4
votes

What is the process of upgrading Indy library written in Delphi to use the latest OpenSSL library having the newest features (eg. TLS v1.3)?

The last version of Indy library I found uses libssl32.dll and ssleay32.dll DLLs. The latest OpenSSL library produces libssl-1_1.dll and libcrypto-1_1.dll DLLs. By changing the DLL names in Indy libray the dynamic loading of OpenSSL DLLs fails because many functions defined in Indy do not match the functions of OpenSSL DLLs. Thus OpenSSL API was changed.

A far as I understand Delphi source files IdSSL*.pas of Indy library should be upgraded:

  • IdSSL.pas
  • IdSSLDotNET.pas
  • IdSSLOpenSSL.pas
  • IdSSLOpenSSLHeaders.pas
  • IdSSLOpenSSLHeaders_static.pas
  • IdSSLOpenSSLUtils.pas
3

3 Answers

8
votes

As you observed, OpenSSL 1.1 has another API. Currently, Indy only uses 1.0 calls, and don't use 1.1 specific features like asynchronous processing. And let Indy switch to Open SLL 1.1 would be a big refactoring (see Remy comments below).

But the OpenSSL DLLs used by Indy are not deprecated. The Fulgan Reference WebSite has currently e.g. openssl-1.0.2o-i386-win32.zip which is the latest stable revision available on the branch, as stated by the official OpenSSL source code. You are confusing branches (1.0 vs 1.1 = API changes) and revisions (1.0.2a vs 1.0.2o = new fixes).

So don't worry about it. If you use Indy with a proper Cypher Names list and latest Fulgan DLLs, you are pretty up-to-date and safe. Sometimes safer than some old Linux distribution, which may lag behind with the revision shipped with the system. Even TLS 1.3 is still far from being mandatory, since it is not yet enabled on client sides. I am sure Indy team will support 1.1 when some of its features becomes mandatory (or switch to Windows SChannel API).

3
votes

OpenSSL 1.1 is almost ready to use with newest revision of Indy (master Branch). Look at this link to Indy github page: https://github.com/IndySockets/Indy/pull/299

1
votes

Due API incompatibilities between the OpenSSL library with the newest features 1.1.x and supported OpenSSL library 1.0.x, Indy code have to be reworked. There is no simple/common process for such upgrade.