Indy “Could not load SSL library” Delphi XE2 IW14

5
votes

I know this question has been asked before but none of the answers seem to be appropriate for this situation.

I'm using a TIdHttp component with an SSL handler. My code is as follows:

  idHTTPClient := TIdHTTP.Create(nil);
  ioHnd := TIdSSLIOHandlerSocketOpenSSL.Create(nil);
  ioHnd.DefaultPort := iSSL_PORT;
  ioHnd.SSLOptions.Mode := sslmClient;
  idHTTPClient.IOHandler := ioHnd;
  idHTTPClient.Request.AcceptEncoding := 'gzip,deflate,identity';
  idHTTPClient.Request.BasicAuthentication := False;

  try
    idHTTPClient.Post(FFQDN, stmRequest, stmResponse);
  except
    on E:Exception do
    begin
      if IdSSLOpenSSLHeaders.WhichFailedToLoad <> '' then
      begin
        AddMsg('Failed to load file ' + IdSSLOpenSSLHeaders.WhichFailedToLoad + '. ' + E.Message);
      end;
    end;
  end;

There are three versions of the ssleay32 and libeay32.dll files on the machine. One set is in the same folder as my executable (V1.0.0.5). One set is in the Apache bin folder (V0.9.8.20) and one set is in C:\Windows\SysWOW64 (no version but dated 2003).

When the app starts it runs fine. But after a few days the Post call starts to fail with "Could not load SSL library". The files which fail to load are:

SSL_SESSION_get_id,SSL_COMP_get_compression_methods

Once this problem starts to happen it won't go away until the app is restarted. Then it works fine again for another few days.

It would seem to me that for some reason the dlls being loaded change after a few days. How could this happen and what could I do to ensure the correct files are loaded every time?

1
delphisslindy
Antivirus possibly? Try disabling any antivirus software.Jerry Dodge
OpenSSL can perform poorly on Windows. The OpenSSL devs don't understand DLLs an be loaded, unloaded and reloaded on Windows. Its caused a lot of problem on occasion because OpenSSL does not believe it has to clean up properly (based on the false assumption the memory is reclaimed because the process is closing). One of the variables that leaks is ssl_comp_methods. See Bug 2439 and Bug 2561. Try disabling compression. Plus, comp leaks info.jww
@jww That also contributes to issues when one needs to replace one of the DLL's - gives Access Denied error because the DLL is stuck in memory (although no application is using it anymore).Jerry Dodge
@jww: Indy dynamically loads OpenSSL DLLs at runtime, and once loaded it keeps them loaded until app shutdown, unless the app manually calls UnLoadOpenSSLLibrary() directly. As for the "Can not load SSL library" error, that means Indy could not retrieve the specified function pointers via GetProcAddress(). So these errors have nothing to do with how OpenSSL implements the functions, but whether they are even exported at all. If a newer DLL version get loaded and unloaded, and then an older version got loaded, that could cause these problems.Remy Lebeau

1 Answers

0
votes

Ideally, delete all the other versions of OpenSSL DLLs on your machine to ensure that your app always finds the correct DLL. Its the multiple versions and processes (Apache) loading these different versions that is causing the conflict.