Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Indy 10 + OpenSSL: error:140A90F1:lib(20):func(169):reason(241)
(09-03-2020, 09:55 AM) Wrote:
  IOHandler.SSLOptions.SSLVersions := [sslvSSLv2, sslvSSLv23, sslvSSLv3, sslvTLSv1,sslvTLSv1_1,sslvTLSv1_2];

You should NOT be specifying sslvSSLv2, sslvSSLv23, or sslvSSLv3 at all. SSLv2 and SSLv3 are deprecated and unsecure, nobody uses them anymore. And SSLv23 is a wildcard you should not be using directly, Indy uses it internally. So, just stick with the TLS versions only.

(09-03-2020, 09:55 AM) Wrote:
  Request := TIdHTTPRequest.Create( Http );

There is no need to create a TIdHTTPRequest object manually. TIdHTTP will handle that for you. Simply use the TIdHTTP.Request property as-is when setting sub-properties, eg:

Http := TIdHttp.Create(nil);
Http.Request.UserAgent := UserAgent;

(09-03-2020, 09:55 AM) Wrote: When I am executing the code for a first time, everything is OK.
But, on second code execution(in other thread), I received the following exception core:

Why are you using TIdHTTP across thread boundaries?

(09-03-2020, 09:55 AM) Wrote: After some google research, I found this:

and modify Indy code like described:

  // create new SSL context
  fContext := SSL_CTX_new(SSLMethod);
  if fContext = nil then begin
    fContext := SSL_CTX_new(SSLMethod);
    if fContext = nil then
  //set SSL Versions we will use

and now everything works fine.

Is this OK?

Indy already calls OpenSSL_add_all_digests() when it loads the OpenSSL DLLs into memory (see the LoadOpenSSLLibrary() function in IdSSLOpenSSL.pas). There should be no need to call OpenSSL_add_all_digests() again.

Also, the message you linked to was never answered by the libcurl author, and looking at the libcurl source code, the proposed change was never merged in. The message author stated what the root problem was:

Quote:I found that EVP_get_digestbyname() return NULL because list digest is NULL, function EVP_cleanup() was called before.

Which would imply a bug elsewhere in whatever code is deciding to call EVP_cleanup() prematurely.

Indy calls EVP_cleanup() only when it is unloading the OpenSSL DLLs from memory (see the Unload() function in IdSSLOpenSSLHeaders.pas).

So no, I'm not inclined to add this SSL_CTX_new() "fix" to Indy, when the root cause is clearly elsewhere and should be fixed in that code instead. If this is indeed a bug in Indy itself at all, and not something else in your app that is also using OpenSSL and cleaning it up prematurely.

(09-03-2020, 09:55 AM) Wrote: if it is, how to modify Indy source code

You would have to submit a Pull Request on GitHub.

(09-03-2020, 09:55 AM) Wrote: is there some bug tracker or whatever, to create issue?



Messages In This Thread
RE: Indy 10 + OpenSSL: error:140A90F1:lib(20):func(169):reason(241) - by rlebeau - 09-03-2020, 04:55 PM

Forum Jump:

Users browsing this thread: 1 Guest(s)