libcrypto.so.1.0.0 and libssl.so.1.0.0 instead.  That could hurt other systems, where loading the the symbolic links is preferred.

I attach corrected IdSSLOpenSSLHeaders.pas (last svn rev. 5451) which correctly looks for:

I have glanced at the patch and see that I need to make some tweaks to it before I incorporate it.  I will report back when it is checked in to Indy's SVN.
Remy Lebeau
Lebeau Software - Owner, Developer
Internet Direct (Indy) - Admin, Developer (Support forum)

Remy Lebeau

  • Hero Member
  • *****
  • Posts: 1312
    • Lebeau Software
Re: Indy > Could not load SSL library
« Reply #9 on: May 04, 2018, 08:44:27 pm »
I have glanced at the patch and see that I need to make some tweaks to it before I incorporate it.  I will report back when it is checked in to Indy's SVN.

I have just now checked in the patch.  I tweaked the code to apply the lettering logic to both the KYLIXCOMPAT and BASEUNIX/VCL_POSIX branches, and to add a new IdOpenSSLSetLoadSymLinksFirst() function so users can specify whether Indy should load the symlinks before or after checking for specific versions (the default is before, to preserve existing behavior).

See Changes for how OpenSSL is loaded on *Nix platforms on Indy's Changelog blog.
« Last Edit: May 04, 2018, 09:16:10 pm by Remy Lebeau »
Remy Lebeau
Lebeau Software - Owner, Developer
Internet Direct (Indy) - Admin, Developer (Support forum)

RDL

  • Jr. Member
  • **
  • Posts: 71
Re: Indy > Could not load SSL library
« Reply #10 on: May 05, 2018, 09:07:56 am »
@Remy Lebeau
Why is this part of the code inactive in Linux?

Checked on linux manjaro.
Does not work. Could not load SSL library.

Update:
I replaced IdSSLOpenSSLHeaders.pas with my own, it worked.

Is it an indy error or am I doing something wrong?
« Last Edit: May 05, 2018, 11:36:08 am by RDL »
Sorry for my english, google translation!

Remy Lebeau

  • Hero Member
  • *****
  • Posts: 1312
    • Lebeau Software
Re: Indy > Could not load SSL library
« Reply #11 on: May 07, 2018, 11:11:40 pm »
Why is this part of the code inactive in Linux?

Looking at my previous checkin, it looks like I made a mistake in a new {$DEFINE} I had added:

Code: [Select]
  {$UNDEF USE_BASEUNIX_OR_VCL_POSIX_OR_KYLIXCOMPAT}
  {$IFDEF USE_BASEUNIX_OR_VCL_POSIX}
    {$UNDEF USE_BASEUNIX_OR_VCL_POSIX_OR_KYLIXCOMPAT} // <--
  {$ENDIF}
  {$IFDEF KYLIXCOMPAT}
    {$UNDEF USE_BASEUNIX_OR_VCL_POSIX_OR_KYLIXCOMPAT} // <--
  {$ENDIF}

Should be this instead:

Code: [Select]
  {$UNDEF USE_BASEUNIX_OR_VCL_POSIX_OR_KYLIXCOMPAT}
  {$IFDEF USE_BASEUNIX_OR_VCL_POSIX}
    {$DEFINE USE_BASEUNIX_OR_VCL_POSIX_OR_KYLIXCOMPAT} // <--
  {$ENDIF}
  {$IFDEF KYLIXCOMPAT}
    {$DEFINE USE_BASEUNIX_OR_VCL_POSIX_OR_KYLIXCOMPAT} // <--
  {$ENDIF}

I have checked in that fix now (rev 5457).
« Last Edit: May 07, 2018, 11:13:34 pm by Remy Lebeau »
Remy Lebeau
Lebeau Software - Owner, Developer
Internet Direct (Indy) - Admin, Developer (Support forum)

RDL

  • Jr. Member
  • **
  • Posts: 71
Re: Indy > Could not load SSL library
« Reply #12 on: May 08, 2018, 09:46:21 am »
@Remy Lebeau
I checked, it works!
Good job, thank you! :)
Sorry for my english, google translation!

hsvandrew88

  • Newbie
  • Posts: 1
Re: Indy > Could not load SSL library
« Reply #13 on: March 31, 2019, 08:11:06 am »
I know this is a Lazarus thread, but for those viewing it relating to Delphi, or perhaps FPC as well, using the Indy source from March 2019 I had to change

  {$IFDEF UNIX}
var
  GIdLoadSymLinksFirst: Boolean = false;

in IdSSLOpenSSLHeaders.pas to make it work with OpenSSL 1.0.2k on Centos 7

This then didn't require the change to the SSLVers string
« Last Edit: March 31, 2019, 08:17:02 am by hsvandrew88 »

Remy Lebeau

  • Hero Member
  • *****
  • Posts: 1312
    • Lebeau Software
Re: Indy > Could not load SSL library
« Reply #14 on: April 02, 2019, 09:27:26 pm »
I know this is a Lazarus thread, but for those viewing it relating to Delphi, or perhaps FPC as well, using the Indy source from March 2019 I had to change

  {$IFDEF UNIX}
var
  GIdLoadSymLinksFirst: Boolean = false;

in IdSSLOpenSSLHeaders.pas to make it work with OpenSSL 1.0.2k on Centos 7

If you read my earlier messages in this thread, you will see that GIdLoadSymLinksFirst is set to True by default on purpose for backwards compatible, and that there is a new IdOpenSSLSetLoadSymLinksFirst() function added if you want to change the default at runtime, eg in your app startup code:

Code: [Select]
IdOpenSSLSetLoadSymLinksFirst(False);
Remy Lebeau
Lebeau Software - Owner, Developer
Internet Direct (Indy) - Admin, Developer (Support forum)

 

TinyPortal © 2005-2018