Watch, Follow, &
Connect with Us

Welcome, Guest
Guest Settings
Help

Thread: Indy TIdHttpServer With SSL on Win64


This question is not answered. Helpful answers available: 2. Correct answers available: 1.


Permlink Replies: 18 - Last Post: May 21, 2017 8:36 AM Last Post By: Clayton Arends Threads: [ Previous | Next ]
Ahmed Sayed

Posts: 154
Registered: 8/9/07
Indy TIdHttpServer With SSL on Win64  
Click to report abuse...   Click to reply to this thread Reply
  Posted: Sep 1, 2016 6:54 AM
Hi,

I am trying to use TIdHttpServer with a 64bit application
using RAD Studio 10 Seatlle. But every time i start the server
it gives me this run-time error:
Access violation at address 000007FEDF104D74 in module 'libeay32.dll'.
Read of address FFFFFFFFF....


ohh, and one more thing the error is not persistent
sometimes it gets raised. sometimes not.

I just need to where can i get the right OpenSSL libs that work
with this indy version and how to deploy them correctly?

Because this error is deriving me crazy !!!!!!!!!
--
The limits of my language mean the limits of my world
Remy Lebeau (Te...


Posts: 8,305
Registered: 12/23/01
Re: Indy TIdHttpServer With SSL on Win64  
Click to report abuse...   Click to reply to this thread Reply
  Posted: Sep 1, 2016 11:57 AM   in response to: Ahmed Sayed in response to: Ahmed Sayed
Ahmed wrote:

I am trying to use TIdHttpServer with a 64bit application
using RAD Studio 10 Seatlle. But every time i start the server
it gives me this run-time error:

Access violation at address 000007FEDF104D74 in module 'libeay32.dll'.
Read of address FFFFFFFFF....

There is not enough information to diagnose the problem. My guess is an
invalid/nil pointer is being accessed somewhere. Can you reproduce the problem
when running your app in the debugger? What code is located at address $7FEDF104D74?
Are you using an up-to-date version of Indy? Are you using the latest 1.0.2
version of OpenSSL? Are you using the 64bit version of the OpenSSL DLLs?

I just need to where can i get the right OpenSSL libs that work with
this indy version

http://indy.fulgan.com/SSL

and how to deploy them correctly?

Simply put the DLLs in the same folder as your app executable.

--
Remy Lebeau (TeamB)
Ahmed Sayed

Posts: 154
Registered: 8/9/07
Re: Indy TIdHttpServer With SSL on Win64  
Click to report abuse...   Click to reply to this thread Reply
  Posted: Sep 1, 2016 1:35 PM   in response to: Remy Lebeau (Te... in response to: Remy Lebeau (Te...
The exception is raised when i start the server using

Active = true;

And when i press F8 it start showing me CPU codes

At first tried using the same dlls that i use on 32bit
then i downloaded dlls from this page:

http://www.indyproject.org/Sockets/fpc/OpenSSLforWin64.en.aspx

But that did not work then i installed these:

openssl-1.0.2h-x64_86-win64.zip

from this site:

http://indy.fulgan.com/SSL

But that didn't work either, I am using indy that ships with
RAD Studio 10 Seattle ver: 10.6.2.5298

Windows 7 64bit pro (development machine)
App framework: FMX

I tried placing the dlls once in system32 folder and once
in my app folder. And as i said before the error is not always
raised. (sometimes)

I mean i run the app without debugger the error is raised,
i close and run again voila it works with https and everything is fine.

oh, And i start the server at TDataModule constructor method
after setting Certificates files to IOHandler.

--
The limits of my language mean the limits of my world
Remy Lebeau (Te...


Posts: 8,305
Registered: 12/23/01
Re: Indy TIdHttpServer With SSL on Win64 [Edit]  
Click to report abuse...   Click to reply to this thread Reply
  Posted: Sep 1, 2016 2:00 PM   in response to: Ahmed Sayed in response to: Ahmed Sayed
Ahmed wrote:

At first tried using the same dlls that i use on 32bit

You can't use 32bit DLLs in a 64bit process, and vice versa.


That is an old page and an old version of OpenSSL.

The latest OpenSSL DLLs that are known to work with Indy are available at
http://indy.fulgan.com/SSL/ for both 32bit and 64bit builds.

then i installed these:

openssl-1.0.2h-x64_86-win64.zip

from this site:

http://indy.fulgan.com/SSL

But that didn't work either

It should work. I will have to test it when I have some time.

I am using indy that ships with RAD Studio 10 Seattle ver: 10.6.2.5298

Windows 7 64bit pro (development machine)
App framework: FMX

I tried placing the dlls once in system32 folder and once in my app
folder.

Don't do that. Your app folder is enough.

And as i said before the error is not always raised. (sometimes)

Makes me wonder if maybe is an environmental issue, not related to the DLLs
themselves.

--
Remy Lebeau (TeamB)
Ahmed Sayed

Posts: 154
Registered: 8/9/07
Re: Indy TIdHttpServer With SSL on Win64 [Edit]  
Click to report abuse...   Click to reply to this thread Reply
  Posted: Sep 1, 2016 2:06 PM   in response to: Remy Lebeau (Te... in response to: Remy Lebeau (Te...
Makes me wonder if maybe is an environmental issue, not related to the DLLs
themselves.

You mean FMX or the version of windows itself?

--
The limits of my language mean the limits of my world
Remy Lebeau (Te...


Posts: 8,305
Registered: 12/23/01
Re: Indy TIdHttpServer With SSL on Win64 [Edit]  
Click to report abuse...   Click to reply to this thread Reply
  Posted: Sep 1, 2016 3:30 PM   in response to: Ahmed Sayed in response to: Ahmed Sayed
Ahmed wrote:

You mean FMX or the version of windows itself?

Windows, or maybe Dephi itself. VCL/FMX is not a factor in this.

--
Remy Lebeau (TeamB)
Ahmed Sayed

Posts: 154
Registered: 8/9/07
Re: Indy TIdHttpServer With SSL on Win64 [Edit]  
Click to report abuse...   Click to reply to this thread Reply
  Posted: Sep 5, 2016 2:09 AM   in response to: Remy Lebeau (Te... in response to: Remy Lebeau (Te...
The call stack shows me the exception in these functions:

TIdCustomServer::SetActive(bool)
TIdCustomHTTPServer::StartUp()
TIdServerIOHandlerSSLOpenSSL::init()
TIdSSLContext::InitContext(TIdSSLCtxMode)
IndySSL_load_client_CA_fileEN6System13UnicodeStringE|94

Also, the error is raised more when i run the app without the debugger.
I am loading the certificates in a DataModule constructor and starting
the server on the main form constructor. And that's raises the error with
or without the debugger.

But when I don't start the server during startup and wait
for the main form to show and then start it manually while running
the app with debugger, the error is not raised. but if i run it without
debugger it is raised again.

--
The limits of my language mean the limits of my world
Ahmed Sayed

Posts: 154
Registered: 8/9/07
Re: Indy TIdHttpServer With SSL on Win64 [Edit]  
Click to report abuse...   Click to reply to this thread Reply
  Posted: Sep 5, 2016 4:43 AM   in response to: Ahmed Sayed in response to: Ahmed Sayed
I tried a sample app with Berlin and Indy ver: 10.6.2.5341
But this time it gave me this error that it can't load root cert:

Could not load root certificate.
error:00000000:lib(0):func(0):reason(0)


Is there anything that must be changed in the certificates
to make it work with 64bit versions?

--
The limits of my language mean the limits of my world
Clayton Arends


Posts: 13
Registered: 7/19/01
Re: Indy TIdHttpServer With SSL on Win64 [Edit]  
Click to report abuse...   Click to reply to this thread Reply
  Posted: May 18, 2017 10:18 AM   in response to: Ahmed Sayed in response to: Ahmed Sayed
I am getting this error as well in Tokyo. I have created two very simple test applications in Delphi and C++Builder. The application has a TIdServerIOHandlerSSLOpenSSL bound to a TIdHTTPServer's IOHandler. The certificate files are assigned to the SSLOptions. When the HTTP server's Active property is set to true in the Delphi application it activates fine while in the C++Builder application it fails with the "Could not load root certificate" error.

I've tried the fulgan 64-bit OpenSSL dlls from 1.0.1j to 1.0.1u and 1.0.2a to 1.0.2k. I also tried the latest 1.0.2k from Shining Light Productions (with the MVSRTL dependency). I've tried the latest Indy source (as of April) and the binaries distributed with RAD Studio. All attempts resulted in the same error.

I added debugs to the source and found the call to X509_LOOKUP_ctrl() returns a result of 1 in the Delphi application and 0 in the C++Builder application. The trace looks like this:
X509_LOOKUP_ctrl()
X509_LOOKUP_load_file()
IndyX509_STORE_load_locations()
IndySSL_CTX_load_verify_locations()
TIdSSLContext.LoadRootCert()

I don't see any code in these functions that would run differently in Delphi vs C++Builder so I suspect the real cause is somewhere else. Perhaps in initialization code.

Edited by: Clayton Arends on May 18, 2017 10:40 AM
Arkady Semylio

Posts: 6
Registered: 5/25/17
Re: Indy TIdHttpServer With SSL on Win64 [Edit]  
Click to report abuse...   Click to reply to this thread Reply
  Posted: May 18, 2017 10:15 PM   in response to: Clayton Arends in response to: Clayton Arends
Clayton Arends wrote:
I am getting this error as well in Tokyo. I have created two very simple test applications in Delphi and C++Builder. The application has a > I don't see any code in these functions that would run differently in Delphi vs C++Builder so I suspect the real cause is somewhere else. Perhaps in initialization code.

Are you compiling with runtime packages or static libs?
Clayton Arends


Posts: 13
Registered: 7/19/01
Re: Indy TIdHttpServer With SSL on Win64 [Edit]  
Click to report abuse...   Click to reply to this thread Reply
  Posted: May 19, 2017 1:11 PM   in response to: Arkady Semylio in response to: Arkady Semylio
Arkady Semylio wrote:
Are you compiling with runtime packages or static libs?

Static libs. It runs fine if I use the runtime packages distributed with Tokyo or the latest Indy binaries.

Using runtime packages is not an option for my actual application.
Antonio Estevez

Posts: 545
Registered: 4/12/00
Re: Indy TIdHttpServer With SSL on Win64 [Edit]  
Click to report abuse...   Click to reply to this thread Reply
  Posted: May 19, 2017 1:40 PM   in response to: Clayton Arends in response to: Clayton Arends
El 19/05/2017 a las 22:11, Clayton Arends escribió:
Arkady Semylio wrote:
Are you compiling with runtime packages or static libs?

Static libs. It runs fine if I use the runtime packages distributed with Tokyo or the latest Indy binaries.

Using runtime packages is not an option for my actual application.

Did you installed the "April 2017 RAD Studio 10.2 Hotfix for Toolchain Issues"?
http://cc.embarcadero.com/item/30764

It solves some issues of the Delphi Win64 compiler related to linking without runtime packages.

Clayton Arends


Posts: 13
Registered: 7/19/01
Re: Indy TIdHttpServer With SSL on Win64 [Edit]  
Click to report abuse...   Click to reply to this thread Reply
  Posted: May 21, 2017 8:36 AM   in response to: Antonio Estevez in response to: Antonio Estevez
{quote:title=Antonio Estevez wrote:}
Did you installed the "April 2017 RAD Studio 10.2 Hotfix for Toolchain Issues"?
http://cc.embarcadero.com/item/30764

It solves some issues of the Delphi Win64 compiler related to linking without runtime packages.

Yes. I had to wait for the hotfix due to other problems that it fixed. Namely RSP-17759, RSP-17121.

And, side note, Embarcadero did not distribute patched Indy binaries so some Indy errors still contain bad text.
Arkady Semylio

Posts: 6
Registered: 5/25/17
Re: Indy TIdHttpServer With SSL on Win64 [Edit]  
Click to report abuse...   Click to reply to this thread Reply
  Posted: May 20, 2017 6:40 AM   in response to: Clayton Arends in response to: Clayton Arends
Clayton Arends wrote:
Arkady Semylio wrote:
Are you compiling with runtime packages or static libs?

Static libs. It runs fine if I use the runtime packages distributed with Tokyo or the latest Indy binaries.

I've a service application built with bcc32c (clang) without runtime packeages and it works fine with openssl's dll. I've put the aforementioned dll in the same folder of service's executable. Then I've switched to bcc64: it all compiled fine. I've put the openssl's dll (64 bit version) in the exe's folder. Moral: all build configurations works fine (bcc32c single exe, bcc32c exe + runtime pkgs and bcc64 + runtime pkgs). With bcc64 single exe configuration it fails when tries to load the ssl certificate (when the service is started), with the following message:

First chance exception at $000007FEFD55A06D. Exception class EIdOSSLLoadingRootCertError
with message 'Could not load root certificate.
error:00000000:lib(0):func(0):reason(0)'.

I was never able to solve this problem. Please, if you can find a recipe (alternative solution) let me know the necessary steps.

Using runtime packages is not an option for my actual application.

I'm sorry that you can't use runtime packages.

Bye bye
Ahmed Sayed

Posts: 154
Registered: 8/9/07
Re: Indy TIdHttpServer With SSL on Win64 [Edit]  
Click to report abuse...   Click to reply to this thread Reply
  Posted: Sep 5, 2016 2:58 AM   in response to: Remy Lebeau (Te... in response to: Remy Lebeau (Te...
I tried with another clean VCL project to test if it was something
wrong with FMX, and i noticed something:

The error is raised only when i use these dlls from this version:

openssl-1.0.2h-x64_86-win64

But when i remove them from my app exe folder everything works
fine and i get https:/localhost/ working.

so, i guess it must be something in those dlls

--
The limits of my language mean the limits of my world
Clayton Arends


Posts: 13
Registered: 7/19/01
Re: Indy TIdHttpServer With SSL on Win64 [Edit]  
Click to report abuse...   Click to reply to this thread Reply
  Posted: May 18, 2017 10:27 AM   in response to: Ahmed Sayed in response to: Ahmed Sayed
Can you explain what you mean when you say you remove the .dlls? Which .dlls are used if you deleted those .dlls?
Ahmed Sayed

Posts: 154
Registered: 8/9/07
Re: Indy TIdHttpServer With SSL on Win64 [Edit]  
Click to report abuse...   Click to reply to this thread Reply
  Posted: May 19, 2017 7:08 AM   in response to: Clayton Arends in response to: Clayton Arends
I meant when i removed openssl dlls from app path.
But i fixed the probllem by llinking with runtime packages
also DO NOT LOAD THE ROOT certificates only
server cert and private key and it will wok fine.
--
The limits of my language mean the limits of my world
Clayton Arends


Posts: 13
Registered: 7/19/01
Re: Indy TIdHttpServer With SSL on Win64 [Edit]  
Click to report abuse...   Click to reply to this thread Reply
  Posted: May 19, 2017 1:23 PM   in response to: Ahmed Sayed in response to: Ahmed Sayed
Ahmed Sayed wrote:
I meant when i removed openssl dlls from app path.

The question is still the same. If you remove the OpenSSL dlls from the app path then where are the dlls that your app is using? Windows\System32? And, wherever the dlls are what version of the OpenSSL dlls are being used?

But i fixed the probllem by llinking with runtime packages

I'm glad this works for you. Unfortunately, this will not work for me because my application must be built using static libraries.

also DO NOT LOAD THE ROOT certificates only
server cert and private key and it will wok fine.

Again, I'm glad this works for you. I have verified that you are correct in my test application. However, my actual application contains an HTTP server that my customers can freely configure and must be able to support root certs.
Ahmed Sayed

Posts: 154
Registered: 8/9/07
Re: Indy TIdHttpServer With SSL on Win64 [Edit]  
Click to report abuse...   Click to reply to this thread Reply
  Posted: May 19, 2017 3:46 PM   in response to: Clayton Arends in response to: Clayton Arends
If openssl dlls are not in same app folder then they are
in System32 for sure, and i use this ver:
openssl-1.0.2h-x64_86-win64

Why do your application must be built using static libraries?

Enabling linking with run-time packages fix a lot of issues
in RAD Studio apps inn general not just this one.

Now, I am dealing with BPLs as another .Net framework
that needs to be deployed with my apps.

If you think it through, adding more files to your app to save
you time and makes you get rid of any extra headache is good
for your productivity.

--
The limits of my language mean the limits of my world
Legend
Helpful Answer (5 pts)
Correct Answer (10 pts)

Server Response from: ETNAJIVE02