Recent

Author Topic: Synapse and Catalina SSL causing crash  (Read 9504 times)

Thaddy

  • Hero Member
  • *****
  • Posts: 14169
  • Probably until I exterminate Putin.
Re: Synapse and Catalina SSL causing crash
« Reply #15 on: February 19, 2020, 10:32:03 am »
While trying to put together a working example, my iMac mini's disk has just died. It is pushing up daisies, gone to meet its maker, it is an ex-mini.
Will try to get a new one (second hand, any offers?)
It was only seven years old.... :'( :'( It had already a long history of illness...
Specialize a type, not a var.

trev

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 2020
  • Former Delphi 1-7, 10.2 user
Re: Synapse and Catalina SSL causing crash
« Reply #16 on: February 19, 2020, 11:26:22 am »
While trying to put together a working example, my iMac mini's disk has just died. It is pushing up daisies, gone to meet its maker, it is an ex-mini.
Will try to get a new one (second hand, any offers?)
It was only seven years old.... :'( :'( It had already a long history of illness...

I've replaced disk drives in Mac minis from 2009, 2010, 2011 and 2012 - it's relatively easy, and even easier once you can dispense with the putty knife models. No need to buy another mini. Plenty of DIY videos online.

My 2009 Mac mini finally died after 11 years of 24x7 service earlier this year - spontaneous reboots several times a day. Not a bad innings though :)

VTwin

  • Hero Member
  • *****
  • Posts: 1215
  • Former Turbo Pascal 3 user
Re: Synapse and Catalina SSL causing crash
« Reply #17 on: February 20, 2020, 06:36:55 pm »
This is what I use - it works on macos Mojave and Catalina, FreeBSD, Ubuntu Linux and Windows.

Many thanks. I have been using Synapse, which seemed to work fine, but was unaware of the Catalina issue, and the potential Windows issue. This gets rid of the Synapse dependence as well.

Your code is working fine for me on Linux, Mac, and Windows. I do not currently have Catalina installed.
“Talk is cheap. Show me the code.” -Linus Torvalds

Free Pascal Compiler 3.2.2
macOS 12.1: Lazarus 2.2.6 (64 bit Cocoa M1)
Ubuntu 18.04.3: Lazarus 2.2.6 (64 bit on VBox)
Windows 7 Pro SP1: Lazarus 2.2.6 (64 bit on VBox)

trev

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 2020
  • Former Delphi 1-7, 10.2 user
Re: Synapse and Catalina SSL causing crash
« Reply #18 on: February 20, 2020, 11:24:16 pm »
Good to hear VTwin.

Arvur

  • New Member
  • *
  • Posts: 48
    • My GitHub
Re: Synapse and Catalina SSL causing crash
« Reply #19 on: January 09, 2021, 11:56:13 am »
For those who need Synapse to work with LibreSSL on Catalina and BigSur. Call this routine from initialization section of ssl_openssl_lib:
Quote
{$IFDEF DARWIN}
procedure CheckOpenSSLFixNeeded;
const
  fixDarwinRelease = 19; // Catalina
var
  KernelInfo: UtsName;
begin
  if (fpUName(KernelInfo) = 0) then
    if (StrToIntDef(Copy(KernelInfo.Release, 1, 2), 0) >= fixDarwinRelease) then begin
      DLLSSLName  := '/usr/lib/libssl.46.dylib';
      DLLUtilName := '/usr/lib/libcrypto.44.dylib';
    end; 
end;
{$ENDIF DARWIN}
Use IFDEF to call this on Darwin only.

P.S. Catalina blocked using libssl.dylib and libcrypto.dylib wrappers and BigSur stopped us from listing dylib's in /usr/lib/ to find last version. So we just stick on existing LibreSSL version.
« Last Edit: January 14, 2021, 12:33:48 pm by Arvur »

herux

  • Full Member
  • ***
  • Posts: 102
Re: Synapse and Catalina SSL causing crash
« Reply #20 on: March 13, 2021, 12:09:34 pm »
thank @Arvur it work on bigSur

Igor Kokarev

  • Sr. Member
  • ****
  • Posts: 370
Re: Synapse and Catalina SSL causing crash
« Reply #21 on: March 13, 2021, 12:35:49 pm »
I'm afraid to use Synaps/libssl anymore. It may become broken with any future macOS version again.

Moved my code to Cocoa network classes.

trev

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 2020
  • Former Delphi 1-7, 10.2 user
Re: Synapse and Catalina SSL causing crash
« Reply #22 on: March 13, 2021, 11:36:58 pm »
Using the macOS third party SSL libraries is no longer, if it ever was, a good idea - please see the Wiki article OpenSSL, LibreSSL, Secure Transport, Network Framework for why.

superc

  • Full Member
  • ***
  • Posts: 241
Re: Synapse and Catalina SSL causing crash
« Reply #23 on: March 15, 2022, 10:12:54 am »
For those who need Synapse to work with LibreSSL on Catalina and BigSur. Call this routine from initialization section of ssl_openssl_lib:
Quote
{$IFDEF DARWIN}
procedure CheckOpenSSLFixNeeded;
const
  fixDarwinRelease = 19; // Catalina
var
  KernelInfo: UtsName;
begin
  if (fpUName(KernelInfo) = 0) then
    if (StrToIntDef(Copy(KernelInfo.Release, 1, 2), 0) >= fixDarwinRelease) then begin
      DLLSSLName  := '/usr/lib/libssl.46.dylib';
      DLLUtilName := '/usr/lib/libcrypto.44.dylib';
    end; 
end;
{$ENDIF DARWIN}
Use IFDEF to call this on Darwin only.

P.S. Catalina blocked using libssl.dylib and libcrypto.dylib wrappers and BigSur stopped us from listing dylib's in /usr/lib/ to find last version. So we just stick on existing LibreSSL version.

hello, I've the same problem, but i don't understand where insert code of 'CheckOpenSSLFixNeeded', where is initialization section of ssl_openssl_lib?

Thanks in advance.

trev

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 2020
  • Former Delphi 1-7, 10.2 user
Re: Synapse and Catalina SSL causing crash
« Reply #24 on: March 16, 2022, 09:01:09 am »
In the Synapse unit ssl_openssl_lib.pas

replace:

Code: Pascal  [Select][+][-]
  1. var
  2.   {$IFNDEF MSWINDOWS}
  3.     {$IFDEF DARWIN}
  4.     DLLSSLName: string = 'libssl.dylib';
  5.     DLLUtilName: string = 'libcrypto.dylib';
  6.     {$ELSE}

with:

Code: Pascal  [Select][+][-]
  1. var
  2.   {$IFNDEF MSWINDOWS}
  3.     {$IFDEF DARWIN}
  4.     DLLSSLName: string = 'libssl.48.dylib';      // Monterey 48 - Big Sur/Catalina 46
  5.     DLLUtilName: string = 'libcrypto.46.dylib';  // Monterey 46 - Big Sur/Catalina 44
  6.     {$ELSE}
  7.      {$IFDEF OS2}

Unfortunately those LibreSSL library versions are years out of date (and LibreSSL just had a new denial of service - infinite loop - CVE yesterday).

The best option is to use your own up-to-date copy of the OpenSSL libraries in your Application Bundle's Resources/Frameworks folder which is what Apple recommends.

Also note that LibreSSL libraries are not 100% compatible with OpenSSL.

ArminLinder

  • Sr. Member
  • ****
  • Posts: 314
  • Keep it simple.
Re: Synapse and Catalina SSL causing crash
« Reply #25 on: March 23, 2022, 08:13:19 pm »
Sorry if I stomp in here, I just by coincidence ran into this problem when trying an older program of mine on BigSur. Another thing to mention is that the piece of software is for internal company use only, so the number of installations is quite limited (1), and I have full control of the OS version in use.

I resolved the issue by installing OpenSSL via Macports (which, btw, already gave me more deprecated software like gdb(ggdb), svn and now openssl). I listed the installed files and found that it puts copies of libssl.dylib and libcrypto.dylib into the /opt/local/lib directory. I have afterwards patched ssl_openssl_lib from the synapse package:

Code: Pascal  [Select][+][-]
  1.     {$IFDEF DARWIN}
  2.     DLLSSLName: string = '/opt/local/lib/libssl.dylib';
  3.     DLLUtilName: string = '/opt/local/lib/libcrypto.dylib';
  4.     {$ELSE}
  5.  

and my program compiles und runs like before. What I really like is the absence of any version number in the file name. What I see does, however, not fit with what you were writing about. Maybe because there are different SSL distributions (OpenSSL vs LibreSSL)?

Anyway, I what do you think about this approach? Can I tick "problem solved" on my todo list, or did I just set vectors for the next desaster?

Thnx, Armin.
Lazarus 3.3.2 on Windows 7,10,11, Debian 10.8 "Buster", macOS Catalina, macOS BigSur, VMWare Workstation 15, Raspberry Pi

trev

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 2020
  • Former Delphi 1-7, 10.2 user
Re: Synapse and Catalina SSL causing crash
« Reply #26 on: March 24, 2022, 12:06:31 am »
That approach would normally result in macOS throwing the error:

Code: [Select]
Invalid dylib load. Clients should not load the unversioned libcrypto dylib as it does not have a stable ABI.
I'm not sure why it doesn't in your case - that is very odd! The Forum and Net are littered with that issue. FPC itself was changed to prevent this issue - bug reports https://gitlab.com/freepascal.org/fpc/source/-/issues/36484 and https://gitlab.com/freepascal.org/fpc/source/-/issues/37977 but that does not help Synapse and hardcoding the unversioned libraries.

Anyway, for the reason stated in the usual macOS crash message, it's not a good idea.

OpenSSL 1.1.1 is on life support until 11th September 2023 (at which point all support ceases, so no bug fixes for security problems) as OpenSSL moves to version 3 (now at 3.02) which has even more significant ABI changes. There is also the issue that the LibreSSL libraries with the same names are not 100% compatible.

 

TinyPortal © 2005-2018