Delphi 11.3 - Indy - OpenSSL 3.1

[AndreL 0]

Hi,

 

FYI ,I updated from OpenSSL 1.1.1 (https://github.com/IndySockets/Indy/files/5029069/OpenSSL.zip)  to OpenSSL 1.3 on windows 32bits

 

I updated the following file: IdOpenSSLConsts.pas

 {$IFDEF WINDOWS}
        {$IFDEF CPU32_old}'libcrypto-1_1.dll'{$ENDIF}
        {$IFDEF CPU32}'libcrypto-3.dll'{$ENDIF}
        {$IFDEF CPU64}_old)'libcrypto-1_1-x64.dll'{$ENDIF}

        {$IFDEF CPU64}'libcrypto-3-x64.dll'{$ENDIF}
  {$ELSE}

{$IFDEF WINDOWS}
        {$IFDEF CPU32_old}'libssl-1_1.dll'{$ENDIF}
        {$IFDEF CPU32}'libssl-3.dll'{$ENDIF}
        {$IFDEF CPU64_old}'libssl-1_1-x64.dll'{$ENDIF}

        {$IFDEF CPU64}'libssl-3-x64.dll'{$ENDIF}
      {$ELSE}

 

 

Replacing libcrypto-1_1 and libssl-1_1 dlls by libcrypto-3 and libssl-3 in the application folder.

 

NB: as libeay32.dll et ssleay32.dl are also removed, the call to OpenSSLVersion is returning an empty string.

I don't know how to update this one.

 

Application is running fine so far, including with TLS1.3 towards an Apache server.

 

[Angus Robertson 574]

OpenSSL 3.0 and 3.1 are reasonably compatible with 1.1.1 for TLS, although a number of older algorithms have moved to legacy.dll which has to be loaded if you need MD5 and such stuff.

 

SSL_get_peer_certificate is now SSL_get1_peer_certificate, and there are some other similar changes with 0 or 1 to make clear whether memory should be freed. 

 

3.0 also added providers instead of engines and deprecated a large number of functions with better versions, but they still work for now.

 

Angus

 

[Remy Lebeau 1396]

6 hours ago, AndreL said:

https://github.com/IndySockets/Indy/files/5029069/OpenSSL.zip

That zipped code was submitted by another user on a comment to the open PR in Indy's repo.  I don't think that code was every merged into the repo where the PR originates from: https://github.com/mezen/Indy/tree/NewOpenSSL_PR (see https://github.com/mezen/Indy/issues/12).