Jump to content
limelect

FMX and https

Recommended Posts

I have an FMX project that uses TIdHTTP.

With the above i do IdHTTP1.Get(URL,FILE);

The URL is https.

Executing the above URL in window i have no problem.

Executing the above under Android emulator no problem.

 

Executing the above under REAL phone Android S6 i have an error

Error “Could not load SSL library”

I am trying to avoid ssl librey. Or can i not avoid it. 

Share this post


Link to post
Posted (edited)
2 hours ago, limelect said:

Executing the above under REAL phone Android S6 i have an error

Error “Could not load SSL library”

I am trying to avoid ssl librey. Or can i not avoid it. 

By default, Indy uses OpenSSL.  When that error happens, you can use the WhichFailedToLoad() function in the IdSSLOpenSSLHeaders unit to find out why.  But note that Indy does not support OpenSSL 1.1.x yet, so you would have to deploy OpenSSL 1.0.2 dylibs with your app, and then tell Indy where those dylibs are located at runtime via the IdOpenSSLSetLibPath() function so it can find them.  Also look at the IdOpenSSLSetCanLoadSymLinks() and IdOpenSSLSetLoadSymLinksFirst() functions to make Indy avoid loading dylibs for other non-compatible OpenSSL versions.

 

In any case, be aware that ever since Google dropped support for OpenSSL in Android 6 in favor of BoringSSL, using OpenSSL on Android is increasingly difficult.  The above MAY OR MAY NOT work, depending on the device's setup.  Indy does not support BoringSSL at this time, or any of the more official higher-level Java APIs that Google wants developers to use instead of using lower-level native libraries, like OpenSSL/BoringSSL directly.

 

The alternative is to write your own TIdSSLIOHandlerSocketBase-derived class (or find a 3rd party one) that uses whatever SSL/TLS library/API you want besides OpenSSL.  For example, there is some effort in progress to add support for LibreSSL/LibTLS to Indy, though I don't think that will help you in this particular situation, but it shows that supporting alternative SSL/TLS APIs is possible.

Edited by Remy Lebeau

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×