mkg 0 Posted November 12, 2022 (edited) Hi all! In my application, maked with C++ Builder 2009, I used Synapse HTTP library for REST API requests. But with any URLs (https), and if my application run on my VPS server, requests always aborted with error: 500 Sock: 10091 error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error 336032824 500 Sock: 10091 error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol 336031996 ... I couldn't fix this errors. Then I try to use different HTTP library. The choice fell on Overbyte ICS (file icsv858.zip) Now I have installed Overbyte ICS Design-Time Package C++ Builder 2009. I maked sample project OverbyteIcsHttpsTst which was in the archive with the library. The project compiles without errors. On my home computer (Windows 8.1) where is installed C++ Builder 2009 ... - If I run this sample application with URLs http:// (for example http://synapse.ararat.cz) I have normal result. By default, application form has edit boxes with Certificate Files and keys: "01cert.pem" "01key.pem" "cacert.pem". - If I run this sample application with any URLs with https:// (for example https://google.com) and that edit boxes remain default values I have error: EAccessViolation: Access violation at address 0043F3C5 in module 'OverbyteIcsHttpsTst.exe'. Read of address 00000030 Request done, error #3 - If I run this sample application with URLs https:// and that edit boxes will be empty I have no error. On VPS server (Windows Server 2012) where is no installed C++ Builder 2009 ... - If I run this sample application with URLs http:// I have normal result. - If I run this sample application with URLs https:// and that edit boxes will be default or empty I have error: EAccessViolation: Access violation at address 0043F3C5 in module 'OverbyteIcsHttpsTst.exe'. Read of address 00000030 Request done, error #3 It's the same error I have in home with non-zero edit boxes. Can anyone help to fix this errors? Edited November 12, 2022 by mkg Share this post Link to post
Angus Robertson 526 Posted November 12, 2022 Your main problem is trying to use old software in a world where security changes need newer software. The SSL error you got is almost certainly because the application was using obsolete SSL protocols that are no longer supported, only TLSv1.2 and TLSv1.3 are acceptable today, and the latter needs software released in the last two years, V8.58 is four years old and will be packaged with obsolete versions of OpenSSL and default protocols. You should be using V8.70. Also we have not updated or tested the C++ samples for 10 years, so they need updating to use the latest protocols, you need to compare the Delphi samples and see what changes have been made in 10 years. Sorry, the ICS authors don't support C++, that can only be done by users of the component. Angus Share this post Link to post
mkg 0 Posted November 12, 2022 (edited) 7 hours ago, Angus Robertson said: Your main problem is trying to use old software in a world where security changes need newer software. The SSL error you got is almost certainly because the application was using obsolete SSL protocols that are no longer supported, only TLSv1.2 and TLSv1.3 are acceptable today, and the latter needs software released in the last two years, V8.58 is four years old and will be packaged with obsolete versions of OpenSSL and default protocols. You should be using V8.70. Also we have not updated or tested the C++ samples for 10 years, so they need updating to use the latest protocols, you need to compare the Delphi samples and see what changes have been made in 10 years. Sorry, the ICS authors don't support C++, that can only be done by users of the component. Angus Thanks for the info! Edited November 12, 2022 by mkg Share this post Link to post
mkg 0 Posted November 18, 2022 On 11/12/2022 at 12:40 PM, Angus Robertson said: Your main problem is trying to use old software in a world where security changes need newer software. The SSL error you got is almost certainly because the application was using obsolete SSL protocols that are no longer supported, only TLSv1.2 and TLSv1.3 are acceptable today, and the latter needs software released in the last two years, V8.58 is four years old and will be packaged with obsolete versions of OpenSSL and default protocols. You should be using V8.70. Also we have not updated or tested the C++ samples for 10 years, so they need updating to use the latest protocols, you need to compare the Delphi samples and see what changes have been made in 10 years. Sorry, the ICS authors don't support C++, that can only be done by users of the component. Angus I installed V8.70. I created a new project, put TSslHttpRest on the form and was able to get a successful compilation and linking. To do this, among other things, I had to connect a copy of the OverbyteIcsWinCrypt.hpp file to the project and comment out a number of lines in it to avoid errors. I included the files libssl-3.dll and libcrypto-3.dll to the project. void __fastcall TForm1::Button1Click(TObject *Sender){ AnsiString ss; int ii; short nn; bool async; ss="..\\OpenSSL-Win32//"; GSSL_DLL_DIR=ss; //GSSLEAY_DLL_IgnoreNew=true; // { ignore OpenSSL 3.0 and later } GSSLEAY_DLL_IgnoreOld=false; ss="https://google.com"; THttpRequest req=httpGET; AnsiString raw_prams=""; async=false; //async=true; SslHttpRest1->RestParams->Clear(); ii=-1; ii=SslHttpRest1->RestRequest(req, ss, async, raw_prams); ii=SslHttpRest1->StatusCode; // 200 Edit1->Text=IntToStr(ii); ss=SslHttpRest1->ContentType; ss=SslHttpRest1->ResponseRaw; } I got the code working, but the application required the libssl-3.dll and libcrypto-3.dll files. Then I downloaded YuOpenSSL. As I understand it, the file YuOpenSSL\D2009\YuOpenSSL.dcu must be linked on build application (CB2009 is not there). I tried to do as it is written in ReadMe8.txt. In the Library Path project setup, I added the path to file YuOpenSSL.dcu. I had to connect a copy of the OverbyteIcsDefs.inc file to the project and replace {.DEFINE YuOpenSSL} to {$DEFINE YuOpenSSL}. But working code still requires the files libssl-3.dll and libcrypto-3.dll. Could you tell me what I did wrong and how to do it right? Share this post Link to post
Angus Robertson 526 Posted November 18, 2022 Quote I got the code working, but the application required the libssl-3.dll and libcrypto-3.dll files. Then I downloaded YuOpenSSL. The latest OpenSSL DLL files can be downloaded from the same site you found ICS V8.70, they are also included in that zip, in the Samples\Delphi\SslInternet\ directory and in OpenSSL-Win32\. You need to copy the DLLs into the same directory as your EXE and leave GSSL_DLL_DIR blank, no idea what path you are trying to set. YuOpenSSL is an alternative commercial product that avoids needing DLLs, you don't need it to use ICS. Angus Share this post Link to post
mkg 0 Posted November 18, 2022 10 hours ago, Angus Robertson said: The latest OpenSSL DLL files can be downloaded from the same site you found ICS V8.70, they are also included in that zip, in the Samples\Delphi\SslInternet\ directory and in OpenSSL-Win32\. You need to copy the DLLs into the same directory as your EXE and leave GSSL_DLL_DIR blank, no idea what path you are trying to set. YuOpenSSL is an alternative commercial product that avoids needing DLLs, you don't need it to use ICS. Angus I meant that my example will work successfully in another place only if there are DLL files next to it. Otherwise, we get the code 404. I'm used to the fact that my programs can work independently in any place where there is Windows and the Internet. So it was when using the Synapse library. Therefore, it would be preferable for me to create an application that also works independently. I'm not going to sell my application. It is for personal use. In the terms of the YuOpenSSL license, I read that free use is possible for such cases. Share this post Link to post
Angus Robertson 526 Posted November 19, 2022 OK, YuOpenSSL does solve the DLL problem, although your application installer should ensure it's not really a problem anyway. I'm aware there are trial and commercial versions of YuOpenSSL, and that the trial version of other components expire in spectacular manner, so I would check the trial lasts more than a few weeks, and you can get new trial versions with security fixes. Angus Share this post Link to post
![Delphi-PRAXiS [en]](https://en.delphipraxis.net/uploads/monthly_2018_12/logo.png.be76d93fcd709295cb24de51900e5888.png){kind=logo}
