Bookstore

Recent

Author Topic: OpenSSL for windows  (Read 629 times)

xinyiman

  • Hero Member
  • *****
  • Posts: 2068
    • Lazarus and Free Pascal italian community
OpenSSL for windows
« on: February 21, 2020, 07:35:27 pm »
Hi everyone, I made a small web application with the standard components of lazarus. Everything works fine on mac os and ubuntu. But on windows if i enable https crashes the program. Obviously because the right dll for openssl is missing. How can I find out which version I should use? And where do I get it from?
Win10, Ubuntu and Mac
Lazarus: 2.1.0
FPC: 3.3.1

Remy Lebeau

  • Hero Member
  • *****
  • Posts: 736
    • Lebeau Software
Re: OpenSSL for windows
« Reply #1 on: February 21, 2020, 09:17:30 pm »
I made a small web application with the standard components of lazarus.

Which components exactly are you using?  Please be more specific.

But on windows if i enable https crashes the program.

Crashes in what way exactly?  What is the actual error message?

Obviously because the right dll for openssl is missing.

There is nothing obvious about this.  What makes you think OpenSSL is even being used?  And even if it were, what makes you think this is an OpenSSL issue?

How can I find out which version I should use? And where do I get it from?

Hard to answer without knowing exactly what you are doing to begin with.  Please provide more details, code snippets, etc.
Remy Lebeau
Lebeau Software - Owner, Developer
Internet Direct (Indy) - Admin, Developer (Support forum)

Thaddy

  • Hero Member
  • *****
  • Posts: 9782
Re: OpenSSL for windows
« Reply #2 on: February 21, 2020, 10:12:24 pm »
And your openssl version and the protocol, because modern connections will fail on e.g. ssl2 or ssl3 or tls 1.0 (these are all deprecated and removed from recent openssl binaries)
I am more like donkey than shrek

trev

  • Hero Member
  • *****
  • Posts: 508
  • Former Delphi 1-7 and 10.2 User
Re: OpenSSL for windows
« Reply #3 on: February 22, 2020, 01:41:28 am »
See the Windows code which does not require openssl for https at: https://forum.lazarus.freepascal.org/index.php/topic,48423.msg348738.html#msg348738
o Lazarus v2.1.0 r62775, FPC v3.3.1 r44289, macOS 10.14.6 (with sup update), Xcode 10.3.1
o Lazarus v2.1.0 r61574, FPC v3.3.1 r42318, FreeBSD 12.0 (Parallels VM)
o Lazarus v2.1.0 r61574, FPC v3.0.4, Ubuntu 18.04 (Parallels VM)

xinyiman

  • Hero Member
  • *****
  • Posts: 2068
    • Lazarus and Free Pascal italian community
Re: OpenSSL for windows
« Reply #4 on: February 22, 2020, 09:55:07 am »
But precisely I have three different programs that run on linux and make use of the https protocol

1. HTTP Server application with UseSSL active

2. Application with last synapse trunk version (http://svn.code.sf.net/p/synalist/code/trunk/) 209  release

3. Application with Google API package (This is still to be tested if it works on windows. But since the other two don't work, this shouldn't be either.)

Need anything else?
Win10, Ubuntu and Mac
Lazarus: 2.1.0
FPC: 3.3.1

xinyiman

  • Hero Member
  • *****
  • Posts: 2068
    • Lazarus and Free Pascal italian community
Re: OpenSSL for windows
« Reply #5 on: February 22, 2020, 07:32:13 pm »
Little example when reproduce error

Exception at 0041DC5C: EFCreateError:
Unable to create file "C:\temp\x509.txt".
Win10, Ubuntu and Mac
Lazarus: 2.1.0
FPC: 3.3.1

xinyiman

  • Hero Member
  • *****
  • Posts: 2068
    • Lazarus and Free Pascal italian community
Re: OpenSSL for windows
« Reply #6 on: February 23, 2020, 04:56:14 pm »
By making a few attempts I understood the following. On windows you need to create the directory c:\temp\ by hand where openssl saves the certificates. Yes, my program doesn't crash anymore. The only thing I didn't understand is that the browser didn't show me the result I expected. While if I write a client in lazarus to read the url, it returns the data I wanted. So I would say that the https server is needed but browsers do not consider it secure. Which does not happen if the https server is on linux.
Win10, Ubuntu and Mac
Lazarus: 2.1.0
FPC: 3.3.1

rvk

  • Hero Member
  • *****
  • Posts: 3943
Re: OpenSSL for windows
« Reply #7 on: February 24, 2020, 11:37:37 am »
On windows you need to create the directory c:\temp\ by hand where openssl saves the certificates.
%) Why C:\Temp ??? Surely you can make OpenSSL create the certificates in another place...

Besides that... I don't see anything in TFPWebModule that has to do with openssl and the certificates.
So I think it's only meant for HTTP and doesn't do HTTPS.

And yes... directly querying via Lazarus will get you the page via HTTP (the port for HTTP doesn't matter... you can even do HTTP over port 443).

Real web-browsers however (depending on the browser) do expect a https handshake (on port 443) to do HTTPS and will give you the warning if it's not done.

xinyiman

  • Hero Member
  • *****
  • Posts: 2068
    • Lazarus and Free Pascal italian community
Re: OpenSSL for windows
« Reply #8 on: February 24, 2020, 11:55:33 am »
On windows you need to create the directory c:\temp\ by hand where openssl saves the certificates.
%) Why C:\Temp ??? Surely you can make OpenSSL create the certificates in another place...
I honestly don't know how. If anyone knows, will you explain it to me?
As for the example in the * .lpr file there should be a UseSSL parameter set to true.
Win10, Ubuntu and Mac
Lazarus: 2.1.0
FPC: 3.3.1

rvk

  • Hero Member
  • *****
  • Posts: 3943
Re: OpenSSL for windows
« Reply #9 on: February 24, 2020, 12:32:33 pm »
I honestly don't know how. If anyone knows, will you explain it to me?
With what commands did you try to create the certificates needed for HTTPS?
Or do you want to use the self-generated feature of THTTPApplication?
(In that case you don't have anything to do with your own certificates and C:\Temp etc.)

As for the example in the * .lpr file there should be a UseSSL parameter set to true.
Yes. But that's not the only thing that needs to be set.

What example are you following?

xinyiman

  • Hero Member
  • *****
  • Posts: 2068
    • Lazarus and Free Pascal italian community
Re: OpenSSL for windows
« Reply #10 on: February 24, 2020, 01:36:41 pm »
Honestly, I'm not following a specific example. Enabling UseSSL on linux and mac everything worked. I deduced that it would be enough for windows too. What else should I set up?
Win10, Ubuntu and Mac
Lazarus: 2.1.0
FPC: 3.3.1

rvk

  • Hero Member
  • *****
  • Posts: 3943
Re: OpenSSL for windows
« Reply #11 on: February 24, 2020, 01:41:40 pm »
Honestly, I'm not following a specific example. Enabling UseSSL on linux and mac everything worked. I deduced that it would be enough for windows too. What else should I set up?
I thought you also needed to set the Hostname. Because otherwise THTTPApplication can't create a self-signed certificate.

Plus that most browsers won't accept self-signed certificates and will complain (so you would need to choose "More info" and continue with unsafe site).

The only way to resolve that is really create correct certificates (buy one or create one with letsencrypt, which the browser will accept).