Lazarus

Programming => Networking and Web Programming => Topic started by: Doyenne on March 17, 2023, 05:27:59 pm

Title: GnuTLS binaries for Windows
Post by: Doyenne on March 17, 2023, 05:27:59 pm
What is an easy way to get GnuTLS binaries for Windows?

The OpenSSL dlls are easy to get using e.g. fpcupdeluxe (tab Extras > Get OpenSSL by browser).
I can download a GnuTLS dll via the GnuTLS website (https://gnutls.org/download.html (https://gnutls.org/download.html)), but this dll needs a lot of other dlls (e.g. brotli, zlib1, libssp-0), of which some are included in the MinGW-w64 for Windows distribution, but not all. I gave up searching for all required dlls, as I do not want to download them on vague/general dll providing websites.

Of course I can use OpenSSL, but Michael Van Canneyt suggests that using GnuTLS is better (source: https://www.mail-archive.com/fpc-pascal@lists.freepascal.org/msg53160.html (https://www.mail-archive.com/fpc-pascal@lists.freepascal.org/msg53160.html)).
Title: Re: GnuTLS binaries for Windows
Post by: Thaddy on March 17, 2023, 06:26:22 pm
Answers from three years ago can not be considered current.
However, crypto libraries are essential.
I am not aware of one crypto lib that is better maintained than OpenSSL in its current form.
Basically it is the Industry standard.

What has happened in the past is that OpenSSL kept supporting protocols that are unsafe.
That policy has been dropped a long time ago, unless you compile openSSL yourself.

The problem you are facing is that the world has turned upside down and your library is not current.
For FPC this does not matter.
Title: Re: GnuTLS binaries for Windows
Post by: domasz on March 17, 2023, 08:05:50 pm
Maybe get LibreSSL? It seems it's better than OpenSSL.
https://en.wikipedia.org/wiki/LibreSSL
Title: Re: GnuTLS binaries for Windows
Post by: Thaddy on March 17, 2023, 08:29:30 pm
Quote from: domasz on March 17, 2023, 08:05:50 pm
Maybe get LibreSSL? It seems it's better than OpenSSL.
https://en.wikipedia.org/wiki/LibreSSL
No it is not. It is simply a fork that works around licensing issues. But it is just as good.
Also note MS sponsors OpenSSL, because they probably realized that their API was bonkers. (That is an opinion, not fact)
Title: Re: GnuTLS binaries for Windows
Post by: domasz on March 17, 2023, 08:45:47 pm
Quote from: Thaddy on March 17, 2023, 08:29:30 pm
Quote from: domasz on March 17, 2023, 08:05:50 pm
Maybe get LibreSSL? It seems it's better than OpenSSL.
https://en.wikipedia.org/wiki/LibreSSL
No it is not. It is simply a fork that works around licensing issues. But it is just as good.
LibreSSL was created because of Heartbleed, which was not handled quickly enough by OpenSSL team. Their whole reason to exist is to improve security and modernize the code.
Title: Re: GnuTLS binaries for Windows
Post by: Thaddy on March 17, 2023, 08:51:51 pm
The patch was available within 24 hours.
Title: Re: GnuTLS binaries for Windows
Post by: BobDog on March 17, 2023, 11:13:24 pm

for Mingw
https://winlibs.com/
I got the gcc 12.2 zip archive , just expand the .zip somewhere and put the bin folder on path if you wish.
Nothing in the registry, if you don't like it you can bin it.

TinyPortal © 2005-2018