Recent

Author Topic: FPHTTPClient and SSL not working  (Read 1474 times)

geraldholdsworth

  • Full Member
  • ***
  • Posts: 226
FPHTTPClient and SSL not working
« on: January 23, 2025, 08:44:33 pm »
Hi all,

Following on from my post here, I've worked out that it is just HTTPS URLs that fail. However, https://google.com works (as does google.co.uk). I get, for Bing for example, is Connect to www.bing.com:443 failed.
I have absolutely no idea how to find out what version of FPHTTPClient, or OpenSSL, I am using or even where to find a newer version or even how to install it.

I'm using Lazarus 3.0 on macOS 15.

The code is currently:
Code: Pascal  [Select][+][-]
  1. unit Unit1;
  2.  
  3. {$mode objfpc}{$H+}
  4.  
  5. interface
  6.  
  7. uses
  8.  Classes, SysUtils, Forms, Controls, Graphics, Dialogs,ExtCtrls,StdCtrls,
  9.  fphttpclient, openssl, opensslsockets;
  10.  
  11. type
  12.  
  13.  { TForm1 }
  14.  
  15.  TForm1 = class(TForm)
  16.   Button1:TButton;
  17.   Memo1:TMemo;
  18.   Panel1:TPanel;
  19.   procedure Button1Click(Sender:TObject);
  20.  private
  21.  
  22.  public
  23.  
  24.  end;
  25.  
  26. var
  27.  Form1: TForm1;
  28.  
  29. implementation
  30.  
  31. {$R *.lfm}
  32.  
  33. { TForm1 }
  34.  
  35. procedure TForm1.Button1Click(Sender:TObject);
  36. begin
  37.  InitSSLInterface;
  38.  With TFPHTTPClient.Create(Nil) do
  39.  begin
  40.   AllowRedirect:=True;
  41.   AddHeader('User-Agent', 'Mozilla/5.0 (compatible; fpweb)');
  42.   try
  43.    try
  44.     Memo1.Lines.Add(Get('https://www.bing.com'));
  45.    except on E: Exception do
  46.     Memo1.Lines.Add(E.Message);
  47.    end;
  48.   finally
  49.    Free;
  50.   end;
  51.  end;
  52. end;
  53.  
  54. end.
  55.  

I have seen some code using "ValidateSSLCertificate" with TFPHTTPClient, but Lazarus reports this as unknown.

Thaddy

  • Hero Member
  • *****
  • Posts: 16532
  • Kallstadt seems a good place to evict Trump to.
Re: FPHTTPClient and SSL not working
« Reply #1 on: January 24, 2025, 08:21:28 am »
If you need to call InitSSLInterface then you are using a version that is at least 12 years old.
That will unfortunately limit any support from me.
I suppose your SSL libraries are outdated too?
This minimalistic code should work, well, works:
Code: Pascal  [Select][+][-]
  1. {$mode objfpc}{$H+}
  2. uses
  3.  sysutils,
  4.  fphttpclient,
  5.  opensslsockets;
  6. var
  7.   client:TfpHttpClient;
  8. begin
  9.   client := TfpHttpClient.Create(nil);
  10.   try
  11.     try
  12.       client.AllowRedirect := true;
  13.       client.RequestHeaders.Add('User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.3');
  14.       writeln(client.get('https://www.bing.com'));
  15.     except
  16.        On E:EHttpClient do
  17.           writeln (E.message)
  18.        else
  19.           raise;
  20.     end;
  21.   finally
  22.     client.free;
  23.   end;
  24. end.
If it does not work your installation is hopelessly outdated and I can not help you any further.
« Last Edit: January 24, 2025, 08:31:08 am by Thaddy »
But I am sure they don't want the Trumps back...

TRon

  • Hero Member
  • *****
  • Posts: 3979
I do not have to remember anything anymore thanks to total-recall.

Thaddy

  • Hero Member
  • *****
  • Posts: 16532
  • Kallstadt seems a good place to evict Trump to.
Re: FPHTTPClient and SSL not working
« Reply #3 on: January 24, 2025, 08:46:55 am »
Note the above code should therefor work on all platforms that support fcl-net.
The technical information in the wiki is maybe a bit over the top for simple users.
Boils simply down to: be current.
But I am sure they don't want the Trumps back...

geraldholdsworth

  • Full Member
  • ***
  • Posts: 226
Re: FPHTTPClient and SSL not working
« Reply #4 on: January 24, 2025, 09:17:45 am »
Thank you both.

It seems, to me, that as the eventual target for the application I'm writing is likely to be either a RaspberryPi or a Windows machine, getting it working on a Mac is a fruitless endeavour...for now.

I have found that, for the unit I'm trying to communicate with, curl in Terminal also works (and it also runs on Windows command line) - so I was thinking about firing that off from a Lazarus application and somehow harnessing the output (maybe saving the output to a file which the application then picks up).
« Last Edit: January 24, 2025, 09:34:08 am by geraldholdsworth »

Thaddy

  • Hero Member
  • *****
  • Posts: 16532
  • Kallstadt seems a good place to evict Trump to.
Re: FPHTTPClient and SSL not working
« Reply #5 on: January 24, 2025, 12:45:01 pm »
My code works on a raspberry pi too..(all flavors)But it also works on a mac.
« Last Edit: January 24, 2025, 12:46:40 pm by Thaddy »
But I am sure they don't want the Trumps back...

geraldholdsworth

  • Full Member
  • ***
  • Posts: 226
Re: FPHTTPClient and SSL not working
« Reply #6 on: January 25, 2025, 03:33:21 pm »
I managed to get it running on Windows. I then compiled it for the Pi, but it wouldn't run - could just be my inexperience with Linux..

However, looks like we're going to get a Windwos tablet PC to put this application on, then sell to the client.

One day I'll look to get this going on a Mac.

Thaddy

  • Hero Member
  • *****
  • Posts: 16532
  • Kallstadt seems a good place to evict Trump to.
Re: FPHTTPClient and SSL not working
« Reply #7 on: January 25, 2025, 03:44:11 pm »
I tested the code on a RPi AARCH64 too. No problems.(but I used trunk/main)
The only dependency is frankly the ssl libraries and these must be up-to-date.
« Last Edit: January 25, 2025, 03:48:04 pm by Thaddy »
But I am sure they don't want the Trumps back...

TRon

  • Hero Member
  • *****
  • Posts: 3979
Re: FPHTTPClient and SSL not working
« Reply #8 on: January 25, 2025, 06:35:11 pm »
I managed to get it running on Windows. I then compiled it for the Pi, but it wouldn't run - could just be my inexperience with Linux..
"wouldn't run" is not an error. Keep in mind that nothing can be done to help you when that is all there is to mention. Better would be to make a small compileable example that you can test (but also share for us to test) and run it from a terminal window. In case the libraries are not installed or other requirements missing the system will spill out a error message. In worse case scenario a strace is able to provide more information on what goes wrong.

Just like Thaddy I do not have any issues as described.
I do not have to remember anything anymore thanks to total-recall.

dbannon

  • Hero Member
  • *****
  • Posts: 3219
    • tomboy-ng, a rewrite of the classic Tomboy
Re: FPHTTPClient and SSL not working
« Reply #9 on: January 25, 2025, 11:48:33 pm »
You seem a bit reluctant to tell us what FPC you are using on Linux. If its FPC3.2.2 you must also install the openSSL development library (or make a symlink to the library).  Does not apply if you are using trunk or (recommended) FPC324rc1.

I would suggest any new project based on FPC322 and SSL is not a good idea.

Davo
Lazarus 3, Linux (and reluctantly Win10/11, OSX Monterey)
My Project - https://github.com/tomboy-notes/tomboy-ng and my github - https://github.com/davidbannon

geraldholdsworth

  • Full Member
  • ***
  • Posts: 226
Re: FPHTTPClient and SSL not working
« Reply #10 on: January 26, 2025, 01:05:58 am »
I use my Mac to cross compile to Linux and Windows. It'll be v3.0 of Lazarus. Not sure what the FPC version is though. I've installed the cross compiler using FPCUpDeluxe.

I have cross compiled to Linux before, with other projects, using this method which have run successfully. I don't run Lazarus on Linux.

dbannon

  • Hero Member
  • *****
  • Posts: 3219
    • tomboy-ng, a rewrite of the classic Tomboy
Re: FPHTTPClient and SSL not working
« Reply #11 on: January 26, 2025, 07:12:20 am »
gerald, the issue I mention is a FPC issue, relating to how old FPC322 is. Its not a Lazarus issue.

"I think" that if you cross compile from your mac to aarch64-linux (ie raspi) using FPC322, then if your app uses SSL, you should add libssl-dev to its Raspi version run time dependencies list (assuming a Debian or Fedora based OS on the 'Pi, Arch for example does not need it.).

If you compile (ie cross compile) using a release candidate FPC, not a problem.

If you depend on the $PATH (a unix approach) to find FPC at compile time, type -
Code: Text  [Select][+][-]
  1. $> fpc -vh <enter>
To see the version.

Davo

Lazarus 3, Linux (and reluctantly Win10/11, OSX Monterey)
My Project - https://github.com/tomboy-notes/tomboy-ng and my github - https://github.com/davidbannon

Thaddy

  • Hero Member
  • *****
  • Posts: 16532
  • Kallstadt seems a good place to evict Trump to.
Re: FPHTTPClient and SSL not working
« Reply #12 on: January 26, 2025, 08:08:39 am »
Gerald, why not compile on the
Rapberry pi itself?
Code: Bash  [Select][+][-]
  1. sudo apt update
  2. sudo apt upgrade
  3. sudo apt install fpc
This will install fpc 3.2.2 and at least on my Raspberry pi's my example works (but that also works on a recent M series Mac)
Of course if you Pi has an old version of the OS it will still not work because recent ssl is necessary.
But I am sure they don't want the Trumps back...

Thaddy

  • Hero Member
  • *****
  • Posts: 16532
  • Kallstadt seems a good place to evict Trump to.
Re: FPHTTPClient and SSL not working
« Reply #13 on: January 26, 2025, 08:15:25 am »
For openSSL type openssl version.
The openSSL version must be series 3.x.x - this is not an fpc version -  or 1.1.1 and not earlier than 2022 preferably newer.
« Last Edit: January 26, 2025, 08:20:03 am by Thaddy »
But I am sure they don't want the Trumps back...

BSaidus

  • Hero Member
  • *****
  • Posts: 609
  • lazarus 1.8.4 Win8.1 / cross FreeBSD
Re: FPHTTPClient and SSL not working
« Reply #14 on: January 26, 2025, 09:34:05 am »
Hi,
Verify (seek) the name of the .so library and see if the name correspond to ones you have in your openssl unit.
Code: Pascal  [Select][+][-]
  1. const
  2. // SSL and Crypto DLL arrays must have the same length and contain
  3. // matched pairs of DLL filenames. Place newer versions at the beginning.
  4. {$IF DEFINED(WIN64)}
  5.   SSL_DLL_Names:    array[1..4] of string = ('libssl-3-x64',    'libssl-1_1-x64',    'ssleay32', 'libssl32');
  6.   Crypto_DLL_Names: array[1..4] of string = ('libcrypto-3-x64', 'libcrypto-1_1-x64', 'libeay32', 'libeay32');
  7. {$ELSEIF DEFINED(WINDOWS)}
  8.   SSL_DLL_Names:    array[1..4] of string = ('libssl-3',    'libssl-1_1',    'ssleay32', 'libssl32');
  9.   Crypto_DLL_Names: array[1..4] of string = ('libcrypto-3', 'libcrypto-1_1', 'libeay32', 'libeay32');
  10. {$ELSEIF DEFINED(OS2GCC)}
  11.   SSL_DLL_Names:    array[1..2] of string = ('kssl10',   'kssl');
  12.   Crypto_DLL_Names: array[1..2] of string = ('kcrypt10', 'kcrypto');
  13. {$ELSEIF DEFINED(OS2)}
  14.   SSL_DLL_Names:    array[1..2] of string = ('emssl10',  'ssl');
  15.   Crypto_DLL_Names: array[1..2] of string = ('emcrpt10', 'crypto');
  16. {$ELSE}
  17.   BaseSSLName: string = 'libssl';
  18.   BaseCryptoName: string = 'libcrypto';
  19.   { ADD NEW ONES WHEN THEY APPEAR!
  20.     Always make .so/dylib first, then versions, in descending order!
  21.     Add "." .before the version, first is always just "" }
  22.   DLLVersions: array[1..20] of string = ('', '.3', '.1.1', '.11', '.10', '.1.0.6', '.1.0.5', '.1.0.4', '.1.0.3',
  23.                                         '.1.0.2', '.1.0.1','.1.0.0','.0.9.8',
  24.                                         '.0.9.7', '.0.9.6', '.0.9.5', '.0.9.4',
  25.                                         '.0.9.3', '.0.9.2', '.0.9.1');
  26.   LibreSSLVersions : Array[1..8] of string =
  27.                      ('', '.48', '.47', '.46', '.45', '.44', '.43', '.35');
  28.  
  29.   // Mac OS no longer allows you to load the unversioned one. Bug ID 36484.
  30.   {$IFDEF DARWIN}
  31.   StartVersionOffset = 1;
  32.   DefaultLibreSSLSupport = lssFirst;
  33.   {$ElSE}
  34.   StartVersionOffset = 0;
  35.   DefaultLibreSSLSupport = lssLast;
  36.   {$ENDIF}
  37.  
  38. Var
  39.    LibreSSLSupport : TLibreSSLSupport = DefaultLibreSSLSupport;
  40. {$ENDIF}        
  41.  


if you find that the the existing .so library differs, then create a symbolic name to it with a name corresponding to the ones existing in your openssl.pas unit.

lazarus 1.8.4 Win8.1 / cross FreeBSD
dhukmucmur vernadh!

 

TinyPortal © 2005-2018