Lazarus

Programming => Networking and Web Programming => Topic started by: guest58172 on December 06, 2017, 07:12:48 pm

Title: TFPHTTPClient : ESSL failed to create SSL context
Post by: guest58172 on December 06, 2017, 07:12:48 pm
I'm on Fedora 27 with libopenssl / libcrypto at 1.1.0g, Laz 1.6.4, FPC 3.0.2. A simple request gives the error "ESSL, Failed to create SSL context". I suspect that the versions the loader use to load the libraries are not up to date, see

https://github.com/graemeg/freepascal/blob/master/packages/openssl/src/openssl.pas#L112

Just
Code: Pascal  [Select][+][-]
  1. program Project1;
  2.  
  3. uses fphttpclient;
  4.  
  5. procedure test;
  6. var
  7.   cli: TFPHTTPClient = nil;
  8. begin
  9.   cli := TFPHTTPClient.Create(nil);
  10.   try
  11.     cli.AddHeader('User-Agent','Mozilla/5.0 (compatible; fpweb)');
  12.     cli.Get('https://api.github.com/users/defunkt');
  13.   finally
  14.     cli.free;
  15.   end;
  16. end;
  17.  
  18. begin
  19.   test();
  20. end.

is enough to get the error. The same kind of request worked fine when i made the feature using another distribution (although once done i didn't use the feature so it could be broken too for months).

What can i do ?
Title: Re: TFPHTTPClient : ESSL failed to create SSL context
Post by: guest58172 on December 06, 2017, 07:15:12 pm
And don't tell me "use wget / curl" please  ;D
Title: Re: TFPHTTPClient : ESSL failed to create SSL context
Post by: guest58172 on December 06, 2017, 09:00:14 pm
After modification of the version string the same error is still raised. I suspect an API breakage from 1.0.X to 1.1.X. Can anyone run the sample above with SSL 1.1 (1.1.0f or 1.1.0g) ?
Title: Re: TFPHTTPClient : ESSL failed to create SSL context
Post by: eolandro on August 27, 2018, 04:04:34 am
Did you find answer? i'm stuck in the same error.
Title: Re: TFPHTTPClient : ESSL failed to create SSL context
Post by: Leledumbo on August 27, 2018, 11:02:21 am
Working for me, but I have both 1.0.2.p and 1.1.0.i installed.
Code: [Select]
$ cat a.pas
uses fphttpclient;
 
procedure test;
var
  cli: TFPHTTPClient = nil;
begin
  cli := TFPHTTPClient.Create(nil);
  try
    cli.AddHeader('User-Agent','Mozilla/5.0 (compatible; fpweb)');
    cli.Get('https://api.github.com/users/defunkt');
  finally
    cli.free;
  end;
end;
 
begin
  test();
end.

$ fpc -S2 a.pas
Hint: End of reading config file /etc/fpc.cfg
Target OS: Linux for x86-64
Compiling a.pas
Linking a
a.pas(18,1) Warning: "crtbegin.o" not found, this will probably cause a linking failure
a.pas(18,1) Warning: "crtend.o" not found, this will probably cause a linking failure
19 lines compiled, 0.4 sec
2 warning(s) issued
1 hint(s) issued

$ ./a
{"login":"defunkt","id":2,"node_id":"MDQ6VXNlcjI=","avatar_url":"https://avatars0.githubusercontent.com/u/2?v=4","gravatar_id":"","url":"https://api.github.com/users/defunkt","html_url":"https://github.com/defunkt","followers_url":"https://api.github.com/users/defunkt/followers","following_url":"https://api.github.com/users/defunkt/following{/other_user}","gists_url":"https://api.github.com/users/defunkt/gists{/gist_id}","starred_url":"https://api.github.com/users/defunkt/starred{/owner}{/repo}","subscriptions_url":"https://api.github.com/users/defunkt/subscriptions","organizations_url":"https://api.github.com/users/defunkt/orgs","repos_url":"https://api.github.com/users/defunkt/repos","events_url":"https://api.github.com/users/defunkt/events{/privacy}","received_events_url":"https://api.github.com/users/defunkt/received_events","type":"User","site_admin":true,"name":"Chris Wanstrath","company":"@github ","blog":"http://chriswanstrath.com/","location":"San Francisco","email":null,"hireable":null,"bio":"🍔 ","public_repos":107,"public_gists":273,"followers":20407,"following":210,"created_at":"2007-10-20T05:24:19Z","updated_at":"2018-08-15T02:05:37Z"}
Title: Re: TFPHTTPClient : ESSL failed to create SSL context
Post by: eolandro on August 28, 2018, 08:17:40 am
I'm still getting the error in debian unstable with openssl 1.1.0h-4.
openssl from 1.0.X to 1.1 changes many things (includes, structs even version handling).

IMO https://github.com/graemeg/freepascal/blob/master/packages/fcl-net/src/sslsockets.pp#L44

TSSLSocketHandler it must be create FCTX with some type like says TSSLContext.Create  in https://github.com/graemeg/freepascal/blob/master/packages/openssl/src/fpopenssl.pp#L177 but it seems don't initialize  TSSLSocketHandler.create in https://github.com/graemeg/freepascal/blob/master/packages/fcl-net/src/sslsockets.pp#L135

Title: Re: TFPHTTPClient : ESSL failed to create SSL context
Post by: TCH on January 17, 2019, 11:33:25 am
I've ran into this just now and i managed to solve it on my computer.

It worked under Debian 8, but when i upgraded to Debian 9, then it broke. However, if you install libssl1.0.0 (https://packages.debian.org/jessie/libssl1.0.0) from the Debian 8 repo and downgrade your libssl-dev (https://packages.debian.org/jessie/libssl-dev) to the same version, then it will work, after you rebuilt your program. (Don't try to remove libssl-dev, it will broke tons of stuff, do
Code: Text  [Select][+][-]
  1. wget http://security.debian.org/debian-security/pool/updates/main/o/openssl/libssl-dev_1.0.1t-1+deb8u10_amd64.deb
  2. dpkg -i libssl-dev_1.0.1t-1+deb8u10_amd64.deb
  3. rm libssl-dev_1.0.1t-1+deb8u10_amd64.deb
instead.)

I do not know the whys, but this solved my problem.
Title: Re: TFPHTTPClient : ESSL failed to create SSL context
Post by: simonm on January 18, 2019, 11:28:32 pm
I had the same problem with debian 9 (testing). Without downgrading to debian 8 packages, I just installed the libssl1.0-dev package and all was good again. This process uninstalled the more recent version which is installed by the libssl-dev package and allows both libssl1.1 and libssl1.0.2 to be installed.

Haven't had any problems yet with this setup. Like TCH, I have no idea why but when I get a chance I'll look into it deeper.
Title: Re: TFPHTTPClient : ESSL failed to create SSL context
Post by: bonmario on April 20, 2019, 07:45:34 pm
Quote from: Basile-B on December 06, 2017, 07:12:48 pm
A simple request gives the error "ESSL, Failed to create SSL context".

Hi,
i have the same problem today, after upgrading my Ubuntu from 18.10 to 19.04.

Someone know how i can solve it?

Thanks, Mario
Title: Re: TFPHTTPClient : ESSL failed to create SSL context
Post by: bonmario on April 21, 2019, 09:08:45 am
Some versions ...
- openssl version1.1.1b-1ubuntu2
- libssl version 1.1.1b-1ubuntu2
- libssl-dev version 1.1.1b-1ubuntu2
- Lazarus 2.1.0 r61017 FPC 3.0.4 x86_64-linux-gtk2

Thanks, Mario
Title: Re: TFPHTTPClient : ESSL failed to create SSL context
Post by: Handoko on May 09, 2019, 05:52:05 am
I got same error too after I upgraded to Ubuntu 19.04.
Any suggestion what should I do?
Title: Re: TFPHTTPClient : ESSL failed to create SSL context
Post by: bonmario on May 09, 2019, 07:54:51 am
You can try one of these:
- use Synapse SVN: https://forum.lazarus.freepascal.org/index.php/topic,45201.msg319446.html#msg319446 (this worked for me)
- try to download fcl-web from SVN (i've never tried this solution).
- download openssl 1.0 and modify fcl-web to use that version (i've never tried this solution).


Hi, Mario
Title: Re: TFPHTTPClient : ESSL failed to create SSL context
Post by: bonmario on August 08, 2019, 10:06:30 am
Hi,
someone have found a solution in meantime to correct fcl-web's problem?

Thanks, Mario
Title: Re: TFPHTTPClient : ESSL failed to create SSL context
Post by: Thaddy on August 08, 2019, 10:51:41 am
The original code, one unit added, openssl version is 1.1.1c
Code: Pascal  [Select][+][-]
  1. program Project1;
  2. {$mode delphi}
  3. uses opensslsockets,fphttpclient;
  4.  
  5. procedure test;
  6.  
  7. var
  8.   cli: TFPHTTPClient = nil;
  9. begin
  10.   cli := TFPHTTPClient.Create(nil);
  11.   try
  12.     cli.AddHeader('User-Agent','Mozilla/5.0 (compatible; fpweb)');
  13.     cli.Get('https://api.github.com/users/defunkt');
  14.   finally
  15.     cli.free;
  16.   end;
  17. end;
  18.  
  19. begin
  20.   test();
  21. end.

Works like a charm
Title: Re: TFPHTTPClient : ESSL failed to create SSL context
Post by: rumen-lazarus on August 08, 2019, 11:05:47 am
  Hi,
  Try this:

      HttpClient.OnGetSocketHandler:=HttpClientGetSocketHandler;

     ......

procedure TForm1.HttpClientGetSocketHandler(Sender: TObject;
  const UseSSL: Boolean; out AHandler: TSocketHandler);
begin
  If UseSSL then begin
    AHandler:=TSSLSocketHandler.Create;
    TSSLSocketHandler(AHandler).SSLType:=stTLSv1_1;  // <--
  end else begin
      ....
  end;
end;

Title: Re: TFPHTTPClient : ESSL failed to create SSL context
Post by: trev on August 08, 2019, 11:46:51 am
With FreeBSD, the solution was to upgrade to FPC trunk and it all works (recommended to me by a Linux user :)  (ref: https://forum.lazarus.freepascal.org/index.php/topic,45962.msg327743.html#msg327743)
Title: Re: TFPHTTPClient : ESSL failed to create SSL context
Post by: bonmario on August 08, 2019, 11:49:50 am
Quote from: Thaddy on August 08, 2019, 10:51:41 am
The original code, one unit added, openssl version is 1.1.1c
Code: Pascal  [Select][+][-]
  1. program Project1;
  2. {$mode delphi}
  3. uses opensslsockets,fphttpclient;
  4.  
  5. procedure test;
  6.  
  7. var
  8.   cli: TFPHTTPClient = nil;
  9. begin
  10.   cli := TFPHTTPClient.Create(nil);
  11.   try
  12.     cli.AddHeader('User-Agent','Mozilla/5.0 (compatible; fpweb)');
  13.     cli.Get('https://api.github.com/users/defunkt');
  14.   finally
  15.     cli.free;
  16.   end;
  17. end;
  18.  
  19. begin
  20.   test();
  21. end.

Works like a charm


I have this error:

Code: Pascal  [Select][+][-]
  1. httpget.pas(6,22) Fatal: Impossibile trovare opensslsockets usato da httpget dell'Analizzatore Progetti.
  2. Translated is "Cant' found opensslsockets used from httpget"

I' using Lazarus 2.1.0 r61610M FPC 3.0.4 x86_64-linux-gtk2




Quote from: rumen-lazarus on August 08, 2019, 11:05:47 am
  Hi,
  Try this:

      HttpClient.OnGetSocketHandler:=HttpClientGetSocketHandler;

     ......

procedure TForm1.HttpClientGetSocketHandler(Sender: TObject;
  const UseSSL: Boolean; out AHandler: TSocketHandler);
begin
  If UseSSL then begin
    AHandler:=TSSLSocketHandler.Create;
    TSSLSocketHandler(AHandler).SSLType:=stTLSv1_1;  // <--
  end else begin
      ....
  end;
end;


Adding "ssockets" at uses, now seems works fine.

Thanks, Mario
Title: Re: TFPHTTPClient : ESSL failed to create SSL context
Post by: dbannon on August 26, 2019, 02:36:15 am
Quote from: bonmario on August 08, 2019, 11:49:50 am
Quote from: Thaddy on August 08, 2019, 10:51:41 am
uses opensslsockets,fphttpclient;
Translated is "Cant' found opensslsockets used from httpget"
Adding "ssockets" at uses, now seems works fine.

I also cannot find the opensslsockets unit that Thaddy mentions. It does not appear on wiki, its not in the online package manager, just where does it come from ?   I do seem to have ssockets installed but using it makes no difference and I get a compiler message saying the build did not use it.


Quote from: rumen-lazarus on August 08, 2019, 11:05:47 am
      HttpClient.OnGetSocketHandler:=HttpClientGetSocketHandler;
......

rumen-lazarus's solution ?  Is that an edit of the original fpc source ? in my case /usr/share/fpcsrc/3.0.4/packages/fcl-web/base/fphttpclient.pp ?

Scope seems to be TForm1 ??  Is he overriding the fpc source in his own (TForm1) code ?

Davo
Title: Re: TFPHTTPClient : ESSL failed to create SSL context
Post by: dbannon on August 26, 2019, 10:28:39 am
OK, had a play with rumen-lazarus's solution.

It requires {$mode delphi} or an "@" used in call to change the OnGetSocketHandler -
Code: Pascal  [Select][+][-]
  1. Client.OnGetSocketHandler := @HttpClientGetSocketHandler;
And it requires sslsockets and ssockets added to uses. The latter up in the interface because we have to put the prototype for our new HttpClientGetSocketHandler() up there and it takes a parameter of TSocketHandler type.

So, my new handler looks like this -
Code: Pascal  [Select][+][-]
  1. procedure TForm1.HttpClientGetSocketHandler(Sender: TObject;
  2.   const UseSSL: Boolean; out AHandler: TSocketHandler);
  3. begin
  4.   If UseSSL then begin
  5.     AHandler := TSSLSocketHandler.Create;
  6.     TSSLSocketHandler(AHandler).SSLType:=stTLSv1_1;  // <--
  7.   end else
  8.       AHandler := TSocketHandler.Create;
  9. end;  

And it does work for some https sites but not all. I suspect the 'not all' is due to redirects not being followed, as per https://forum.lazarus.freepascal.org/index.php/topic,39206.msg318360.html

In my case, it does not work for github generating - ESocketError - Connect to github.com:443 failed.

wget has no problem getting the same file.

Davo
Title: Re: TFPHTTPClient : ESSL failed to create SSL context
Post by: dbannon on August 29, 2019, 03:51:10 am
A further update in case someone finds this thread.

See https://forum.lazarus.freepascal.org/index.php/topic,46560.0.html

The sslType needs to be stTLSv1_2 to work reliably with all (?) https: sites. Thanks GetMem.

Davo
Title: Re: TFPHTTPClient : ESSL failed to create SSL context
Post by: Renat.Su on August 29, 2019, 01:35:03 pm
Quote from: dbannon on August 26, 2019, 02:36:15 am
Quote from: bonmario on August 08, 2019, 11:49:50 am
Quote from: Thaddy on August 08, 2019, 10:51:41 am
uses opensslsockets,fphttpclient;
Translated is "Cant' found opensslsockets used from httpget"
Adding "ssockets" at uses, now seems works fine.

I also cannot find the opensslsockets unit that Thaddy mentions. It does not appear on wiki, its not in the online package manager, just where does it come from ? 
It is in trunk fpc code
Title: Re: TFPHTTPClient : ESSL failed to create SSL context
Post by: dbannon on September 02, 2019, 01:20:08 pm
Quote from: Renat.Su on August 29, 2019, 01:35:03 pm
Quote from: dbannon on August 26, 2019, 02:36:15 am
...
I also cannot find the opensslsockets unit that Thaddy mentions. It does not appear on wiki, its not in the online package manager, just where does it come from ? 
It is in trunk fpc code

Ah, thanks. That explains why we could not find it.
Davo
TinyPortal © 2005-2018