Recent

Author Topic: Debian 10 Indy and SSL, Not load library  (Read 2958 times)

BlueIcaro

  • Hero Member
  • *****
  • Posts: 655
    • My github
Debian 10 Indy and SSL, Not load library
« on: March 20, 2020, 04:30:44 pm »
Hello, I'm playing with Indy, I installed using Online Package Manager. I donwload the proyect from here:
https://forum.lazarus.freepascal.org/index.php?topic=24565.0
And I add a TIdSSLIOHandlerSocketOpenSSL component. In  the TIdhttp OIHandler property I add the TIdSSLIOHandlerSocketOpenSSL component.

But I can't load any https web. I got a Load Library error.
Debian 10, says that I have load the package using: apt-get install libssl1.1
OnCreate Event I wrote:
Code: [Select]
If  IsOpenSSL_1x  then
 begin
   Caption:='v1';
 end
 else
 begin
   Caption := 'No';
 end; 
And the funtion returns false.
Any idea?

I using Lazarus 2.06, Debian 10/64Bits

Thanks

/BlueIcaro

Bi0T1N

  • Jr. Member
  • **
  • Posts: 64
Re: Debian 10 Indy and SSL, Not load library
« Reply #1 on: March 20, 2020, 05:42:56 pm »
The problem is that Debian 10 ships with OpenSSL 1.1.1 which isn't supported by Indy yet. If you run openssl version -v you'll see that you have OpenSSL 1.1.1 installed.

To use Indy you need to compile your own OpenSSL 1.0.2 library:
Code: Pascal  [Select][+][-]
  1. wget https://www.openssl.org/source/old/1.0.2/openssl-1.0.2u.tar.gz
  2. tar -xf openssl-1.0.2u.tar.gz
  3. cd openssl-1.0.2u
  4. ./config shared
  5. make
After that you can copy libssl.so and libcrypto.so to your application folder and set the path via IdOpenSSLSetLibPath to load the OpenSSL 1.0.2 files.
« Last Edit: March 20, 2020, 09:16:56 pm by Bi0T1N »

Remy Lebeau

  • Hero Member
  • *****
  • Posts: 955
    • Lebeau Software
Re: Debian 10 Indy and SSL, Not load library
« Reply #2 on: March 20, 2020, 06:33:19 pm »
To use Indy you need to compile your own OpenSSL 1.0.2 library

Or otherwise obtain pre-compiled binaries for it.  But yes, 1.0.2 is a requirement at this time.

After that you can copy libssl.so and libcrypto.so to your application folder and set the path via IdOpenSSLSetLibPath to load the OpenSSL 1.0.2 files.

If the binaries are in the same folder as your app, you should not need to call IdOpenSSLSetLibPath().
Remy Lebeau
Lebeau Software - Owner, Developer
Internet Direct (Indy) - Admin, Developer (Support forum)

BlueIcaro

  • Hero Member
  • *****
  • Posts: 655
    • My github
Re: Debian 10 Indy and SSL, Not load library
« Reply #3 on: March 20, 2020, 07:13:19 pm »

After that you can copy libssl.so and libcrypto.so to your application folder and set the path via IdOpenSSLSetLibPath to load the OpenSSL 1.0.2 files.

After follow your instruccions, where Can I find that files ?

I copy from /usr/lib/x86_64-linux-gnu/ but It doesn't work. I thing that file are 1.1 version


/BlueIcaro
« Last Edit: March 20, 2020, 07:18:24 pm by BlueIcaro »

Bi0T1N

  • Jr. Member
  • **
  • Posts: 64
Re: Debian 10 Indy and SSL, Not load library
« Reply #4 on: March 20, 2020, 09:27:39 pm »
I'm sorry, I missed the important keyword shared in my inital post. Use ./config shared instead of ./config.
For copying you can use:
Code: Pascal  [Select][+][-]
  1. cp *.so /path/to/copy/to

DanielTimelord

  • Guest
Re: Debian 10 Indy and SSL, Not load library
« Reply #5 on: March 20, 2020, 10:41:41 pm »
Try run command ldconfig!

If doesn't not work try:
Try use the enviroment variable LD_LIBRARY_PATH:
export LD_LIBRARY_PATH=/path_of_your_lib in a script or terminal ! (to build and to run)

BlueIcaro

  • Hero Member
  • *****
  • Posts: 655
    • My github
Re: Debian 10 Indy and SSL, Not load library
« Reply #6 on: March 21, 2020, 10:54:19 am »
Hello, I make:
./config /shared
make

I got this errors, I think this is why I can't find the *.so files

Quote
/usr/bin/ld: libcrypto.a(gost_eng.o): relocation R_X86_64_PC32 against symbol `stderr@@GLIBC_2.2.5' can not be used when making a shared object; recompile with -fPIC
/usr/bin/ld: final link failed: nonrepresentable section on output
collect2: error: ld returned 1 exit status
make[4]: *** [Makefile.shared:169: link_a.gnu] Error 1
make[4]: Leaving directory '/home/jorge/Descargas/openssl-1.0.2u'
make[3]: *** [Makefile:357: do_linux-shared] Error 2
make[3]: Leaving directory '/home/jorge/Descargas/openssl-1.0.2u'
make[2]: *** [Makefile:310: libcrypto.so.1.0.0] Error 2
make[2]: Leaving directory '/home/jorge/Descargas/openssl-1.0.2u'
make[1]: *** [Makefile:111: shared] Error 2
make[1]: se sale del directorio '/home/jorge/Descargas/openssl-1.0.2u/crypto'
make: *** [Makefile:287: build_crypto] Error 1

BlueIcaro

  • Hero Member
  • *****
  • Posts: 655
    • My github
Re: Debian 10 Indy and SSL, Not load library
« Reply #7 on: March 21, 2020, 11:36:58 am »
Hello, I downloaded libssl1.0.2_1.0.2u-1~deb9u1_amd64.deb on AMD64 from debian wiki.
I opened and extract libiray libssl.so and libcrypto.so to the application folder.
I add this code:
Code: [Select]
IdOpenSSLSetLibPath(ParamStr(0));

 If  IsOpenSSL_1x  then
 begin
   Caption:='v1';
 end
 else
 begin
   Caption := 'No';
 end;
 

But I got the same error: "Could not load SSL Library", when I try to download any thing.

Thnaks

eljo

  • Sr. Member
  • ****
  • Posts: 408
Re: Debian 10 Indy and SSL, Not load library
« Reply #8 on: March 21, 2020, 12:28:36 pm »
Hello, I downloaded libssl1.0.2_1.0.2u-1~deb9u1_amd64.deb on AMD64 from debian wiki.
I opened and extract libiray libssl.so and libcrypto.so to the application folder.
placing .so in the same folder as the application does not work in linux by design. You need to find out where you are allowed to place .so file so your application can be allowed to load them and copy them there.
I add this code:
Code: [Select]
IdOpenSSLSetLibPath(ParamStr(0));

 If  IsOpenSSL_1x  then
 begin
   Caption:='v1';
 end
 else
 begin
   Caption := 'No';
 end;
 

But I got the same error: "Could not load SSL Library", when I try to download any thing.

Thnaks
and I'm out my linux knowledge is circumstantial so the above tidbit is all I can offer.

Bi0T1N

  • Jr. Member
  • **
  • Posts: 64
Re: Debian 10 Indy and SSL, Not load library
« Reply #9 on: March 21, 2020, 01:44:37 pm »
Hello, I make:
./config /shared
make

I got this errors, I think this is why I can't find the *.so files

Quote
/usr/bin/ld: libcrypto.a(gost_eng.o): relocation R_X86_64_PC32 against symbol `stderr@@GLIBC_2.2.5' can not be used when making a shared object; recompile with -fPIC
/usr/bin/ld: final link failed: nonrepresentable section on output
collect2: error: ld returned 1 exit status
make[4]: *** [Makefile.shared:169: link_a.gnu] Error 1
make[4]: Leaving directory '/home/jorge/Descargas/openssl-1.0.2u'
make[3]: *** [Makefile:357: do_linux-shared] Error 2
make[3]: Leaving directory '/home/jorge/Descargas/openssl-1.0.2u'
make[2]: *** [Makefile:310: libcrypto.so.1.0.0] Error 2
make[2]: Leaving directory '/home/jorge/Descargas/openssl-1.0.2u'
make[1]: *** [Makefile:111: shared] Error 2
make[1]: se sale del directorio '/home/jorge/Descargas/openssl-1.0.2u/crypto'
make: *** [Makefile:287: build_crypto] Error 1

Run make clean or safer delete the folder openssl-1.0.2u as you need to start without previous generated files.

BlueIcaro

  • Hero Member
  • *****
  • Posts: 655
    • My github
Re: Debian 10 Indy and SSL, Not load library
« Reply #10 on: March 21, 2020, 05:29:57 pm »
Hello, I make:
./config /shared
make

I got this errors, I think this is why I can't find the *.so files

Quote
/usr/bin/ld: libcrypto.a(gost_eng.o): relocation R_X86_64_PC32 against symbol `stderr@@GLIBC_2.2.5' can not be used when making a shared object; recompile with -fPIC
/usr/bin/ld: final link failed: nonrepresentable section on output
collect2: error: ld returned 1 exit status
make[4]: *** [Makefile.shared:169: link_a.gnu] Error 1
make[4]: Leaving directory '/home/jorge/Descargas/openssl-1.0.2u'
make[3]: *** [Makefile:357: do_linux-shared] Error 2
make[3]: Leaving directory '/home/jorge/Descargas/openssl-1.0.2u'
make[2]: *** [Makefile:310: libcrypto.so.1.0.0] Error 2
make[2]: Leaving directory '/home/jorge/Descargas/openssl-1.0.2u'
make[1]: *** [Makefile:111: shared] Error 2
make[1]: se sale del directorio '/home/jorge/Descargas/openssl-1.0.2u/crypto'
make: *** [Makefile:287: build_crypto] Error 1

Run make clean or safer delete the folder openssl-1.0.2u as you need to start without previous generated files.
Hello,I followed your instructions, And I got any error.
But I don't find the file
/BlueIcaro

Bi0T1N

  • Jr. Member
  • **
  • Posts: 64
Re: Debian 10 Indy and SSL, Not load library
« Reply #11 on: March 22, 2020, 08:56:44 pm »
Hello, I make:
./config /shared
make

I got this errors, I think this is why I can't find the *.so files

Quote
/usr/bin/ld: libcrypto.a(gost_eng.o): relocation R_X86_64_PC32 against symbol `stderr@@GLIBC_2.2.5' can not be used when making a shared object; recompile with -fPIC
/usr/bin/ld: final link failed: nonrepresentable section on output
collect2: error: ld returned 1 exit status
make[4]: *** [Makefile.shared:169: link_a.gnu] Error 1
make[4]: Leaving directory '/home/jorge/Descargas/openssl-1.0.2u'
make[3]: *** [Makefile:357: do_linux-shared] Error 2
make[3]: Leaving directory '/home/jorge/Descargas/openssl-1.0.2u'
make[2]: *** [Makefile:310: libcrypto.so.1.0.0] Error 2
make[2]: Leaving directory '/home/jorge/Descargas/openssl-1.0.2u'
make[1]: *** [Makefile:111: shared] Error 2
make[1]: se sale del directorio '/home/jorge/Descargas/openssl-1.0.2u/crypto'
make: *** [Makefile:287: build_crypto] Error 1

Run make clean or safer delete the folder openssl-1.0.2u as you need to start without previous generated files.
Hello,I followed your instructions, And I got any error.
But I don't find the file
/BlueIcaro

I've tested it with a clean (read freshly downloaded OpenSSL) build dir and after running make the *.so files are in the build dir.

dbannon

  • Hero Member
  • *****
  • Posts: 1485
    • tomboy-ng, a rewrite of the classic Tomboy
Re: Debian 10 Indy and SSL, Not load library
« Reply #12 on: March 22, 2020, 11:52:04 pm »
I have to say that reverting back to an older version of openssl is a very bad solution.  For a number of reasons -

1. Maintainers of openssl release new versions for a reason, its likely you are opening security holes.

2. By making your app dependent on an old version of openssl, you make it unusable by anyone not willing to risk item 1. above.

3. Its possible that the older version does not support the feature you want to use. Unlikely but possible.

What are you actually trying to do ?

Davo
« Last Edit: March 22, 2020, 11:56:53 pm by dbannon »
Lazarus 2, Linux (and reluctantly Win10, OSX)
My Project - https://github.com/tomboy-notes/tomboy-ng

BlueIcaro

  • Hero Member
  • *****
  • Posts: 655
    • My github
Re: Debian 10 Indy and SSL, Not load library
« Reply #13 on: March 24, 2020, 11:25:32 am »
I have to say that reverting back to an older version of openssl is a very bad solution.  For a number of reasons -

1. Maintainers of openssl release new versions for a reason, its likely you are opening security holes.

2. By making your app dependent on an old version of openssl, you make it unusable by anyone not willing to risk item 1. above.

3. Its possible that the older version does not support the feature you want to use. Unlikely but possible.

What are you actually trying to do ?

Davo
Hello, I want to do a application to download file from a web. Of course that web is HTTPS.
I thought in use Indy, but as I could see is not update in last SSL library. And it's quit complex (for me) all process. And as you say, it's a old SSL standard.
Now I'm looking for other solutions.
By the way, the application have to logging, for the moment I don't know how, but the first step is use HTTPS, then I'll deal with the logging.
/BlueIcaro

Bi0T1N

  • Jr. Member
  • **
  • Posts: 64
Re: Debian 10 Indy and SSL, Not load library
« Reply #14 on: March 24, 2020, 11:50:09 am »
It's true that OpenSSL 1.0.2 is end of life (EOL) but there are no known vulnerabilities yet. TLS 1.2 is also not broken.

And as I already stated, my instructions above are working fine.

But I agree with you, it would be nice to have OpenSSL 1.1.1 in Indy but it's an open source project so it needs people who contribute changes like that ;D
But I'm sure that there will be OpenSSL 1.1.1 support soon ;)

 

TinyPortal © 2005-2018