Recent

Author Topic: Including OpenSSL in a cross-platform application  (Read 12136 times)

delphius

  • Jr. Member
  • **
  • Posts: 77
Re: Including OpenSSL in a cross-platform application
« Reply #105 on: September 17, 2023, 09:29:24 am »
Ok. How would you add you directory to the search path?
You would need to add it to LD_LIBRARY_PATH to load the library.

I don't need to add it to LD_LIBRARY_PATH because I forcibly loading them from program folder with
Code: Pascal  [Select][+][-]
  1. InitSSLInterface(filepath + 'libssl' + ext, filepath + 'libcrypto' + ext);

Make sure not to do that in .bashrc or somewhere else global because then every program is going to load your older openssl while some of those might need OpenSSL 3.

No global, nor touching anything outside program folder

It might be better and safer to use the .a option and link the openssl version statically into your program.

I have already said this above, that it would be ideal to encapsulate all dependencies inside the binary by static linking.
This would simultaneously reduce both the volume of distribution (since static linking would take only the necessary parts, and not the entire volume of the library) so is the number of distribution units, reducing them to one (in the simplest case). And we have not yet touched on reducing the size of the binary by packers.

P.S. further research led to the finding of a regular way to include the path of the initial search for shared libraries inside executable file, by passing to the linker -rpath or -R
Code: Pascal  [Select][+][-]
  1. -rpath {path to lib(s) folder}

for example for folder `lib` in current folder
Code: Pascal  [Select][+][-]
  1. -rpath lib

or for folder `lib` in program executable binary's folder (relative, in most cases we must use this method)
Code: Pascal  [Select][+][-]
  1. -rpath $ORIGIN/lib

or for absolute path to folder `lib' (remember, when putting your shared libs to places where other programs can search of such libs, it can affect problems, we discussed above)
Code: Pascal  [Select][+][-]
  1. -rpath /usr/lib

In order to pass this to the linker, it is necessary to set the appropriate parameter in the project properties in Lazarus (see attachment)
In fpc, accordingly, you just need to pass the -k key with these parameters to the compiler

At the output, we get in the executable file with readelf -d
Code: Pascal  [Select][+][-]
  1. (RUNPATH) Library runpath: [lib]
or
Code: Pascal  [Select][+][-]
  1. (RUNPATH) Library runpath: [$ORIGIN/lib]

Thus, in my opinion, this is an acceptable way to distribute the program together with shared libraries, without affecting the system environment and without affecting other programs.

So if we want to distribute .so files in program folder, then we must set rpath just to $ORIGIN
In case that for some reason the libraries in the specified folder are not found, then the search for shared libraries will follow the usual route.

As for the versions of OpenSSL itself, as it was said, support for the 1.x branch ended on September 11, 2023, the 3.0.x branch is experiencing problems with speed, although it has a longer lifetime. Therefore, in my opinion, a reasonable choice would be to use the 3.1.x branch (currently the latest version 3.1.2). The most optimal would be to compile libssl.so.3 and libcrypto.so.3 from the library source codes yourself and rely on them when developing and testing your program.

I am waiting for competent comments and opinions.
« Last Edit: September 17, 2023, 07:14:06 pm by delphius »
fpmtls - ssl/tls 1.3 implementation in pure pascal
fpmailsend - sending a simple email message
pascal-webui - use web browser as gui and fpc as backend

paweld

  • Hero Member
  • *****
  • Posts: 1278
Re: Including OpenSSL in a cross-platform application
« Reply #106 on: September 17, 2023, 04:00:12 pm »
I posted new version on github: https://github.com/paweld/especies   
   
changes:
- an entirely new Bio unit with threads (downloading infos and images in few threads), error handling, load from/save to json
- adding error handling to httpclient
- adding openssl3 unit to httpclient - libssl-dev installation is not required
- few minor changes

With support for threaded downloads, download times have been reduced by about 70%.
« Last Edit: September 17, 2023, 04:17:33 pm by paweld »
Best regards / Pozdrawiam
paweld

maurobio

  • Hero Member
  • *****
  • Posts: 623
  • Ecology is everything.
    • GitHub
Re: Including OpenSSL in a cross-platform application
« Reply #107 on: September 17, 2023, 04:05:20 pm »
Hi, @paweld!

Thank you very much for the updated code!

I will study it in detail, to learn how things are done (in particular, I am not familiar with the use of threads).

With warmest regards,
UCSD Pascal / Burroughs 6700 / Master Control Program
Delphi 7.0 Personal Edition
Lazarus 2.0.12 - FPC 3.2.0 on GNU/Linux Mint 19.1, Lubuntu 18.04, Windows XP SP3, Windows 7 Professional, Windows 10 Home

 

TinyPortal © 2005-2018