View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0032789||FPC||Packages||public||2017-12-06 21:25||2019-08-09 10:13|
|Reporter||BBaz||Assigned To||Michael Van Canneyt|
|Product Version||3.0.2||Product Build|
|Target Version||Fixed in Version|
|Summary||0032789: openssl is outdated leading to error when trying to create a SSL context|
|Description||The version strings in openssl.pas are outdated.|
Latest version supported in linux is '1.1'.
Also even with this new version the code beyound raises an ESSL exception related to the context.
|Steps To Reproduce||on a linux distribution with openssl 1.1.X setup (verified to fail with a least 1.1.0g) runs this|
cli: TFPHTTPClient = nil;
cli := TFPHTTPClient.Create(nil);
cli.AddHeader('User-Agent','Mozilla/5.0 (compatible; fpweb)');
|Tags||No tags attached.|
|Fixed in Revision|
It also fails with 1.1.0f on debian stretch.
Funny thing is that wget --https-only also fails on that particular link.
wget may fail because of the User-Agent required by GH. But CURL as a command line tool works.
So for now i use CURL (fortunately the use case is a simple GH API query) but one thing i forgot to say is that if possible the fix should propose a way for the user to set custom versions and reload the libraries. Why ? Because 2 years can elapse between two FPC points release.
||There's an error in the test case: replace "SimpleGet" by "Get"|
It would sure be useful if 0032367 hadn't been voted down, huh?
Openssl 1.0 and 1.1 have subtle and not-so-subtle API differences, linking to "whatever" will cause problems such as this here.
You need to rethink the API so that the user can overcome the issue (if it happens again). It's critical for a desktop application to get enhanced with web content nowadays. Don't cry if people get on using Elektron.
As a workaround i wonder if loading the module manually would make the requests working (i.e use the dll injection principle). Because if i have to fix it the regular way, then i need to put the whole fcl-web package in my project.
||The issue is not with FPC... It is an issue with old openssl libs that still allow ssl2,3 instead of tls. Modern browsers will not accept those anyway. It also means those servers are not up to date. It also means Curl still supports insecure protocols. I think this can be closed, unless the openssl interface can be adapted to drop insecure protocols. If you want, you can compile openssl yourself with the legacy protocols enabled.(not easy, but doable)|
I will look at the openssl issue.
Meanwhile, when using trunk you can use GnuTLS support, which has a more sensible and comprehensible API.
I am also experiencing this issue with fphttpclient on Ubuntu 19.04 with fpc and lazarus installed through apt.
> It also means those servers are not up to date.
Interestingly enough I get it with every single major website I've tried: google, amazon, ebay, wikipedia, ddg, github, microsoft, etc.
This issue seems to have been fixed in trunk? I compiled and installed fpc and lazarus both from trunk and it solves the problem with my application that uses fphttpclient and I only needed to add the opensslsockets unit to my uses. It's still very unfortunate for anyone trying Lazarus and FreePascal for the first time on Ubuntu or possibly other distributions only to be hit by this nasty bug if they try to do anything web related.
I have no issues with trunk -r42590+
I have 1.1.1c as my openssl version. (which is current and supported)
|2017-12-06 21:25||BBaz||New Issue|
|2017-12-07 09:07||Thaddy de Koning||Note Added: 0104553|
|2017-12-07 09:34||BBaz||Note Added: 0104556|
|2017-12-07 09:37||BBaz||Note Added: 0104557|
|2017-12-07 12:34||Martok||Note Added: 0104560|
|2019-01-22 08:08||BBaz||Note Added: 0113561|
|2019-01-22 09:03||Thaddy de Koning||Note Added: 0113563|
|2019-01-27 09:33||Michael Van Canneyt||Assigned To||=> Michael Van Canneyt|
|2019-01-27 09:33||Michael Van Canneyt||Status||new => assigned|
|2019-01-27 09:36||Michael Van Canneyt||Note Added: 0113657|
|2019-06-27 20:30||Richard S.||Note Added: 0116976|
|2019-08-09 10:13||Thaddy de Koning||Note Added: 0117605|
|2019-08-09 10:13||Thaddy de Koning||Note Edited: 0117605||View Revisions|