Indy is a third party package, so it's up to them to implement OpenSSL support correctly. FPC itself provides TFPHTTPClient which does indeed support current OpenSSL versions in 3.2.0 and newer.
In the beginning, I was trying to use TFPHTTPClient but I realized that it is broken in a different way. TFPHTTPClient can only be used to post things that fit into memory easily. For my actual programming task, that is not the case. Detailed explanation is here:
https://forum.lazarus.freepascal.org/index.php/topic,47220.0.htmlThat was the point when I switched to Indy. I almost finished the programming with a test server (using simple http). Then I did my first tests with a real HTTPS server and I got this SSL handshake error.
It should be possible to pick the corresponding units from 3.2.0 or trunk and compile them with 3.0.4. They are those in packages/openssl though you'll probably also have to recompile packages/fcl-net/src/{sslbase,sslsockets,ssockets}. I have not tested it however. 3.2.0 itself is currently in "release candidate" phase (so for your purpose it should be stable enough) and we hope to release it this year.
You are right, I also think that it would be possible. This is why I wrote that FPC/lazarus has the potential. You are also right in that Indy is a third party component. But try to look at it from my viewpoint. I already spent days on this task, and it seems that I have three options:
- Try to understand, tweak and recompile Indy with a different version of OpenSSL. This seems to be a lot of time and effort, with a great possibility of total failure.
- Try to understand and refactor the code of TFPHTTPClient. It seems to be difficult, because that code was not written in a way that would make streaming possible. Even if I could do this, there should be days (possibly weeks) of testing by me and by others before it could be an accepted change and merged into the master branch of lazarus and be used in production.
- Use a different language that already has multipart form-data streaming and TLS 1.2 support. In this case, I need to rewrite my (otherwise very simple) application in a different language.
I'm not a programming language or network library developer. I'm a simple application developer, who wants to send a big file to a HTTPS server. I think it is obvious that only the last option is viable. (Unless there is a fourth option for lazarus?)