Watch, Follow, &
Connect with Us

For forums, blogs and more please visit our
Developer Tools Community.


Welcome, Guest
Guest Settings
Help

Thread: Delphi XE5 / REST / Indy 10 / OpenSSL 1.0.1s



Permlink Replies: 5 - Last Post: Mar 10, 2016 9:23 AM Last Post By: Angus Robertson
Jean-Fabien Con...

Posts: 14
Registered: 9/8/01
Delphi XE5 / REST / Indy 10 / OpenSSL 1.0.1s
Click to report abuse...   Click to reply to this thread Reply
  Posted: Mar 9, 2016 2:46 AM
I'm using the REST library in Delphi XE5 and it can't load the latest OpenSSL 1.0.1s. It works fine with 1.0.1r though. So I guess changes in 1.0.1s are incompatible with the REST library in Delphi XE5. AFAIK, The REST library in Delphi XE5 is relying on Indy 10. I've updated Indy 10 from SVN and installed the new BPLs in Component>Install Packages... but I guess that the REST library would need to be recompiled or something in order to leverage the updated Indy 10. Any thoughts on how to resolve this? Thanks in advance.
Remy Lebeau (Te...


Posts: 9,447
Registered: 12/23/01
Re: Delphi XE5 / REST / Indy 10 / OpenSSL 1.0.1s
Click to report abuse...   Click to reply to this thread Reply
  Posted: Mar 9, 2016 12:42 PM   in response to: Jean-Fabien Con... in response to: Jean-Fabien Con...
Jean-Fabien wrote:

I'm using the REST library in Delphi XE5 and it can't load the latest
OpenSSL 1.0.1s. It works fine with 1.0.1r though.

OpenSSL made API changes in 1.0.1s and 1.0.2g, in particular SSLv2 is now
disabled and no longer exported by default, it has to be explicitly enabled
when compiling OpenSSL. Older versions of Indy will not handle that change,
but recent versions do (see http://www.indyproject.org/Sockets/blogs/changelog/20150907.aspx
for details).

So I guess changes in 1.0.1s are incompatible with the REST library
in Delphi XE5. AFAIK, The REST library in Delphi XE5 is relying on Indy 10.

Yes, and in particular an Embarcadero-private copy of Indy that is hidden
behind an abstraction layer so users can freely update Indy installs without
affecting Embarcadero's technologies, like DataSnap and REST.

I've updated Indy 10 from SVN and installed the new BPLs in
Component>Install Packages... but I guess that the REST library
would need to be recompiled or something in order to leverage
the updated Indy 10.

Yes. Supposedly, you can recompile Embarcadero's IndyPeer package. But
I have not heard of anyone actually being successful in doing that.

--
Remy Lebeau (TeamB)
Jean-Fabien Con...

Posts: 14
Registered: 9/8/01
Re: Delphi XE5 / REST / Indy 10 / OpenSSL 1.0.1s
Click to report abuse...   Click to reply to this thread Reply
  Posted: Mar 10, 2016 4:52 AM   in response to: Remy Lebeau (Te... in response to: Remy Lebeau (Te...
Remi, thanks for the great details. Looks like REST on Delphi XE5 is stuck with pre-1.0.1s/1.0.2g OpenSSL until REST library recompilation on Delphi XE5 is figured out in some way.
Angus Robertson

Posts: 205
Registered: 3/17/00
Re: Delphi XE5 / REST / Indy 10 / OpenSSL 1.0.1s
Click to report abuse...   Click to reply to this thread Reply
  Posted: Mar 10, 2016 6:49 AM   in response to: Jean-Fabien Con... in response to: Jean-Fabien Con...
Remi, thanks for the great details. Looks like REST on Delphi XE5
is stuck with pre-1.0.1s/1.0.2g OpenSSL until REST library
recompilation on Delphi XE5 is figured out in some way.

You can always use the ICS OpenSSL versions, which still include SSLv2
exports so will work with XE5:

http://wiki.overbyte.be/arch/openssl-1.0.1s-win32-sslv2.zip

and

http://wiki.overbyte.be/arch/openssl-1.0.2g-win64-sslv2.zip

Note we may not produce builds with SSLv2 in future, four builds per
release was bad, eight is very painful. And it will get worse when
OpenSSL 1.1.0 is released in two months time.

Angus
Jean-Fabien Con...

Posts: 14
Registered: 9/8/01
Re: Delphi XE5 / REST / Indy 10 / OpenSSL 1.0.1s
Click to report abuse...   Click to reply to this thread Reply
  Posted: Mar 10, 2016 8:54 AM   in response to: Angus Robertson in response to: Angus Robertson
Angus, thanks for the links. I should have mentioned that I was using the OpenSSL DLLs from http://indy.fulgan.com/SSL/. Also I didn't realize that ICS was building OpenSSL DLLs with or without SSLv2 support. Thanks again.
Angus Robertson

Posts: 205
Registered: 3/17/00
Re: Delphi XE5 / REST / Indy 10 / OpenSSL 1.0.1s
Click to report abuse...   Click to reply to this thread Reply
  Posted: Mar 10, 2016 9:23 AM   in response to: Jean-Fabien Con... in response to: Jean-Fabien Con...
Angus, thanks for the links. I should have mentioned that I was
using the OpenSSL DLLs from http://indy.fulgan.com/SSL/. Also I
didn't realize that ICS was building OpenSSL DLLs with or without
SSLv2 support. Thanks again.

We only did it for the last OpenSSL release, for exactly the reason you
need them, backward compatibility with existing applications.

Beware you should still disable SSLv2 and probably SSLv3, not sure if
the SSLv2 exploits were fixed in code, or by removing code.

Angus
Legend
Helpful Answer (5 pts)
Correct Answer (10 pts)

Server Response from: ETNAJIVE02