Status and Maintenance of the OpenSSL Library in Lazarus/Free Pascal

[hdb]

Hello everyone,

I have been using the OpenSSL library in my Lazarus and Free Pascal projects for some time. I have implemented some basic integrations, but I’ve noticed that compatibility with current OpenSSL functions is quite limited. I would like to understand if this is mainly due to maintaining backward compatibility with older versions or because the package lacks active maintenance.

I am interested in contributing, as I have made some modifications for my own use that could benefit the community. For example, I have worked on updating the bindings to support modern functions such as RSA, AES, and SHA-2, adapting them to the OpenSSL 1.1.x and 3.x API.

Is anyone else working on modernizing this library, or would there be interest in a collaborative effort to keep it up to date?

Thank you in advance for any information or suggestions.

[Thaddy]

I use trunk main fpc 3.3.1 and just last day published an example here that uses OpenSSL 3.5, which is a current as you can be.
 So what's the issue? You do not need the API because it is abstracted away in opensslsockets.
You will need fcl-net/web from trunk though.

This particular demo uses openssl 3.5 because there is no other version installed on my new laptop:

Code: Text  [Select][+][-]

1. {$mode delphi}{$ifdef windows}{$apptype console}{$endif}
2. uses
3.   Sysutils,
4.   classes,
5.   fphttpclient,
6.   opensslsockets;
7. var
8.   Client: TFPHttpClient;
9. begin
10.   Client := TFPHttpClient.Create(nil);
11.   try
12.     Client.RequestHeaders.Add('User-Agent: CDDatabase/1.0');
13.     Client.AllowRedirect := true;
14.     try
15.       writeln(Client.Get('https://i.discogs.com/'));
16.     except
17.       on E:Exception do
18.         writeln(e.message);
19.     end;
20.   finally
21.     Client.Free;
22.   end;
23. end.

This is on a brand new laptop with no other code but the latest installed. Just OpenSSL 3.5.
 Stil, first check the current status out and if you are missing something, of course, feel free to contribute.

[hdb]

Thank you. I was actually referring to the openssl unit, which opensslsockets depends on. I'll review the latest updates to the packages and then repost my questions more specifically, once I’m sure about what might actually be missing.

[egsuh]

I use trunk main fpc 3.3.1

But the FPC version with Lazarus 4.0 is 3.2.2, and still OpenSSL 3 is not compatible. Am I wrong?

[dbannon]

I use trunk main fpc 3.3.1

But the FPC version with Lazarus 4.0 is 3.2.2, and still OpenSSL 3 is not compatible. Am I wrong?

You can, if you so choose, use FPC-324branch beta with Lazarus 4, and you can, but do not have to build Lazarus with that FPC beta. Similarly, FPC Trunk. But yes, if you want to download pre-built binary packages, you will get FPC3.2.2

FPC322 will not work with OpenSSL 3 (without some tricks) on significant platforms.

Thaddy seems to ignore the fact that FPC trunk and FPC324-branch are not release versions and cannot be used in a number of situations (including, apparently, the official binary releases).   

Davo

[Thaddy]

Yes, 3.2.2 will not work, but you can use the units from trunk, which supports OpenSSL 3.5.
It uses no new features, I believe, so should compile.
I gave you an example of fpc 3.3.1 + fcl-web/net + openSSL 3.5

So maintenance is actually up-to-date.

BTW my example code has an automatic dependency on the SSL units: you seem to have missed that!

[dbannon]

Thaddy, would you expect a similar approach using TFPHTTPServer to works as well ?  (I ask as I am about to venture into that space.)

Second question, you are using trunk/main, do you believe that release_3_2_4_rc1 has already slipped behind ? I am, personally, uncomfortable giving other people product built from main.

Is it unrealistic to expect a relatively slow moving thing like FPC to keep pace with OpenSSL which does, of necessity, move quite quickly ?

A separate SSL pascal plugin that tracks OpenSSL (eg loosely modeled on libQt5pas) ?

Davo

[Thaddy]

Well, venture!
I am quite sure it works too, but just in case: I will test that too on one of my servers (real server, not local, and with certificate for https)