My Win32 program fails after an upgrade from OpenSSL 1.02f to 1.02g.
I made sure to reboot after the upgrade, and I have verified that the correct libeay32.dll
, libssl32.dll
, and ssleay32.dll
are in C:\Windows\SysWOW64
(and it does not help either if I copy them to my app directory).
var
lIOHandleSSL : TIdServerIOHandlerSSLOpenSSL;
FWebBrokerBridge : TIdHTTPWebBrokerBridge; // = class(TIdCustomHTTPServer)
begin
FWebBrokerBridge := TIdHTTPWebBrokerBridge.Create(Self);
LIOHandleSSL := TIdServerIOHandlerSSLOpenSSL.Create(FWebBrokerBridge); // LIOHandleSSL.SSLOptions.method is sslvTLSv1
LIOHandleSSL.SSLOptions.CertFile := ...
LIOHandleSSL.SSLOptions.RootCertFile := ...
LIOHandleSSL.SSLOptions.KeyFile := ...
LIOHandleSSL.OnGetPassword := HTTPSIOHandlerSSLOpenSSLGetPassword;
FWebBrokerBridge.IOHandler := LIOHandleSSL;
FWebBrokerBridge.Active := true;
The error is EIdOSSLCouldNotLoadSSLLibrary: Could not load SSL library
on the 'Active' statement.
What can be going on, and how to fix it?
It's a Delphi XE2 app, the Indy version is 10.5.8.0
FWIW Here is the OpenSSL 1.02g changelog
[Edited to add]
- We use this OpenSSL binary installer.
- I added the WhichFailedToLoad() function (from IdSSLOpenSSLHeaders.pas
) and it returns the following string: SSLv2_method,SSLv2_server_method,SSLv2_client_method
- I have removed the description of my certificate files from this question. Ken White correctly remarked that the code is not at the stage yet where the certs are loaded
This is covered here: http://www.indyproject.org/sockets/blogs/changelog/20150907.en.aspx
In summary, SSLv2 is not secure, so some distributors of OpenSSL disable SSL2. You appear to be using such an OpenSSL. Older versions of Indy regard the following functions as critical:
SSLv2_method
SSLv2_server_method
SSLv2_client_method
These versions of Indy will fail to load if these functions are not exported by the OpenSSL DLLs.
To get past this problem you will need to do one of the following: