Could not load OpenSSL library.

[rvk 33]

20 minutes ago, Remy Lebeau said:

OK, well... The fulgan mirror has been decommissioned for some time now, the GitHub repo is the official spot now.

Why is the date of the files on Fulgan updated each night?

 

Also, there seem to be trickling new versions in there occasionally.

 

Maybe a readme file there pointing to the new official spot (or at least stating it is decommissioned) would make that more clear.

 

[Remy Lebeau 1394]

23 minutes ago, rvk said:

Why is the date of the files on Fulgan updated each night?

I don't know, I thought they were done maintaining a copy, but I guess not.

23 minutes ago, rvk said:

Maybe a readme file there pointing to the new official spot (or at least stating it is decommissioned) would make that more clear.

The readme on that mirror says:

Quote

As of January 2020, the Indz source code is not available from this mirror anymore:

 

The indy source control system has been migrated to github. There is therefore no need for extra tools in order to download the latest snapshot.

 

All source code can be accessed from https://github.com/IndySockets

 

The Indy SSL libraries will remain here for the time being.

 

Edited September 19, 2023 by Remy Lebeau

[rvk 33]

10 minutes ago, Remy Lebeau said:

The readme on that mirror says:

Wait... did I really overlook that file...

Aaaargh. Yes, it's in the root.

[Stompie 2]

So it turns out that the 64 bit 1.0.2u binaries from downloaded from https://github.com/IndySockets/OpenSSL-Binaries/ also do not work on a blank Windows Server 2016 installation.

As soon as the latest version of "Microsoft Visual C++ Redistributable" (for Visual Studio 2015, 2017, 2019, and 2022) is installed on the server, they work again.

 

Edit:

It seems to look for "vcruntime140.dll"
Of which a 32bit version is availble in "C:\Windows\SysWOW64\vcruntime140.dll"
But a 64bit versions is not found.

Edited October 10, 2023 by Stompie

[DelphiUdIT 176]

I (can) have the OpenSSL binary for Windows 64 bit and Linux 64 bit, version "1.0.2zi" of 20/09/2023.

 

Only two CVE is missing ad this time ( CVE-2024-0727 and CVE-2023-6237 refer to: https://www.openssl.org/news/vulnerabilities.html ) and they are classified low severity.

 

With this release everyone use Indy are updated with security, waiting for the Indy 11.

 

OpenSSL 1.0.2zi remediates the following CVE's:

CVE-2023-3817
CVE-2023-3446
CVE-2023-0465
CVE-2023-0466
CVE-2023-0464
CVE-2023-0286
CVE-2023-0215
CVE-2022-4304
CVE-2022-2068
CVE-2022-1292
CVE-2022-0778
CVE-2021-4160
CVE-2021-3712
CVE-2021-23841
CVE-2021-23840
CVE-2021-23839
CVE-2020-1971
CVE-2020-1968
CVE-2019-1551
CVE-2019-1563
CVE-2019-1547
CVE-2019-1552
CVE-2019-1559

 

I don't know if I can share those library, since OpenSSL nothing say about binary license ... may be @Remy Lebeau  can suggest if i can post them here. Remy can post also the libraries in the Indy official repo.

Edited February 29 by DelphiUdIT

[Angus Robertson 574]

OpenSSL "1.0.2zi" is not a free public release, it is only available to organisations that pay OpenSSL for premium level support, which costs $50,000 per year. 

 

I'd guess there is a support contract involved that prevents such software being distributed outside those organisations. So it should not be published.  

 

Angus

 

[DelphiUdIT 176]

2 minutes ago, Angus Robertson said:

OpenSSL "1.0.2zi" is not a free public release, it is only available to organisations that pay OpenSSL for premium level support, which costs $50,000 per year. 

 

I'd guess there is a support contract involved that prevents such software being distributed outside those organisations. So it should not be published.  

 

Angus

 

Thanks very much. I knew that the source is not public available, but I was hoping the DLLs could be distributed.