* * *

Author Topic: Indy > Could not load SSL library  (Read 2770 times)

RDL

  • New member
  • *
  • Posts: 33
Indy > Could not load SSL library
« on: March 31, 2018, 03:33:57 pm »
Hi.
On my (manjaro linux) does not work SSL in Indy

Code: Pascal  [Select]
  1. var
  2. HTTP: TIdHTTP;
  3. SSL: TIdSSLIOHandlerSocketOpenSSL;
  4. begin
  5. SSL:=TIdSSLIOHandlerSocketOpenSSL.Create();
  6. HTTP:=TIdHTTP.Create();
  7. HTTP.IOHandler:=SSL;
  8. HTTP.Get(URL,IndyTextEncoding_UTF8);

I get an error:
Could not load SSL library.

Code: Pascal  [Select]
  1. ls -l /lib64/libcrypto*
  2. lrwxrwxrwx 1 root root            16 dec  3 01:20 /lib64/libcrypto.so -> libcrypto.so.1.1
  3. -r-xr-xr-x 1 root root    2850616 dec  9 21:23 /lib64/libcrypto.so.1.0.0
  4. -rwxr-xr-x 1 root root   2594952 dec  3 01:21 /lib64/libcrypto.so.1.1

Why is this happening?

PS: Indy version: svn rev.5444 (from OPM)
« Last Edit: May 05, 2018, 09:08:57 am by RDL »
Sorry for my english, google translation!

Phil

  • Hero Member
  • *****
  • Posts: 2749
Re: Indy > Could not load SSL library
« Reply #1 on: March 31, 2018, 03:52:48 pm »
I get an error:
Could not load SSL library.

On Windows, that error typically means the correct bitness OpenSSL libraries are not on the path. But on Linux you should already have these installed by default.

Make sure you also have the libssl .so in addition to the libcrypto .so.

Look in Indy code for what triggers that exception. You're probably looking for places where it throws EIdOSSLCouldNotLoadSSLLibrary.

Also, maybe test with Synapse or with FPC's HTTP client to help narrow down whether it's Indy, the SSL libs, or something else.

RDL

  • New member
  • *
  • Posts: 33
Re: Indy > Could not load SSL library
« Reply #2 on: March 31, 2018, 04:21:28 pm »
Quote
Also, maybe test with Synapse or with FPC's HTTP client to help narrow down whether it's Indy, the SSL libs, or something else.
checked, in synapse ssl working

Quote
Make sure you also have the libssl .so in addition to the libcrypto .so.
Code: Pascal  [Select]
  1. ls -l /lib64/libssl*
  2. -rwxr-xr-x 1 root root 385952 mar 10 08:54 /lib64/libssl3.so
  3. lrwxrwxrwx 1 root root     13 dec  3 01:20 /lib64/libssl.so -> libssl.so.1.1
  4. -r-xr-xr-x 1 root root 498544 dec  9 21:23 /lib64/libssl.so.1.0.0
  5. -rwxr-xr-x 1 root root 434176 mar  3 01:21 /lib64/libssl.so.1.1

Update:

Apparently indy does not support libcrypto.so.1.1
If the symbolic link libcryto.so refers to libcrypto.so.1.1, then the Could not load SSL library error occurs.

If you edit IdSSLOpenSSLHeaders.pas like this:
Row: 19483
Code: Pascal  [Select]
  1. SSLDLLVers: array [0..8] of string = ('', '.10', '. 1.0.2', '. 1.0.1', '. 1.0.0', '0.9.9', '. 0.9.8 ','. 0.9.7 ',' 0.9.6 ');
Replace with:
Code: Pascal  [Select]
  1. SSLDLLVers: array [0..8] of string = ('.0', '.10', '. 1.0.2', '. 1.0.1', '. 1.0.0', '0.9.9', '.0.9.8', '. 0.9.7', '0.9.6');
Loading libcrypto.so.1.0.0 runs currectly and SSL works!

Update:

Because of this editing, loading .so will not be possible and problems can arise on other systems.
« Last Edit: March 31, 2018, 04:56:15 pm by RDL »
Sorry for my english, google translation!

GetMem

  • Hero Member
  • *****
  • Posts: 3113
Re: Indy > Could not load SSL library
« Reply #3 on: March 31, 2018, 04:37:29 pm »
What is the message returned by function WhichFailedToLoad(IdSSLOpenSSLHeaders.pas)?

RDL

  • New member
  • *
  • Posts: 33
Re: Indy > Could not load SSL library
« Reply #4 on: March 31, 2018, 04:46:09 pm »
I edited my post above.
Sorry for my english, google translation!

GetMem

  • Hero Member
  • *****
  • Posts: 3113
Re: Indy > Could not load SSL library
« Reply #5 on: March 31, 2018, 04:53:07 pm »
@RDL
Quote
I edited my post above.
Ok. I'm glad it's working. @Remy regularly visits this forum, maybe he can incorporate your changes in Indy trunk, then I can update in OPM.

RDL

  • New member
  • *
  • Posts: 33
Re: Indy > Could not load SSL library
« Reply #6 on: March 31, 2018, 05:01:42 pm »
@GetMem
Let's wait for a response from @Remy
Thank.
Sorry for my english, google translation!

RDL

  • New member
  • *
  • Posts: 33
Re: Indy > Could not load SSL library
« Reply #7 on: April 01, 2018, 02:46:10 am »
I attach corrected IdSSLOpenSSLHeaders.pas (last svn rev. 5451) which correctly looks for:
libcrypto.so.1.0.0
libcrypto.so.1.0.0a
libcrypto.so.1.0.0b
libcrypto.so.1.0.0c
...
libcrypto.so.1.0.1
libcrypto.so.1.0.1a
libcrypto.so.1.0.1b
libcrypto.so.1.0.1c
....
libcrypto.so.1.0.2
libcrypto.so.1.0.2a
libcrypto.so.1.0.2b
libcrypto.so.1.0.2c
and so on.
« Last Edit: April 01, 2018, 05:46:53 am by RDL »
Sorry for my english, google translation!

Remy Lebeau

  • Sr. Member
  • ****
  • Posts: 439
    • Lebeau Software
Re: Indy > Could not load SSL library
« Reply #8 on: May 04, 2018, 04:47:53 am »
Apparently indy does not support libcrypto.so.1.1

That is because Indy doesn't support OpenSSL 1.1.0+ yet, only 1.0.2 and earlier.  Because there have been major API changes in 1.1.0 that break backwards compatibility, and Indy hasn't been updated to handle that yet (see #183: Support OpenSSL 1.1.0 in Indy's issue tracker).

If the symbolic link libcryto.so refers to libcrypto.so.1.1, then the Could not load SSL library error occurs.

Makes sense.  See above.

If you edit IdSSLOpenSSLHeaders.pas like this:
Row: 19483
Code: Pascal  [Select]
  1. SSLDLLVers: array [0..8] of string = ('', '.10', '. 1.0.2', '. 1.0.1', '. 1.0.0', '0.9.9', '. 0.9.8 ','. 0.9.7 ',' 0.9.6 ');
Replace with:
Code: Pascal  [Select]
  1. SSLDLLVers: array [0..8] of string = ('.0', '.10', '. 1.0.2', '. 1.0.1', '. 1.0.0', '0.9.9', '.0.9.8', '. 0.9.7', '0.9.6');
Loading libcrypto.so.1.0.0 runs currectly and SSL works!

Because of this editing, loading .so will not be possible and problems can arise on other systems.

By changing the first string from '' to '.0', Indy will no longer attempt to load the unversioned libcrypto.so or libssl.so symbolic links at all.  You are making it so it will skip them and find (in your case) libcrypto.so.1.0.0 and libssl.so.1.0.0 instead.  That could hurt other systems, where loading the the symbolic links is preferred.

I attach corrected IdSSLOpenSSLHeaders.pas (last svn rev. 5451) which correctly looks for:

I have glanced at the patch and see that I need to make some tweaks to it before I incorporate it.  I will report back when it is checked in to Indy's SVN.
Remy Lebeau
Lebeau Software - Owner, Developer
Internet Direct (Indy) - Admin, Developer (Support forum)

Remy Lebeau

  • Sr. Member
  • ****
  • Posts: 439
    • Lebeau Software
Re: Indy > Could not load SSL library
« Reply #9 on: May 04, 2018, 08:44:27 pm »
I have glanced at the patch and see that I need to make some tweaks to it before I incorporate it.  I will report back when it is checked in to Indy's SVN.

I have just now checked in the patch.  I tweaked the code to apply the lettering logic to both the KYLIXCOMPAT and BASEUNIX/VCL_POSIX branches, and to add a new IdOpenSSLSetLoadSymLinksFirst() function so users can specify whether Indy should load the symlinks before or after checking for specific versions (the default is before, to preserve existing behavior).

See Changes for how OpenSSL is loaded on *Nix platforms on Indy's Changelog blog.
« Last Edit: May 04, 2018, 09:16:10 pm by Remy Lebeau »
Remy Lebeau
Lebeau Software - Owner, Developer
Internet Direct (Indy) - Admin, Developer (Support forum)

RDL

  • New member
  • *
  • Posts: 33
Re: Indy > Could not load SSL library
« Reply #10 on: May 05, 2018, 09:07:56 am »
@Remy Lebeau
Why is this part of the code inactive in Linux?

Checked on linux manjaro.
Does not work. Could not load SSL library.

Update:
I replaced IdSSLOpenSSLHeaders.pas with my own, it worked.

Is it an indy error or am I doing something wrong?
« Last Edit: May 05, 2018, 11:36:08 am by RDL »
Sorry for my english, google translation!

Remy Lebeau

  • Sr. Member
  • ****
  • Posts: 439
    • Lebeau Software
Re: Indy > Could not load SSL library
« Reply #11 on: May 07, 2018, 11:11:40 pm »
Why is this part of the code inactive in Linux?

Looking at my previous checkin, it looks like I made a mistake in a new {$DEFINE} I had added:

Code: [Select]
  {$UNDEF USE_BASEUNIX_OR_VCL_POSIX_OR_KYLIXCOMPAT}
  {$IFDEF USE_BASEUNIX_OR_VCL_POSIX}
    {$UNDEF USE_BASEUNIX_OR_VCL_POSIX_OR_KYLIXCOMPAT} // <--
  {$ENDIF}
  {$IFDEF KYLIXCOMPAT}
    {$UNDEF USE_BASEUNIX_OR_VCL_POSIX_OR_KYLIXCOMPAT} // <--
  {$ENDIF}

Should be this instead:

Code: [Select]
  {$UNDEF USE_BASEUNIX_OR_VCL_POSIX_OR_KYLIXCOMPAT}
  {$IFDEF USE_BASEUNIX_OR_VCL_POSIX}
    {$DEFINE USE_BASEUNIX_OR_VCL_POSIX_OR_KYLIXCOMPAT} // <--
  {$ENDIF}
  {$IFDEF KYLIXCOMPAT}
    {$DEFINE USE_BASEUNIX_OR_VCL_POSIX_OR_KYLIXCOMPAT} // <--
  {$ENDIF}

I have checked in that fix now (rev 5457).
« Last Edit: May 07, 2018, 11:13:34 pm by Remy Lebeau »
Remy Lebeau
Lebeau Software - Owner, Developer
Internet Direct (Indy) - Admin, Developer (Support forum)

RDL

  • New member
  • *
  • Posts: 33
Re: Indy > Could not load SSL library
« Reply #12 on: May 08, 2018, 09:46:21 am »
@Remy Lebeau
I checked, it works!
Good job, thank you! :)
Sorry for my english, google translation!

 

Recent

Get Lazarus at SourceForge.net. Fast, secure and Free Open Source software downloads Open Hub project report for Lazarus