OpenSSL 1.0.2.g更新打破我的Delphi应用程序 [英] OpenSSL 1.0.2.g update breaks my Delphi app

问题描述

我的Win32程序从OpenSSL 1.02f升级到1.02g后失败。

我确保在升级后重新启动，并且我已经验证了正确的 libeay32。 dll ， libssl32.dll 和 ssleay32.dll 位于 C：\Windows \SysWOW64 （如果我将它们复制到我的应用程序目录，它也没有帮助）。

My Win32 program fails after an upgrade from OpenSSL 1.02f to 1.02g.
I made sure to reboot after the upgrade, and I have verified that the correct libeay32.dll, libssl32.dll, and ssleay32.dll are in C:\Windows\SysWOW64 (and it does not help either if I copy them to my app directory).

var
  lIOHandleSSL      : TIdServerIOHandlerSSLOpenSSL;
  FWebBrokerBridge  : TIdHTTPWebBrokerBridge;       // = class(TIdCustomHTTPServer)
begin    
  FWebBrokerBridge := TIdHTTPWebBrokerBridge.Create(Self);    
  LIOHandleSSL := TIdServerIOHandlerSSLOpenSSL.Create(FWebBrokerBridge);    // LIOHandleSSL.SSLOptions.method is sslvTLSv1
  LIOHandleSSL.SSLOptions.CertFile     := ...
  LIOHandleSSL.SSLOptions.RootCertFile := ...
  LIOHandleSSL.SSLOptions.KeyFile      := ...
  LIOHandleSSL.OnGetPassword := HTTPSIOHandlerSSLOpenSSLGetPassword;
  FWebBrokerBridge.IOHandler := LIOHandleSSL;
  FWebBrokerBridge.Active := true;

错误是 EIdOSSLCouldNotLoadSSLLibrary：无法加载SSL库

The error is EIdOSSLCouldNotLoadSSLLibrary: Could not load SSL library on the 'Active' statement.

这是一个Delphi XE2应用程序，Indy版本是10.5.8.0

It's a Delphi XE2 app, the Indy version is 10.5.8.0

FWIW 这里是OpenSSL 1.02g更改日志

- 我们使用 css> ），它返回以下字符串： SSLv2_method，SSLv2_server_method，SSLv2_client_method

- 我已从此问题中删除了我的证书文件的描述。 Ken White正确地指出，代码不处于加载证书的阶段。

- We use this OpenSSL binary installer.
- I added the WhichFailedToLoad() function (from IdSSLOpenSSLHeaders.pas) and it returns the following string: SSLv2_method,SSLv2_server_method,SSLv2_client_method
- I have removed the description of my certificate files from this question. Ken White correctly remarked that the code its not at the stage yet where the certs are loaded

推荐答案

href =http://www.indyproject.org/sockets/blogs/changelog/20150907.en.aspx =nofollow> http://www.indyproject.org/sockets/blogs/changelog/20150907.en .aspx

This is covered here: http://www.indyproject.org/sockets/blogs/changelog/20150907.en.aspx

总之，SSLv2不安全，因此OpenSSL的某些发布商禁用SSL2。您似乎使用这样的OpenSSL。旧版本的Indy将以下功能视为关键：

In summary, SSLv2 is not secure, so some distributors of OpenSSL disable SSL2. You appear to be using such an OpenSSL. Older versions of Indy regard the following functions as critical:

• SSLv2_method


• SSLv2_server_method


• SSLv2_client_method

• SSLv2_method
• SSLv2_server_method
• SSLv2_client_method

如果这些函数未由OpenSSL DLL导出，则这些版本的Indy将无法加载。

These versions of Indy will fail to load if these functions are not exported by the OpenSSL DLLs.

要解决此问题，您需要执行以下操作之一：

To get past this problem you will need to do one of the following:

• 查找不禁用SSLv2的OpenSSL DLL。


• 升级到可以处理SSLv2被停用的Indy版本。


• 升级到Delphi 10西雅图更新1，其中包括Indy修订5311是处理这个问题的最早的Delphi版本。

这篇关于OpenSSL 1.0.2.g更新打破我的Delphi应用程序的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！