Welcome, Guest
Guest Settings
Help

Thread: OpenSSL latest android binaries



Permlink Replies: 37 - Last Post: May 17, 2016 5:16 PM Last Post By: Dave Nottage
Marco Cirinei

Posts: 26
Registered: 12/28/99
OpenSSL latest android binaries
Click to report abuse...   Click to reply to this thread Reply
  Posted: May 9, 2016 7:56 AM
Hi All.
According to new Google policies for Android v. 6 (new libraries for OpenSSL) I have to deploy recent libssl.so and libcrypto.so files with the Android version of my apps.
I have succesfully managed this inclusion but Google now says that "my" OpenSSL version has one or more vulnerabilities (and everyone has time to fix it until next July 11).
So, someone knows where to download a recent (1.02f/1.01r or higher) version of OpenSSL android binaries (libssl.so + libcrypto.so)?
Thanks
Marco
Remy Lebeau (Te...


Posts: 8,075
Registered: 12/23/01
Re: OpenSSL latest android binaries
Click to report abuse...   Click to reply to this thread Reply
  Posted: May 9, 2016 1:46 PM   in response to: Marco Cirinei in response to: Marco Cirinei
Marco wrote:

According to new Google policies for Android v. 6 (new libraries for
OpenSSL) I have to deploy recent libssl.so and libcrypto.so files with
the Android version of my apps.

Unfortunately, that will not work :(

Google is not using a new version of OpenSSL, they are using a forked version
called BoringSSL, making all kinds of changes to its API, breaking backwards
compatibility. And to make matters worse, this forked library is using the
same filenames as OpenSSL, and the libraries are pre-loaded at device startup.
So even if you deployed actual OpenSSL libraries with your app, they would
never get loaded because the pre-loaded BoringSSL library would take priority.

I have succesfully managed this inclusion but Google now says that
"my" OpenSSL version has one or more vulnerabilities (and everyone has
time to fix it until next July 11).

If you have managed to actually load OpenSSL at runtime despite BoringSSL's
presence, do tell how you did it! Or, is Google merely validating your app
executable, and not actually running it?

So, someone knows where to download a recent (1.02f/1.01r or higher)
version of OpenSSL android binaries (libssl.so + libcrypto.so)?

Even if you could find it (which AFAIK, nobody has yet), I don't think it
will work on Android 6+ devices.

--
Remy Lebeau (TeamB)
Marco Cirinei

Posts: 26
Registered: 12/28/99
Re: OpenSSL latest android binaries
Click to report abuse...   Click to reply to this thread Reply
  Posted: May 9, 2016 11:57 PM   in response to: Remy Lebeau (Te... in response to: Remy Lebeau (Te...
Remy Lebeau (TeamB) wrote:
Marco wrote:

According to new Google policies for Android v. 6 (new libraries for
OpenSSL) I have to deploy recent libssl.so and libcrypto.so files with
the Android version of my apps.

Unfortunately, that will not work :(

Hi Remy, this is what I've already done.

I've some Delphi Apps in which I use a TIdSSLIOHandlerSocketOpenSSL to connect to an ISAPI server with https.

After many reports of my apps crashing if installed in Android 6 devices I've searched the net for some tips and the couple of needed .so compiled files, 1.02 version, added the two files to the play store deployment of my apps (assets\internal) and changed the Indy's path calling

IdOpenSSLSetLibPath(TPath.GetDocumentsPath)

in the OnCreate of my datamodule.

After those modifications of my code my Apps run perfectly on my brand new S7 with Android 6.0.1, and on all the other recent Android devices (tested using the Play Store deployment).

And now the Google warning pops up telling me that the OpsnSSL files deployed with my apps are not of the minimum required 1.02f version (or 1.01r).... and so my post in this forum.

Is my solution not correct?

Thanks for your help.
Marco

Edited by: Marco Cirinei on May 10, 2016 8:58 AM

Edited by: Marco Cirinei on May 10, 2016 8:59 AM
Mida Converter

Posts: 68
Registered: 6/2/12
Re: OpenSSL latest android binaries
Click to report abuse...   Click to reply to this thread Reply
  Posted: May 10, 2016 5:30 AM   in response to: Marco Cirinei in response to: Marco Cirinei
Hi Marco

Can you share two .so files of SSL ? or where did you find them ?
Marco Cirinei

Posts: 26
Registered: 12/28/99
Re: OpenSSL latest android binaries
Click to report abuse...   Click to reply to this thread Reply
  Posted: May 10, 2016 6:17 AM   in response to: Mida Converter in response to: Mida Converter
Mida Converter wrote:
Hi Marco

Can you share two .so files of SSL ? or where did you find them ?

Hi Mauro,
I've tryied two couples of .so files. The first couple, I think, is the couple you point in your google+ group post.

Anyway you can download here the latest .so files, the ones that I deploy at this moment:
https://drive.google.com/file/d/0B7AxqW32K0oXWW9nUk9qaFpHT0k/view?usp=sharing

Please share the conclusion of your problem.
Marco
Remy Lebeau (Te...


Posts: 8,075
Registered: 12/23/01
Re: OpenSSL latest android binaries
Click to report abuse...   Click to reply to this thread Reply
  Posted: May 10, 2016 11:42 AM   in response to: Marco Cirinei in response to: Marco Cirinei
Marco wrote:

I've tryied two couples of .so files. The first couple, I think, is
the couple you point in your google+ group post.

Which is where exactly?

Anyway you can download here the latest .so files, the ones
that I deploy at this moment:

Where did the files come from originally?

--
Remy Lebeau (TeamB)
Remy Lebeau (Te...


Posts: 8,075
Registered: 12/23/01
Re: OpenSSL latest android binaries
Click to report abuse...   Click to reply to this thread Reply
  Posted: May 10, 2016 12:06 PM   in response to: Marco Cirinei in response to: Marco Cirinei
Marco wrote:

Anyway you can download here the latest .so files, the ones that I
deploy at this moment:

https://drive.google.com/file/d/0B7AxqW32K0oXWW9nUk9qaFpHT0k/view?usp=sharing

Are those the same binary files that are available here?

https://github.com/emileb/OpenSSL-for-Android-Prebuilt

In particular:

https://github.com/emileb/OpenSSL-for-Android-Prebuilt/tree/master/openssl-1.0.2/armeabi-v7a/lib

--
Remy Lebeau (TeamB)
Marco Cirinei

Posts: 26
Registered: 12/28/99
Re: OpenSSL latest android binaries
Click to report abuse...   Click to reply to this thread Reply
  Posted: May 10, 2016 1:04 PM   in response to: Remy Lebeau (Te... in response to: Remy Lebeau (Te...
Remy Lebeau (TeamB) wrote:
Marco wrote:

Anyway you can download here the latest .so files, the ones that I
deploy at this moment:

https://drive.google.com/file/d/0B7AxqW32K0oXWW9nUk9qaFpHT0k/view?usp=sharing

Are those the same binary files that are available here?

https://github.com/emileb/OpenSSL-for-Android-Prebuilt

In particular:

https://github.com/emileb/OpenSSL-for-Android-Prebuilt/tree/master/openssl-1.0.2/armeabi-v7a/lib

--
Remy Lebeau (TeamB)

Remy. Chris,
yes , thanks, those seem to be exactly the binary files that I've tested on latest build of my apps.
The problem is that google tells me that those files are not, still, enough up to date.
Chris, please, if you'll finally succeed in your linux compilation share the results with this forum ;)
Thanks
Marco

Remy Lebeau (Te...


Posts: 8,075
Registered: 12/23/01
Re: OpenSSL latest android binaries
Click to report abuse...   Click to reply to this thread Reply
  Posted: May 10, 2016 1:28 PM   in response to: Marco Cirinei in response to: Marco Cirinei
Marco wrote:

yes , thanks, those seem to be exactly the binary files that
I've tested on latest build of my apps.

The problem is that google tells me that those files are not, still,
enough up to date.

But, they do work with Indy on Android 6 despite the warning? It is not
a fatal error that prevents the app from functioning correctly at runtime?

What about the static .a files? Do they work with Delphi? Or only the dynamic
.so files?

--
Remy Lebeau (TeamB)
Marco Cirinei

Posts: 26
Registered: 12/28/99
Re: OpenSSL latest android binaries
Click to report abuse...   Click to reply to this thread Reply
  Posted: May 10, 2016 1:43 PM   in response to: Remy Lebeau (Te... in response to: Remy Lebeau (Te...
{quote:title=Remy Lebeau (TeamB) wrote:}

But, they do work with Indy on Android 6 despite the warning? It is not
a fatal error that prevents the app from functioning correctly at runtime?

Yes Remy,
my apps run fine, the warning tells me that this vulnerabilities will be tolerate only until 7/11.
Here all the details:
https://support.google.com/faqs/answer/6376725


What about the static .a files? Do they work with Delphi? Or only the dynamic
.so files?

I haven't idea on how to link those .a files.
Remy Lebeau (Te...


Posts: 8,075
Registered: 12/23/01
Re: OpenSSL latest android binaries
Click to report abuse...   Click to reply to this thread Reply
  Posted: May 10, 2016 2:18 PM   in response to: Marco Cirinei in response to: Marco Cirinei
Marco wrote:

my apps run fine, the warning tells me that this vulnerabilities will
be tolerate only until 7/11.
Here all the details:
https://support.google.com/faqs/answer/6376725

That article talks about static linking to OpenSSL. Indy *dynamically
links* to OpenSSL.

I haven't idea on how to link those .a files.

Like any other external object file, using the 'external' keyword on function
declarations, and optionally the {$L} compiler directive.

--
Remy Lebeau (TeamB)
Chris Dunn

Posts: 156
Registered: 8/22/11
Re: OpenSSL latest android binaries
Click to report abuse...   Click to reply to this thread Reply
  Posted: May 10, 2016 11:51 AM   in response to: Remy Lebeau (Te... in response to: Remy Lebeau (Te...
Remy Lebeau (TeamB) wrote:
Marco wrote:

According to new Google policies for Android v. 6 (new libraries for
OpenSSL) I have to deploy recent libssl.so and libcrypto.so files with
the Android version of my apps.

Unfortunately, that will not work :(

Google is not using a new version of OpenSSL, they are using a forked version
called BoringSSL, making all kinds of changes to its API, breaking backwards
compatibility. And to make matters worse, this forked library is using the
same filenames as OpenSSL, and the libraries are pre-loaded at device startup.
So even if you deployed actual OpenSSL libraries with your app, they would
never get loaded because the pre-loaded BoringSSL library would take priority.

I have succesfully managed this inclusion but Google now says that
"my" OpenSSL version has one or more vulnerabilities (and everyone has
time to fix it until next July 11).

If you have managed to actually load OpenSSL at runtime despite BoringSSL's
presence, do tell how you did it! Or, is Google merely validating your app
executable, and not actually running it?

So, someone knows where to download a recent (1.02f/1.01r or higher)
version of OpenSSL android binaries (libssl.so + libcrypto.so)?

Even if you could find it (which AFAIK, nobody has yet), I don't think it
will work on Android 6+ devices.

--
Remy Lebeau (TeamB)

Ive been running on android 6 loading the .so libraries just fine for months. The new problem is we need to compile new versions of the openssl libraries. Cygwin is not working correctly to compile for me so im switching to a linux install to create them (if possible) https://wiki.openssl.org/index.php/Android#Build_the_OpenSSL_Library_2

heres a repository you can grab some current prebuilt ones https://github.com/emileb/OpenSSL-for-Android-Prebuilt.git

Edited by: Chris Dunn on May 10, 2016 11:59 AM
Remy Lebeau (Te...


Posts: 8,075
Registered: 12/23/01
Re: OpenSSL latest android binaries [Edit]
Click to report abuse...   Click to reply to this thread Reply
  Posted: May 10, 2016 12:24 PM   in response to: Chris Dunn in response to: Chris Dunn
Chris wrote:

Ive been running on android 6 loading the .so libraries just fine
for months.

How does that work? My understanding is that the new BoringSSL library uses
the same filenames as OpenSSL, and BoringSSL is pre-loaded, so it takes priority
over any OpenSSL binaries deployed with an app. Or does deploying to the
app's internal folder supercede that?

--
Remy Lebeau (TeamB)
Chris Dunn

Posts: 156
Registered: 8/22/11
Re: OpenSSL latest android binaries [Edit]
Click to report abuse...   Click to reply to this thread Reply
  Posted: May 11, 2016 6:47 AM   in response to: Remy Lebeau (Te... in response to: Remy Lebeau (Te...
Remy Lebeau (TeamB) wrote:
Chris wrote:

Ive been running on android 6 loading the .so libraries just fine
for months.

How does that work? My understanding is that the new BoringSSL library uses
the same filenames as OpenSSL, and BoringSSL is pre-loaded, so it takes priority
over any OpenSSL binaries deployed with an app. Or does deploying to the
app's internal folder supercede that?

--
Remy Lebeau (TeamB)

Some versions of the Android Java system loader will load the system's version of the OpenSSL library, even though you built and included a copy with your application. In this case, you might need to write a wrapper shared object and link to the static version of the OpenSSL library.
Mida Converter

Posts: 68
Registered: 6/2/12
Re: OpenSSL latest android binaries
Click to report abuse...   Click to reply to this thread Reply
  Posted: May 11, 2016 1:30 AM   in response to: Marco Cirinei in response to: Marco Cirinei
update:

i have change my code to:
IdOpenSSLSetLibPath(System.IOUtils.TPath.GetDocumentsPath);

in deployment option:
libssl.so and libcrypto.so to remote_path = assets\internal

Download SSL files ( OpenSSL 1.0.2g Android.zip )
http://www.delphipraxis.net/188736-kompilierte-openssl-bibliotheken-fuer-android.html

compiled.. and work fine on my Samsung S6 Edge 6.0.1 :-)

i have uploaded and published on Google play store, APK Correct , no Google warning. all ok.

i have downloaded from others smartphone ( android 6.0 ) my app from store and work fine.

Note:
Add System.StartUpCopy in DPR as first unit

Chris Dunn

Posts: 156
Registered: 8/22/11
Re: OpenSSL latest android binaries
Click to report abuse...   Click to reply to this thread Reply
  Posted: May 11, 2016 6:57 AM   in response to: Mida Converter in response to: Mida Converter
Mida Converter wrote:
update:

i have change my code to:
IdOpenSSLSetLibPath(System.IOUtils.TPath.GetDocumentsPath);

in deployment option:
libssl.so and libcrypto.so to remote_path = assets\internal

Download SSL files ( OpenSSL 1.0.2g Android.zip )
http://www.delphipraxis.net/188736-kompilierte-openssl-bibliotheken-fuer-android.html

compiled.. and work fine on my Samsung S6 Edge 6.0.1 :-)

i have uploaded and published on Google play store, APK Correct , no Google warning. all ok.

i have downloaded from others smartphone ( android 6.0 ) my app from store and work fine.


Thanks Mida
Remy Lebeau (Te...


Posts: 8,075
Registered: 12/23/01
Re: OpenSSL latest android binaries
Click to report abuse...   Click to reply to this thread Reply
  Posted: May 11, 2016 11:32 AM   in response to: Mida Converter in response to: Mida Converter
Mida wrote:


You have to be a registered user of that forum in order to download those
files.

--
Remy Lebeau (TeamB)
Ian Rees

Posts: 7
Registered: 6/25/12
Re: OpenSSL latest android binaries
Click to report abuse...   Click to reply to this thread Reply
  Posted: May 11, 2016 11:51 PM   in response to: Remy Lebeau (Te... in response to: Remy Lebeau (Te...
We are having the same issue trying to access our Web Service using SSL. I have tried all sorts of things to get this to work - including all of the things suggested here - but it still doesn't work.

If I could try with these files then it might work, but as Remy says, you need to be a registered user to download the files. Is there another way to get these files?

Thanks,
Ian
Marco Cirinei

Posts: 26
Registered: 12/28/99
Re: OpenSSL latest android binaries
Click to report abuse...   Click to reply to this thread Reply
  Posted: May 12, 2016 12:10 AM   in response to: Ian Rees in response to: Ian Rees
Ian Rees wrote:
We are having the same issue trying to access our Web Service using SSL. I have tried all sorts of things to get this to work - including all of the things suggested here - but it still doesn't work.

If I could try with these files then it might work, but as Remy says, you need to be a registered user to download the files. Is there another way to get these files?

Thanks,
Ian

Ian,
that forum registration is an almost istantaneous process, and is free: I did it yesterday in 2 minutes.
After this you can immediatly download the files.
Marco

Edited by: Marco Cirinei on May 12, 2016 9:10 AM
Ian Rees

Posts: 7
Registered: 6/25/12
Re: OpenSSL latest android binaries
Click to report abuse...   Click to reply to this thread Reply
  Posted: May 12, 2016 12:13 AM   in response to: Marco Cirinei in response to: Marco Cirinei
Thanks Marco. I'll give it go then...
Ian Rees

Posts: 7
Registered: 6/25/12
Re: OpenSSL latest android binaries
Click to report abuse...   Click to reply to this thread Reply
  Posted: May 12, 2016 1:24 AM   in response to: Ian Rees in response to: Ian Rees
I have the files now but sadly I am still getting the Could not load SSL library message.

Steps taken:
1. Downloaded files - libcrypto.so, libssl.so
2. Added files to project folder
3. Added files to Android Deployment - Remote Path assets\internal
4. Added IdOpenSSLSetLibPath(System.IOUtils.TPath.GetDocumentsPath) to code

I have spend a few days now trying to get this to work - out of ideas. I have tried the armeabi-v7a files and x86 files.

Am I missing anything?

Thanks,
Ian

Edited by: Ian Rees on May 12, 2016 9:25 AM
Ian Rees

Posts: 7
Registered: 6/25/12
Re: OpenSSL latest android binaries
Click to report abuse...   Click to reply to this thread Reply
  Posted: May 12, 2016 2:45 AM   in response to: Ian Rees in response to: Ian Rees
Additional information:

Using ShowMessage(WhichFailedToLoad); ( from IdSSLOpenSSLHeaders ) gives this message:

"Failed to load /data/user/0/<packagename>/files/libcrypto.so"

is that the default location of 'assets/internal'? If I deploy the files to assets/internal I was expecting that to appear in the path?

Confused...

Can anyone help?

Thanks,
Ian
Ian Rees

Posts: 7
Registered: 6/25/12
Re: OpenSSL latest android binaries
Click to report abuse...   Click to reply to this thread Reply
  Posted: May 12, 2016 5:47 AM   in response to: Ian Rees in response to: Ian Rees
More info...

ShowMessage(OpenSSLVersion) before and after setting the library path states:

BoringSSL

I need a way to override this to OpenSSL - is there a way to do this?

I'm in the UK (Wales) - not sure if that makes a difference, or if it explains why it isn't working for me and is for others?

Thanks,
Ian
Chris Dunn

Posts: 156
Registered: 8/22/11
Re: OpenSSL latest android binaries
Click to report abuse...   Click to reply to this thread Reply
  Posted: May 12, 2016 7:35 AM   in response to: Ian Rees in response to: Ian Rees
Delphi 10.1

Project file
///////////////////////////////////////////////////////////
uses
System.StartUpCopy,
System.IoUtils,
FMX.Forms,
IdSSLOpenSSLHeaders,
{$IFDEF IOS}
IdSSLOpenSSLHeaders_Static,
{$ENDIF }

{$R *.res}

begin
Application.Initialize;
{$IFDEF ANDROID}
IdOpenSSLSetLibPath(TPath.GetDocumentsPath);
{$ENDIF}
Application.CreateForm(TMainForm, MainForm);
Application.Run;
end.
/////////////////////////////////////////////////////////////

Deploy libraries in documents folder
Project -> Deployment -> All Configurations -> android platform -> Add file -> select your libraries
set remote path for files to: .\assets\internal\

add a button to your form and use
Showmessage(OpenSSLVersion);

mine shows OPENSSL 1.0.2g 1 Mar 2016
for Android 6 and down

Edited by: Chris Dunn on May 12, 2016 7:42 AM

Remy Lebeau (Te...


Posts: 8,075
Registered: 12/23/01
Re: OpenSSL latest android binaries [Edit]
Click to report abuse...   Click to reply to this thread Reply
  Posted: May 12, 2016 11:33 AM   in response to: Chris Dunn in response to: Chris Dunn
Chris wrote:

System.StartUpCopy,
...
IdOpenSSLSetLibPath(TPath.GetDocumentsPath);
...
set remote path for files to: .\assets\internal\

Thanks for that!

--
Remy Lebeau (TeamB)
Mida Converter

Posts: 68
Registered: 6/2/12
Re: OpenSSL latest android binaries
Click to report abuse...   Click to reply to this thread Reply
  Posted: May 12, 2016 7:40 AM   in response to: Ian Rees in response to: Ian Rees
Have you add System.StartUpCopy in DPR , as first unit ?

uses
System.StartUpCopy,

Chris Dunn

Posts: 156
Registered: 8/22/11
Re: OpenSSL latest android binaries
Click to report abuse...   Click to reply to this thread Reply
  Posted: May 12, 2016 7:41 AM   in response to: Mida Converter in response to: Mida Converter
Mida Converter wrote:
Have you add System.StartUpCopy in DPR , as first unit ?

uses
System.StartUpCopy,


True forgot that.
Remy Lebeau (Te...


Posts: 8,075
Registered: 12/23/01
Re: OpenSSL latest android binaries [Edit]
Click to report abuse...   Click to reply to this thread Reply
  Posted: May 12, 2016 11:18 AM   in response to: Ian Rees in response to: Ian Rees
Ian wrote:

I have the files now but sadly I am still getting the *Could not
load SSL library* message.

What does Indy's WhichFailedToLoad() function say now?

--
Remy Lebeau (TeamB)
Remy Lebeau (Te...


Posts: 8,075
Registered: 12/23/01
Re: OpenSSL latest android binaries
Click to report abuse...   Click to reply to this thread Reply
  Posted: May 12, 2016 11:08 AM   in response to: Remy Lebeau (Te... in response to: Remy Lebeau (Te...
Remy wrote:

You have to be a registered user of that forum in order to download
those files.

The Android binaries have now been posted to the Attachments forum:

https://forums.embarcadero.com/thread.jspa?messageID=824565

--
Remy Lebeau (TeamB)
Chris Dunn

Posts: 156
Registered: 8/22/11
Re: OpenSSL latest android binaries
Click to report abuse...   Click to reply to this thread Reply
  Posted: May 17, 2016 12:05 PM   in response to: Remy Lebeau (Te... in response to: Remy Lebeau (Te...
I can now compile Openssl for android. I've added 1.0.2h and 1.0.1t here

https://forums.embarcadero.com/thread.jspa?messageID=826130#826130

These are compiled with all functions and options present.
fyi to everyone you cannot compile the libraries with cygwin. you must use linux.
Remy Lebeau (Te...


Posts: 8,075
Registered: 12/23/01
Re: OpenSSL latest android binaries
Click to report abuse...   Click to reply to this thread Reply
  Posted: May 17, 2016 12:15 PM   in response to: Chris Dunn in response to: Chris Dunn
Chris wrote:

I can now compile Openssl for android. I've added 1.0.2h and 1.0.1t
here

https://forums.embarcadero.com/thread.jspa?messageID=826130

Does this differ from the 1.0.2h that I had posted yesterday?

https://forums.embarcadero.com/thread.jspa?threadID=211950

--
Remy Lebeau (TeamB)
Chris Dunn

Posts: 156
Registered: 8/22/11
Re: OpenSSL latest android binaries
Click to report abuse...   Click to reply to this thread Reply
  Posted: May 17, 2016 12:24 PM   in response to: Remy Lebeau (Te... in response to: Remy Lebeau (Te...

Does this differ from the 1.0.2h that I had posted yesterday?

yes. these were built with no switches.
works with android 4.0 and up.
build with r9d ndk

Edited by: Chris Dunn on May 17, 2016 12:25 PM
Dave Nottage

Posts: 1,298
Registered: 1/7/00
Re: OpenSSL latest android binaries
Click to report abuse...   Click to reply to this thread Reply
  Posted: May 17, 2016 5:16 PM   in response to: Chris Dunn in response to: Chris Dunn
yes. these were built with no switches.
works with android 4.0 and up.
build with r9d ndk

Thanks for your efforts, Chris.

What's the build procedure? I seem to have lost track. I note from elsewhere however, that Linux is required - I can set up a Linux VM for myself easily enough, though.

--
Dave Nottage [TeamB]
Delphi Worlds blog: http://www.delphiworlds.com/blog
David Drouin

Posts: 16
Registered: 11/11/11
Re: OpenSSL latest android binaries
Click to report abuse...   Click to reply to this thread Reply
  Posted: May 12, 2016 12:15 PM   in response to: Marco Cirinei in response to: Marco Cirinei
Can anyone confirm it works with these params.

FSSL := TIdSSLIOHandlerSocketOpenSSL.Create(nil);
FSSL.SSLOptions.Method := sslvTLSv1_2;
FSSL.SSLOptions.Mode := sslmClient;

Showmessage(OpenSSLVersion);

-> OPENSSL 1.0.2g 1 Mar 2016

ShowMessage(WhichFailedToLoad);

-> empty/nothing

only error i get is : Error connection with SSL. EOF was observed that violates the protocol.

Edited by: David Drouin on May 12, 2016 2:16 PM
Remy Lebeau (Te...


Posts: 8,075
Registered: 12/23/01
Re: OpenSSL latest android binaries [Edit]
Click to report abuse...   Click to reply to this thread Reply
  Posted: May 12, 2016 12:46 PM   in response to: David Drouin in response to: David Drouin
David wrote:

FSSL.SSLOptions.Method := sslvTLSv1_2;

That means OpenSSL will use the TLS 1.2 method exclusively and not perform
any version negotiation (using the SSLv23 method). As such, the server must
also be using a matching TLS 1.2 method (without version negotiation) or
else the handshake will fail due to a protocol mismatch (which would explain
the EOF error).

If you want to use version negotiation and just enable TLS 1.2 by itself,
do this instead:

//FSSL.SSLOptions.Method := sslvTLSv1_2;
FSSL.SSLOptions.SSLVersions := [sslvSSLv23, sslvTLSv1_2];


This will set the SSLOptions.Method to SSLv23 and remove it from the SSLOptions.SSLVersions,
leaving TLS 1.2 enabled by itself so earlier SSL/TLS versions will be disabled
during version negotiation.
{code}

--
Remy Lebeau (TeamB)
Ian Rees

Posts: 7
Registered: 6/25/12
Re: OpenSSL latest android binaries [Edit]
Click to report abuse...   Click to reply to this thread Reply
  Posted: May 12, 2016 11:33 PM   in response to: Remy Lebeau (Te... in response to: Remy Lebeau (Te...
Thank you guys for all the help!

I can confirm now that we have it working.

We created a blank project and did as suggested in your comments and it worked - correct version of SSL.

However, in my main project it still didn't work, but I noticed that I had:

{$IFDEF IOS}
IDSSLOpenSSLHeaders_Static
{$ENDIF }
IDSSLOpenSSLHeaders
IdSSLOpenSSL

at the top of my uses. So I moved them to the bottom so that they were the last units in the uses section and it works!

Thanks to everyone for the help and suggestions,
Ian
Ian Rees

Posts: 7
Registered: 6/25/12
Re: OpenSSL latest android binaries [Edit]
Click to report abuse...   Click to reply to this thread Reply
  Posted: May 13, 2016 2:31 AM   in response to: Ian Rees in response to: Ian Rees
Just to add - I suspect that our SOAP WSDL was somehow changing the SSL back to BoringSSL; placing the SSL units last seems like a good thing to do...

Thanks again,
Ian
David Drouin

Posts: 16
Registered: 11/11/11
Re: OpenSSL latest android binaries [Edit]
Click to report abuse...   Click to reply to this thread Reply
  Posted: May 13, 2016 5:19 AM   in response to: Remy Lebeau (Te... in response to: Remy Lebeau (Te...
Remy Lebeau (TeamB) wrote:
David wrote:

FSSL.SSLOptions.Method := sslvTLSv1_2;

That means OpenSSL will use the TLS 1.2 method exclusively and not perform
any version negotiation (using the SSLv23 method). As such, the server must
also be using a matching TLS 1.2 method (without version negotiation) or
else the handshake will fail due to a protocol mismatch (which would explain
the EOF error).

If you want to use version negotiation and just enable TLS 1.2 by itself,
do this instead:

//FSSL.SSLOptions.Method := sslvTLSv1_2;
FSSL.SSLOptions.SSLVersions := [sslvSSLv23, sslvTLSv1_2];


This will set the SSLOptions.Method to SSLv23 and remove it from the SSLOptions.SSLVersions,
leaving TLS 1.2 enabled by itself so earlier SSL/TLS versions will be disabled
during version negotiation.
{code}

--
Remy Lebeau (TeamB)

I should have specify that I only get this error on Android 6.0
Legend
Helpful Answer (5 pts)
Correct Answer (10 pts)

Server Response from: ETNAJIVE02