Recent

Author Topic: OpenSSL 1.1.x support for Raspbian?  (Read 3460 times)

ertank

  • Sr. Member
  • ****
  • Posts: 266
OpenSSL 1.1.x support for Raspbian?
« on: December 04, 2019, 06:24:42 pm »
Hello,

I normally use only Indy. Unfortunately, as to my knowledge, even latest Indy components does not support OpenSSL 1.1.x versions, yet.

1- Does anybody know a workaround for using old OpenSSL libraries with my application using Indy on Raspbian Buster?
2- If not, does anybody use any other components for http get and post request which support OpenSSL 1.1.x?

Thanks & regards,
Ertan

Thaddy

  • Hero Member
  • *****
  • Posts: 10449
Re: OpenSSL 1.1.x support for Raspbian?
« Reply #1 on: December 04, 2019, 07:23:51 pm »
OpenSSL 1.1.1d  10 Sep 2019 is fully supprted by FPC 3.2.0. out of the box.

Note: NEVER use old encryption libraries.

Note indy supports the 1.0 series, which is still supported by openssl. Just not the 1.1. series.
But fcl-web supports it.
« Last Edit: December 04, 2019, 07:51:18 pm by Thaddy »
When you ask a question that is actually answered in the documentation, you are either lazy or a moron.

ertank

  • Sr. Member
  • ****
  • Posts: 266
Re: OpenSSL 1.1.x support for Raspbian?
« Reply #2 on: December 04, 2019, 08:12:11 pm »
I have never used fcl-web. Where should I look for examples on https get and post?

Thanks & regards,
Ertan

ertank

  • Sr. Member
  • ****
  • Posts: 266
Re: OpenSSL 1.1.x support for Raspbian?
« Reply #3 on: December 04, 2019, 08:43:25 pm »
Found here: https://wiki.freepascal.org/fphttpclient

I am going to test it and use if all good.

Thank you.

ertank

  • Sr. Member
  • ****
  • Posts: 266
Re: OpenSSL 1.1.x support for Raspbian?
« Reply #4 on: December 11, 2019, 07:24:54 am »
I have failed to get TFPHTTPClient running with SSL on my Raspberry Pi and would like some help, please.

Below is my code:
Code: [Select]
uses
  fphttpclient,
  opensslsockets;

  // Http is created somewhere
  Json := RawUTF8(Http.Get(AURL)); // I get EInOutError: Could not initialize OpenSSL library

apt reports openssl/stable,now 1.1.1d-0+deb10u2 armhf is installed.

Below is list of files starting with name "openssl" in my Raspberry Pi - Buster system
Code: [Select]
pi@raspberrypi:~ $ sudo find / -name "openssl*"
/home/pi/fpcupdeluxe/fpc/share/doc/fpc-3.2.0/openssl
/home/pi/fpcupdeluxe/fpc/lib/fpc/3.2.0/fpmkinst/arm-linux/openssl.fpm
/home/pi/fpcupdeluxe/fpc/lib/fpc/3.2.0/units/arm-linux/openssl
/home/pi/fpcupdeluxe/fpc/lib/fpc/3.2.0/units/arm-linux/openssl/openssl.rsj
/home/pi/fpcupdeluxe/fpc/lib/fpc/3.2.0/units/arm-linux/openssl/opensslsockets.ppu
/home/pi/fpcupdeluxe/fpc/lib/fpc/3.2.0/units/arm-linux/openssl/openssl.ppu
/home/pi/fpcupdeluxe/fpc/lib/fpc/3.2.0/units/arm-linux/openssl/openssl.o
/home/pi/fpcupdeluxe/fpc/lib/fpc/3.2.0/units/arm-linux/openssl/opensslsockets.o
/home/pi/fpcupdeluxe/fpc/lib/fpc/3.2.0/units/arm-linux/openssl/opensslsockets.rsj
/home/pi/fpcupdeluxe/fpcsrc/packages/openssl
/home/pi/fpcupdeluxe/fpcsrc/packages/openssl/src/opensslsockets.pp
/home/pi/fpcupdeluxe/fpcsrc/packages/openssl/src/openssl.pas
/media/pi/rootfs/var/lib/dpkg/info/openssl.list
/media/pi/rootfs/var/lib/dpkg/info/openssl.md5sums
/media/pi/rootfs/var/lib/dpkg/info/openssl.postinst
/media/pi/rootfs/var/lib/dpkg/info/openssl.conffiles
/media/pi/rootfs/etc/ssl/openssl.cnf
/media/pi/rootfs/usr/lib/ssl/openssl.cnf
/media/pi/rootfs/usr/share/lintian/overrides/openssl
/media/pi/rootfs/usr/share/bash-completion/completions/openssl
/media/pi/rootfs/usr/share/doc/openssl
/media/pi/rootfs/usr/share/man/man1/openssl-pkcs7.1ssl.gz
/media/pi/rootfs/usr/share/man/man1/openssl-nseq.1ssl.gz
/media/pi/rootfs/usr/share/man/man1/openssl-pkeyparam.1ssl.gz
/media/pi/rootfs/usr/share/man/man1/openssl-s_client.1ssl.gz
/media/pi/rootfs/usr/share/man/man1/openssl-passwd.1ssl.gz
/media/pi/rootfs/usr/share/man/man1/openssl-pkey.1ssl.gz
/media/pi/rootfs/usr/share/man/man1/openssl-genpkey.1ssl.gz
/media/pi/rootfs/usr/share/man/man1/openssl-pkcs8.1ssl.gz
/media/pi/rootfs/usr/share/man/man1/openssl-ecparam.1ssl.gz
/media/pi/rootfs/usr/share/man/man1/openssl-speed.1ssl.gz
/media/pi/rootfs/usr/share/man/man1/openssl-engine.1ssl.gz
/media/pi/rootfs/usr/share/man/man1/openssl-prime.1ssl.gz
/media/pi/rootfs/usr/share/man/man1/openssl-rehash.1ssl.gz
/media/pi/rootfs/usr/share/man/man1/openssl-asn1parse.1ssl.gz
/media/pi/rootfs/usr/share/man/man1/openssl-smime.1ssl.gz
/media/pi/rootfs/usr/share/man/man1/openssl-verify.1ssl.gz
/media/pi/rootfs/usr/share/man/man1/openssl-ocsp.1ssl.gz
/media/pi/rootfs/usr/share/man/man1/openssl-x509.1ssl.gz
/media/pi/rootfs/usr/share/man/man1/openssl-ec.1ssl.gz
/media/pi/rootfs/usr/share/man/man1/openssl-genrsa.1ssl.gz
/media/pi/rootfs/usr/share/man/man1/openssl-tsget.1ssl.gz
/media/pi/rootfs/usr/share/man/man1/openssl-sess_id.1ssl.gz
/media/pi/rootfs/usr/share/man/man1/openssl-dsaparam.1ssl.gz
/media/pi/rootfs/usr/share/man/man1/openssl-pkcs12.1ssl.gz
/media/pi/rootfs/usr/share/man/man1/openssl-rand.1ssl.gz
/media/pi/rootfs/usr/share/man/man1/openssl-ca.1ssl.gz
/media/pi/rootfs/usr/share/man/man1/openssl-req.1ssl.gz
/media/pi/rootfs/usr/share/man/man1/openssl-rsautl.1ssl.gz
/media/pi/rootfs/usr/share/man/man1/openssl-gendsa.1ssl.gz
/media/pi/rootfs/usr/share/man/man1/openssl-ts.1ssl.gz
/media/pi/rootfs/usr/share/man/man1/openssl-s_server.1ssl.gz
/media/pi/rootfs/usr/share/man/man1/openssl-dsa.1ssl.gz
/media/pi/rootfs/usr/share/man/man1/openssl-enc.1ssl.gz
/media/pi/rootfs/usr/share/man/man1/openssl-dhparam.1ssl.gz
/media/pi/rootfs/usr/share/man/man1/openssl-storeutl.1ssl.gz
/media/pi/rootfs/usr/share/man/man1/openssl.1ssl.gz
/media/pi/rootfs/usr/share/man/man1/openssl-crl.1ssl.gz
/media/pi/rootfs/usr/share/man/man1/openssl-c_rehash.1ssl.gz
/media/pi/rootfs/usr/share/man/man1/openssl-dgst.1ssl.gz
/media/pi/rootfs/usr/share/man/man1/openssl-srp.1ssl.gz
/media/pi/rootfs/usr/share/man/man1/openssl-ciphers.1ssl.gz
/media/pi/rootfs/usr/share/man/man1/openssl-rsa.1ssl.gz
/media/pi/rootfs/usr/share/man/man1/openssl-pkeyutl.1ssl.gz
/media/pi/rootfs/usr/share/man/man1/openssl-errstr.1ssl.gz
/media/pi/rootfs/usr/share/man/man1/openssl-version.1ssl.gz
/media/pi/rootfs/usr/share/man/man1/openssl-cms.1ssl.gz
/media/pi/rootfs/usr/share/man/man1/openssl-s_time.1ssl.gz
/media/pi/rootfs/usr/share/man/man1/openssl-crl2pkcs7.1ssl.gz
/media/pi/rootfs/usr/share/man/man1/openssl-list.1ssl.gz
/media/pi/rootfs/usr/share/man/man1/openssl-spkac.1ssl.gz
/media/pi/rootfs/usr/bin/openssl
/var/lib/dpkg/info/openssl.list
/var/lib/dpkg/info/openssl.postinst
/var/lib/dpkg/info/openssl.md5sums
/var/lib/dpkg/info/openssl.conffiles
/var/cache/apt/archives/openssl_1.1.1d-0+deb10u2_armhf.deb
/usr/share/man/man1/openssl-dhparam.1ssl.gz
/usr/share/man/man1/openssl-enc.1ssl.gz
/usr/share/man/man1/openssl-passwd.1ssl.gz
/usr/share/man/man1/openssl-spkac.1ssl.gz
/usr/share/man/man1/openssl-sess_id.1ssl.gz
/usr/share/man/man1/openssl-ciphers.1ssl.gz
/usr/share/man/man1/openssl-engine.1ssl.gz
/usr/share/man/man1/openssl-pkcs7.1ssl.gz
/usr/share/man/man1/openssl-ec.1ssl.gz
/usr/share/man/man1/openssl-prime.1ssl.gz
/usr/share/man/man1/openssl-verify.1ssl.gz
/usr/share/man/man1/openssl-srp.1ssl.gz
/usr/share/man/man1/openssl-pkcs8.1ssl.gz
/usr/share/man/man1/openssl-ocsp.1ssl.gz
/usr/share/man/man1/openssl-genpkey.1ssl.gz
/usr/share/man/man1/openssl-ts.1ssl.gz
/usr/share/man/man1/openssl-crl.1ssl.gz
/usr/share/man/man1/openssl-pkcs12.1ssl.gz
/usr/share/man/man1/openssl-tsget.1ssl.gz
/usr/share/man/man1/openssl-speed.1ssl.gz
/usr/share/man/man1/openssl-rsautl.1ssl.gz
/usr/share/man/man1/openssl-crl2pkcs7.1ssl.gz
/usr/share/man/man1/openssl-x509.1ssl.gz
/usr/share/man/man1/openssl-gendsa.1ssl.gz
/usr/share/man/man1/openssl-errstr.1ssl.gz
/usr/share/man/man1/openssl-ecparam.1ssl.gz
/usr/share/man/man1/openssl-dsa.1ssl.gz
/usr/share/man/man1/openssl-genrsa.1ssl.gz
/usr/share/man/man1/openssl-rehash.1ssl.gz
/usr/share/man/man1/openssl-list.1ssl.gz
/usr/share/man/man1/openssl-asn1parse.1ssl.gz
/usr/share/man/man1/openssl-s_time.1ssl.gz
/usr/share/man/man1/openssl-version.1ssl.gz
/usr/share/man/man1/openssl-dgst.1ssl.gz
/usr/share/man/man1/openssl-dsaparam.1ssl.gz
/usr/share/man/man1/openssl-req.1ssl.gz
/usr/share/man/man1/openssl-ca.1ssl.gz
/usr/share/man/man1/openssl-rand.1ssl.gz
/usr/share/man/man1/openssl-c_rehash.1ssl.gz
/usr/share/man/man1/openssl-pkey.1ssl.gz
/usr/share/man/man1/openssl-s_server.1ssl.gz
/usr/share/man/man1/openssl-smime.1ssl.gz
/usr/share/man/man1/openssl-cms.1ssl.gz
/usr/share/man/man1/openssl-s_client.1ssl.gz
/usr/share/man/man1/openssl-pkeyutl.1ssl.gz
/usr/share/man/man1/openssl-pkeyparam.1ssl.gz
/usr/share/man/man1/openssl-rsa.1ssl.gz
/usr/share/man/man1/openssl-nseq.1ssl.gz
/usr/share/man/man1/openssl-storeutl.1ssl.gz
/usr/share/man/man1/openssl.1ssl.gz
/usr/share/doc/openssl
/usr/share/lintian/overrides/openssl
/usr/share/bash-completion/completions/openssl
/usr/share/pgadmin3/docs/en_US/openssl.html
/usr/lib/postgresql/11/lib/bitcode/pgcrypto/openssl.bc
/usr/lib/ssl/openssl.cnf
/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl
/usr/lib/python2.7/dist-packages/cryptography/hazmat/bindings/openssl
/usr/lib/python3/dist-packages/cryptography/hazmat/backends/openssl
/usr/lib/python3/dist-packages/cryptography/hazmat/bindings/openssl
/usr/bin/openssl
find: ‘/run/user/1000/gvfs’: Erişim engellendi
/etc/ssl/openssl.cnf
pi@raspberrypi:~ $

Above list, I failed to find any openssl.so file. I have no clue how I can initialize OpenSSL library.

Any help is appreciated.

Thanks & regards,
Ertan

EDIT: I have found libssl.so in below locations:
Code: [Select]
/usr/lib/arm-linux-gnueabihf/libssl3.so
/usr/lib/arm-linux-gnueabihf/libssl.so.1.1
There is just no file names exactly as libssl.so
« Last Edit: December 11, 2019, 07:38:19 am by ertank »

PascalDragon

  • Hero Member
  • *****
  • Posts: 2107
  • Compiler Developer
Re: OpenSSL 1.1.x support for Raspbian?
« Reply #5 on: December 11, 2019, 09:28:38 am »
You need to install the development package for openssl. I don't know what distro you use, but it should be something like openssl-dev or libssl-dev or so. That will then provide a symlink libssl.so to the versioned library.

ertank

  • Sr. Member
  • ****
  • Posts: 266
Re: OpenSSL 1.1.x support for Raspbian?
« Reply #6 on: December 11, 2019, 11:23:34 am »
You need to install the development package for openssl.
Do I need to install that package even for system that will only use my application?

mig-31

  • Sr. Member
  • ****
  • Posts: 278
Re: OpenSSL 1.1.x support for Raspbian?
« Reply #7 on: December 11, 2019, 12:01:00 pm »
Yes, of course!
You should install openssl package with your application.

Other way, prepare installation package rpm or deb with dependence on openssl package. Package manager yum, urpmi, apt-get, zypper etc. install openssl package from repository with your application.
Lazarus 2.0.6 - CentOS 7.x, Mageia 7.1

ertank

  • Sr. Member
  • ****
  • Posts: 266
Re: OpenSSL 1.1.x support for Raspbian?
« Reply #8 on: December 11, 2019, 12:06:36 pm »
openssl/stable package (OpenSSL 1.1.1d) is already installed in the system. Why do I need openssl-dev package to be installed on a system that will just use my application? I do not need such installations for sqlite3 for example. If sqlite3/stable package is installed in the system my application can use its library. No need for sqlite3-dev package to be installed.

I understand that I may need to have "-dev" package on my development system though.

Thaddy

  • Hero Member
  • *****
  • Posts: 10449
Re: OpenSSL 1.1.x support for Raspbian?
« Reply #9 on: December 11, 2019, 01:27:00 pm »
I understand that I may need to have "-dev" package on my development system though.
Yes dev stands for development
When you ask a question that is actually answered in the documentation, you are either lazy or a moron.

ertank

  • Sr. Member
  • ****
  • Posts: 266
Re: OpenSSL 1.1.x support for Raspbian?
« Reply #10 on: December 11, 2019, 06:03:39 pm »
I could not find a "dev" package for openssl in my system. It is standard Raspbian, /etc/debian_version has "10.2" in it and all updates installed as of today.

Below is what I have available:
Code: [Select]
pi@raspberrypi:~/ $ apt list|grep openssl

WARNING: apt does not have a stable CLI interface. Use with caution in scripts.

aolserver4-nsopenssl/stable 3.0beta26-6 armhf
bruteforce-salted-openssl/stable 1.4.1-1 armhf
dlang-openssl/stable 2.0.0+1.1.0h-0.1 all
gambas3-gb-openssl/stable 3.12.2-1+b1 armhf
jruby-openssl/stable 0.9.21-2 all
lcmaps-openssl-interface/stable 1.6.6-2 all
libcrypt-openssl-bignum-perl/stable 0.09-1+b1 armhf
libcrypt-openssl-dsa-perl/stable 0.19-1+b2 armhf
libcrypt-openssl-ec-perl/stable 1.31-1+b1 armhf
libcrypt-openssl-pkcs10-perl/stable 0.16-3+b1 armhf
libcrypt-openssl-pkcs12-perl/stable 1.2-1 armhf
libcrypt-openssl-random-perl/stable 0.15-1+b1 armhf
libcrypt-openssl-rsa-perl/stable 0.31-1+b1 armhf
libcrypt-openssl-x509-perl/stable 1.8.12-1 armhf
libcurl4-openssl-dev/stable 7.64.0-4 armhf
libengine-gost-openssl1.1/stable 1.1.0.3-1 armhf
libengine-pkcs11-openssl1.1/stable 0.4.9-4 armhf
libengine-pkcs11-openssl/stable 0.4.9-4 armhf
libevent-openssl-2.1-6/stable 2.1.8-stable-4 armhf
libghc-hsopenssl-dev/stable 0.11.4.15-2+b2 armhf
libghc-hsopenssl-doc/stable 0.11.4.15-2 all
libghc-hsopenssl-prof/stable 0.11.4.15-2+b2 armhf
libghc-hsopenssl-x509-system-dev/stable 0.1.0.3-4+b2 armhf
libghc-hsopenssl-x509-system-doc/stable 0.1.0.3-4 all
libghc-hsopenssl-x509-system-prof/stable 0.1.0.3-4+b2 armhf
libghc-openssl-streams-dev/stable 1.2.1.3-3+b2 armhf
libghc-openssl-streams-doc/stable 1.2.1.3-3 all
libghc-openssl-streams-prof/stable 1.2.1.3-3+b2 armhf
libglobus-gsi-openssl-error-dev/stable 4.1-1 armhf
libglobus-gsi-openssl-error-doc/stable 4.1-1 all
libglobus-gsi-openssl-error0/stable 4.1-1 armhf
libglobus-openssl-module-dev/stable 5.1-1 armhf
libglobus-openssl-module-doc/stable 5.1-1 all
libglobus-openssl-module0/stable 5.1-1 armhf
libgnutls-openssl27/stable 3.6.7-4 armhf
librust-cargo+openssl-dev/stable 0.32.0-2 armhf
librust-cargo+vendored-openssl-dev/stable 0.32.0-2 armhf
librust-git2+openssl-probe-dev/stable 0.7.5-1 armhf
librust-git2+openssl-sys-dev/stable 0.7.5-1 armhf
librust-libgit2-sys+openssl-sys-dev/stable 0.7.10-1 armhf
librust-openssl-dev/stable 0.10.16-1 armhf
librust-openssl-probe-dev/stable 0.1.2-1 armhf
librust-openssl-sys-dev/stable 0.9.40-1 armhf
libxmlsec1-openssl/stable 1.2.27-2 armhf
lua-openssl-dev/stable 20161208-1 armhf
lua-openssl/stable 20161208-1 armhf
openssl-blacklist-extra/stable 0.5-3 all
openssl-blacklist/stable 0.5-3 all
openssl/stable,now 1.1.1d-0+deb10u2 armhf [kurulu,otomatik]
perl-openssl-defaults/stable 3 armhf
puppet-module-camptocamp-openssl/stable 1.5.0-1 all
python-openssl-doc/stable 19.0.0-1 all
python-openssl/stable,now 19.0.0-1 all [kurulu,otomatik]
python3-aioopenssl/stable 0.4.1-2 all
python3-openssl/stable,now 19.0.0-1 all [kurulu,otomatik]
r-cran-openssl/stable 1.2.2+dfsg-1 armhf
ruby-openssl/stable 2.0.5-1+b1 armhf
pi@raspberrypi:~/ $

I do appreciate directions as to how I can use TFPHTTPClient for "https" addresses, please.

Thanks & regards,
Ertan

trev

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 932
  • Former Delphi 1-7, 10.2 User
Re: OpenSSL 1.1.x support for Raspbian?
« Reply #11 on: December 12, 2019, 12:13:52 am »
I could not find a "dev" package for openssl in my system. It is standard Raspbian, /etc/debian_version has "10.2" in it and all updates installed as of today.

Try libssl-dev...

Code: [Select]
sudo apt-get update
sudo apt-get upgrade
sudo apt-get install libssl-dev
o Lazarus v2.1.0 r63871, FPC v3.3.1 r46876, macOS 10.14.6 (with sup update), Xcode 11.3.1
o Lazarus v2.1.0 r61574, FPC v3.3.1 r42318, FreeBSD 12.1 amd64 (VMware Fusion VM)
o FPC 3.0.4, FreeBSD 12.2-STABLE r365646 amd64
o Lazarus v2.1.0 r61574, FPC v3.0.4, Ubuntu 18.04 (Parallels VM)

ertank

  • Sr. Member
  • ****
  • Posts: 266
Re: OpenSSL 1.1.x support for Raspbian?
« Reply #12 on: December 12, 2019, 06:57:35 am »
Try libssl-dev...
That did work.

Code: [Select]
sudo apt-get update
sudo apt-get upgrade
sudo apt-get install libssl-dev
I already did first two. It turned out that I simply do not know name of the package.

Thank you.

PascalDragon

  • Hero Member
  • *****
  • Posts: 2107
  • Compiler Developer
Re: OpenSSL 1.1.x support for Raspbian?
« Reply #13 on: December 12, 2019, 09:46:30 am »
Yes, of course!
You should install openssl package with your application.
The development package is only required on the development machine.

 

TinyPortal © 2005-2018