Recent

Author Topic: Cannot connect to https://api.1nce.com using TFPHTTPClient  (Read 4353 times)

trev

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 1014
  • Former Delphi 1-7, 10.2 User
Re: Cannot connect to https://api.1nce.com using TFPHTTPClient
« Reply #30 on: August 13, 2020, 01:11:08 am »
@Trev: which units must the uses clause contain?

I've included the relevant details below.

Code: Pascal  [Select][+][-]
  1. unit Unit1;
  2.  
  3. {$mode objfpc}{$H+}
  4. {$modeswitch objectivec1}
  5. {$linkframework foundation}
  6.  
  7. interface
  8.  
  9. uses
  10. Classes, SysUtils, Forms, Controls, Graphics, Dialogs, StdCtrls,  fphttpclient, OpenSSLSockets, CocoaAll, CocoaUtils;
  11. [...]

Don't forget you need to edit .../packages/cocoaint/src/foundation/NSString.inc as noted in my earlier post and then recompile FPC 3.2.0. I use the following script to recompile:

Code: Text  [Select][+][-]
  1. #!/bin/sh
  2. make clean all FPC=/usr/local/lib/fpc/3.2.0/ppcx64 OS_TARGET=darwin CPU_TARGET=x86_64 OPT="-XR/Library/Developer/CommandLineTools//SDKs/MacOSX.sdk/"
  3. make install FPC=/usr/local/lib/fpc/3.2.0/ppcx64 OS_TARGET=darwin CPU_TARGET=x86_64
o Lazarus v2.1.0 r63871, FPC v3.3.1 r47164, macOS 10.14.6 (with sup update), Xcode 11.3.1
o Lazarus v2.1.0 r61574, FPC v3.3.1 r42318, FreeBSD 12.1 amd64 (VMware Fusion VM)
o FPC 3.0.4, FreeBSD 12.2-STABLE r365646 amd64
o Lazarus v2.1.0 r61574, FPC v3.0.4, Ubuntu 20.04 (Parallels VM)

trev

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 1014
  • Former Delphi 1-7, 10.2 User
Re: Cannot connect to https://api.1nce.com using TFPHTTPClient
« Reply #31 on: August 13, 2020, 01:38:24 am »
According to the SSL Server Test even OpenSSL 1.0.1l can connect.

wittbo's problematic website is www.ariva.de (not api.1nce.com). That website only accepts TLSv1.2 and TLSv1.3 protocols.

The SSL libraries on macOS 10.14.6 are not OpenSSL but LibreSSL. The default unversioned /usr/lib/libssl.dylib is linked to /usr/lib/libssl.35.dylib (LibreSSL v2.2.7). There's also /usr/lib/libssl.43.dylib (LibreSSL v2.5.5) and /usr/lib/libssl.44.dylib (LibreSSL v2.6.5).

My protocol tests indicate that FPC 3.2.0/3.3.1 fails to connect to websites that only accept TLSv1.2 or above whereas FPC 3.0.4 does connect to websites that only accept TLSv1.2 and above. I'm not sure how much clearer I can make it.
o Lazarus v2.1.0 r63871, FPC v3.3.1 r47164, macOS 10.14.6 (with sup update), Xcode 11.3.1
o Lazarus v2.1.0 r61574, FPC v3.3.1 r42318, FreeBSD 12.1 amd64 (VMware Fusion VM)
o FPC 3.0.4, FreeBSD 12.2-STABLE r365646 amd64
o Lazarus v2.1.0 r61574, FPC v3.0.4, Ubuntu 20.04 (Parallels VM)

wittbo

  • Full Member
  • ***
  • Posts: 140
Re: Cannot connect to https://api.1nce.com using TFPHTTPClient
« Reply #32 on: August 13, 2020, 11:54:54 am »
@Trev:
Just tested your solution for macOS (s.a.), edited the NSString.inc file; when updating the compiler, there are the following error messages:
make: *** No rule to make target `clean'.  Stop.
make: *** No rule to make target `install'.  Stop.
-wittbo-
MBAir with MacOS 10.14.6 / Lazarus 2.0.10
iMac with MacOS 10.13.6 / Lazarus 2.0.2

trev

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 1014
  • Former Delphi 1-7, 10.2 User
Re: Cannot connect to https://api.1nce.com using TFPHTTPClient
« Reply #33 on: August 13, 2020, 03:00:21 pm »
You are doing this from the directory in which your FPC source is?
You will almost certainly need to use sudo as well.
o Lazarus v2.1.0 r63871, FPC v3.3.1 r47164, macOS 10.14.6 (with sup update), Xcode 11.3.1
o Lazarus v2.1.0 r61574, FPC v3.3.1 r42318, FreeBSD 12.1 amd64 (VMware Fusion VM)
o FPC 3.0.4, FreeBSD 12.2-STABLE r365646 amd64
o Lazarus v2.1.0 r61574, FPC v3.0.4, Ubuntu 20.04 (Parallels VM)

wittbo

  • Full Member
  • ***
  • Posts: 140
Re: Cannot connect to https://api.1nce.com using TFPHTTPClient
« Reply #34 on: August 13, 2020, 03:49:36 pm »
Sorry, Trev, I'm not very experienced in such operations; in fact I did it the first time.

I did not change the path after having edited NSString.inc. That was it.
Being back to /usr/local/share/fpcsrc/3.2.0 everything was running perfectly.

Thank you very much for your help. Now I have a workaround for fpc 3.2.0 for MacOS, it's OK for me. Nevertheless I will open a bug report.
-wittbo-
MBAir with MacOS 10.14.6 / Lazarus 2.0.10
iMac with MacOS 10.13.6 / Lazarus 2.0.2

trev

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 1014
  • Former Delphi 1-7, 10.2 User
Re: Cannot connect to https://api.1nce.com using TFPHTTPClient
« Reply #35 on: August 13, 2020, 04:12:26 pm »
You're welcome!
o Lazarus v2.1.0 r63871, FPC v3.3.1 r47164, macOS 10.14.6 (with sup update), Xcode 11.3.1
o Lazarus v2.1.0 r61574, FPC v3.3.1 r42318, FreeBSD 12.1 amd64 (VMware Fusion VM)
o FPC 3.0.4, FreeBSD 12.2-STABLE r365646 amd64
o Lazarus v2.1.0 r61574, FPC v3.0.4, Ubuntu 20.04 (Parallels VM)

Bi0T1N

  • Jr. Member
  • **
  • Posts: 50
Re: Cannot connect to https://api.1nce.com using TFPHTTPClient
« Reply #36 on: August 13, 2020, 09:12:01 pm »
According to the SSL Server Test even OpenSSL 1.0.1l can connect.

wittbo's problematic website is www.ariva.de (not api.1nce.com). That website only accepts TLSv1.2 and TLSv1.3 protocols.
The first post uses the link I've used. However, both support TLSv1.2 and TLSv1.3 only.

According to the SSL Server Test even OpenSSL 1.0.1l can connect.

The SSL libraries on macOS 10.14.6 are not OpenSSL but LibreSSL. The default unversioned /usr/lib/libssl.dylib is linked to /usr/lib/libssl.35.dylib (LibreSSL v2.2.7). There's also /usr/lib/libssl.43.dylib (LibreSSL v2.5.5) and /usr/lib/libssl.44.dylib (LibreSSL v2.6.5).

My protocol tests indicate that FPC 3.2.0/3.3.1 fails to connect to websites that only accept TLSv1.2 or above whereas FPC 3.0.4 does connect to websites that only accept TLSv1.2 and above. I'm not sure how much clearer I can make it.
According to this it's no longer allowed to load the unversioned one but I also don't know which one is loaded then as the DLLVersions array doesn't contain any of your numbers.
So it would be good to add the code I've posted above to see which version really gets loaded - maybe an ancient version which doesn't support TLS1.2 or higher.

trev

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 1014
  • Former Delphi 1-7, 10.2 User
Re: Cannot connect to https://api.1nce.com using TFPHTTPClient
« Reply #37 on: August 14, 2020, 03:39:00 am »
@BiOT1N

FPC 3.2.0 reports using OpenSSL 0.9.8zh 14 January 2016

FPC 3.0.4 reports using LibreSSL 2.2.7 (The default unversioned /usr/lib/libssl.dylib or /usr/lib/libssl.35.dylib  ).

I found /usr/lib/libssl.0.9.7.dylib and /usr/lib/libssl.0.9.8.dylib which I somehow inexplicably missed the first time,
o Lazarus v2.1.0 r63871, FPC v3.3.1 r47164, macOS 10.14.6 (with sup update), Xcode 11.3.1
o Lazarus v2.1.0 r61574, FPC v3.3.1 r42318, FreeBSD 12.1 amd64 (VMware Fusion VM)
o FPC 3.0.4, FreeBSD 12.2-STABLE r365646 amd64
o Lazarus v2.1.0 r61574, FPC v3.0.4, Ubuntu 20.04 (Parallels VM)

trev

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 1014
  • Former Delphi 1-7, 10.2 User
Re: Cannot connect to https://api.1nce.com using TFPHTTPClient
« Reply #38 on: August 14, 2020, 03:54:52 am »
Reverting the "fix" for Bug ID 36484 fixes the issue on FPC 3.2.0.

Updated Bug ID 36484.
« Last Edit: August 14, 2020, 04:03:06 am by trev »
o Lazarus v2.1.0 r63871, FPC v3.3.1 r47164, macOS 10.14.6 (with sup update), Xcode 11.3.1
o Lazarus v2.1.0 r61574, FPC v3.3.1 r42318, FreeBSD 12.1 amd64 (VMware Fusion VM)
o FPC 3.0.4, FreeBSD 12.2-STABLE r365646 amd64
o Lazarus v2.1.0 r61574, FPC v3.0.4, Ubuntu 20.04 (Parallels VM)

trev

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 1014
  • Former Delphi 1-7, 10.2 User
Re: Cannot connect to https://api.1nce.com using TFPHTTPClient
« Reply #39 on: August 14, 2020, 11:06:48 am »
The better solution than reverting the original fix (tested on trunk):

Code: Pascal  [Select][+][-]
  1. --- openssl.pas (revision 45778)
  2. +++ openssl.pas (working copy)
  3. @@ -111,7 +111,7 @@
  4.    { ADD NEW ONES WHEN THEY APPEAR!
  5.      Always make .so/dylib first, then versions, in descending order!
  6.      Add "." .before the version, first is always just "" }
  7. -  DLLVersions: array[1..19] of string = ('', '.1.1', '.11', '.10', '.1.0.6', '.1.0.5', '.1.0.4', '.1.0.3',
  8. +  DLLVersions: array[1..26] of string = ('', '.48', '.47', '.46', '.45', '.44', '.43', '.35', '.1.1', '.11', '.10', '.1.0.6', '.1.0.5', '.1.0.4', '.1.0.3',
  9.                                          '.1.0.2', '.1.0.1','.1.0.0','.0.9.8',
  10.                                          '.0.9.7', '.0.9.6', '.0.9.5', '.0.9.4',
  11.                                          '.0.9.3', '.0.9.2', '.0.9.1');
o Lazarus v2.1.0 r63871, FPC v3.3.1 r47164, macOS 10.14.6 (with sup update), Xcode 11.3.1
o Lazarus v2.1.0 r61574, FPC v3.3.1 r42318, FreeBSD 12.1 amd64 (VMware Fusion VM)
o FPC 3.0.4, FreeBSD 12.2-STABLE r365646 amd64
o Lazarus v2.1.0 r61574, FPC v3.0.4, Ubuntu 20.04 (Parallels VM)

trev

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 1014
  • Former Delphi 1-7, 10.2 User
Re: Cannot connect to https://api.1nce.com using TFPHTTPClient
« Reply #40 on: August 15, 2020, 10:36:14 am »
Updated because (at least on macOS) the libssl and libcrypto version numbers are out of sync:

Code: Pascal  [Select][+][-]
  1. --- openssl.pas (revision 45778)
  2. +++ openssl.pas (working copy)
  3. @@ -111,7 +111,7 @@
  4.    { ADD NEW ONES WHEN THEY APPEAR!
  5.      Always make .so/dylib first, then versions, in descending order!
  6.      Add "." .before the version, first is always just "" }
  7. -  DLLVersions: array[1..19] of string = ('', '.1.1', '.11', '.10', '.1.0.6', '.1.0.5', '.1.0.4', '.1.0.3',
  8. +  DLLVersions: array[1..29] of string = ('', '.48', '.47', '.46', '.45', '.44', '.43', '.42', '.41',
  9.                                             '.38', '.35', '.1.1', '.11', '.10', '.1.0.6', '.1.0.5',
  10.                                             '.1.0.4', '.1.0.3', '.1.0.2', '.1.0.1', '.1.0.0', '.0.9.8',
  11.                                             '.0.9.7', '.0.9.6', '.0.9.5', '.0.9.4', '.0.9.3', '.0.9.2',
  12.                                             '.0.9.1');
o Lazarus v2.1.0 r63871, FPC v3.3.1 r47164, macOS 10.14.6 (with sup update), Xcode 11.3.1
o Lazarus v2.1.0 r61574, FPC v3.3.1 r42318, FreeBSD 12.1 amd64 (VMware Fusion VM)
o FPC 3.0.4, FreeBSD 12.2-STABLE r365646 amd64
o Lazarus v2.1.0 r61574, FPC v3.0.4, Ubuntu 20.04 (Parallels VM)

wittbo

  • Full Member
  • ***
  • Posts: 140
Re: Cannot connect to https://api.1nce.com using TFPHTTPClient
« Reply #41 on: August 15, 2020, 11:59:02 am »
Would it work, if I modify openssl.pas on my mac (laz 2.0.10/ fpc 3.2.0) as you described?
Or has something more to be done? Recompile the compiler, ...?
-wittbo-
MBAir with MacOS 10.14.6 / Lazarus 2.0.10
iMac with MacOS 10.13.6 / Lazarus 2.0.2

trev

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 1014
  • Former Delphi 1-7, 10.2 User
Re: Cannot connect to https://api.1nce.com using TFPHTTPClient
« Reply #42 on: August 15, 2020, 12:36:19 pm »
You need to make the patch as described and then recompile FPC (like you did before). Should work fine with FPC 3.2.0.
o Lazarus v2.1.0 r63871, FPC v3.3.1 r47164, macOS 10.14.6 (with sup update), Xcode 11.3.1
o Lazarus v2.1.0 r61574, FPC v3.3.1 r42318, FreeBSD 12.1 amd64 (VMware Fusion VM)
o FPC 3.0.4, FreeBSD 12.2-STABLE r365646 amd64
o Lazarus v2.1.0 r61574, FPC v3.0.4, Ubuntu 20.04 (Parallels VM)

wittbo

  • Full Member
  • ***
  • Posts: 140
Re: Cannot connect to https://api.1nce.com using TFPHTTPClient
« Reply #43 on: August 16, 2020, 09:53:53 am »
Perfect. It's working as desired. Laz 2.0.10, fpc 3.2.0  MacOS Mojave
Thanks for help.
-wittbo-
MBAir with MacOS 10.14.6 / Lazarus 2.0.10
iMac with MacOS 10.13.6 / Lazarus 2.0.2

trev

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 1014
  • Former Delphi 1-7, 10.2 User
Re: Cannot connect to https://api.1nce.com using TFPHTTPClient
« Reply #44 on: August 16, 2020, 09:58:28 am »
Happy to have helped :)
o Lazarus v2.1.0 r63871, FPC v3.3.1 r47164, macOS 10.14.6 (with sup update), Xcode 11.3.1
o Lazarus v2.1.0 r61574, FPC v3.3.1 r42318, FreeBSD 12.1 amd64 (VMware Fusion VM)
o FPC 3.0.4, FreeBSD 12.2-STABLE r365646 amd64
o Lazarus v2.1.0 r61574, FPC v3.0.4, Ubuntu 20.04 (Parallels VM)

 

TinyPortal © 2005-2018