Atozed Forums Indy Indy General Discussion v
Indy 10 + OpenSSL: error:140A90F1:lib(20):func(169):reason(241)

Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Thread Modes
Indy 10 + OpenSSL: error:140A90F1:lib(20):func(169):reason(241)
rlebeau Offline
Indy Team Member
****
Posts: 606
Threads: 1
Joined: Mar 2018
Reputation: 35
Location: USA
#2
09-03-2020, 04:55 PM (This post was last modified: 09-03-2020, 05:01 PM by rlebeau.)
(09-03-2020, 09:55 AM)ZGabrovski@gmail.com Wrote:
Code:
  IOHandler.SSLOptions.SSLVersions := [sslvSSLv2, sslvSSLv23, sslvSSLv3, sslvTLSv1,sslvTLSv1_1,sslvTLSv1_2];

You should NOT be specifying sslvSSLv2, sslvSSLv23, or sslvSSLv3 at all. SSLv2 and SSLv3 are deprecated and unsecure, nobody uses them anymore. And SSLv23 is a wildcard you should not be using directly, Indy uses it internally. So, just stick with the TLS versions only.

(09-03-2020, 09:55 AM)ZGabrovski@gmail.com Wrote:
Code:
  Request := TIdHTTPRequest.Create( Http );

There is no need to create a TIdHTTPRequest object manually. TIdHTTP will handle that for you. Simply use the TIdHTTP.Request property as-is when setting sub-properties, eg:

Code:
Http := TIdHttp.Create(nil);
Http.Request.UserAgent := UserAgent;

(09-03-2020, 09:55 AM)ZGabrovski@gmail.com Wrote: When I am executing the code for a first time, everything is OK.
But, on second code execution(in other thread), I received the following exception core:

Why are you using TIdHTTP across thread boundaries?

(09-03-2020, 09:55 AM)ZGabrovski@gmail.com Wrote: After some google research, I found this:
https://curl.haxx.se/mail/lib-2018-07/0057.html

and modify Indy code like described:

Code:
  // create new SSL context
  fContext := SSL_CTX_new(SSLMethod);
  if fContext = nil then begin
    OpenSSL_add_all_digests;
    fContext := SSL_CTX_new(SSLMethod);
    if fContext = nil then
      EIdOSSLCreatingContextError.RaiseException(RSSSLCreatingContextError);
  end;
  //set SSL Versions we will use

and now everything works fine.

Is this OK?

Indy already calls OpenSSL_add_all_digests() when it loads the OpenSSL DLLs into memory (see the LoadOpenSSLLibrary() function in IdSSLOpenSSL.pas). There should be no need to call OpenSSL_add_all_digests() again.

Also, the message you linked to was never answered by the libcurl author, and looking at the libcurl source code, the proposed change was never merged in. The message author stated what the root problem was:

Quote:I found that EVP_get_digestbyname() return NULL because list digest is NULL, function EVP_cleanup() was called before.

Which would imply a bug elsewhere in whatever code is deciding to call EVP_cleanup() prematurely.

Indy calls EVP_cleanup() only when it is unloading the OpenSSL DLLs from memory (see the Unload() function in IdSSLOpenSSLHeaders.pas).

So no, I'm not inclined to add this SSL_CTX_new() "fix" to Indy, when the root cause is clearly elsewhere and should be fixed in that code instead. If this is indeed a bug in Indy itself at all, and not something else in your app that is also using OpenSSL and cleaning it up prematurely.

(09-03-2020, 09:55 AM)ZGabrovski@gmail.com Wrote: if it is, how to modify Indy source code

You would have to submit a Pull Request on GitHub.

(09-03-2020, 09:55 AM)ZGabrovski@gmail.com Wrote: is there some bug tracker or whatever, to create issue?

Yes: https://github.com/IndySockets/Indy/issues

Website Find
Reply


Messages In This Thread
RE: Indy 10 + OpenSSL: error:140A90F1:lib(20):func(169):reason(241) - by rlebeau - 09-03-2020, 04:55 PM

Forum Jump:


Users browsing this thread: 1 Guest(s)