[Lazarus] Email sending program using Indy stopped working - seems to be an SSL problem

Tony Whyman tony.whyman at mccallumwhyman.com
Sat Jan 13 18:16:42 CET 2024


I came across a similar problem recently with Indy and did some 
research. There is a proposed patch to support Openssl 1.1.1 and hence 
TLS1.3. This is discussed on github under

https://github.com/IndySockets/Indy/pull/299

with a proposed patch published under

https://github.com/mezen/Indy/tree/NewOpenSSL_PR

I have tested this proposed patch out with Lazarus/fpc. It is clearly 
work in progress and seems to have been frozen while a proper upgrade to 
Openssl 3.2. is developed. There is little by the way of additional 
documentation. However, I did get it working as a code library by

1. Adding to the unit path, in addition to the usual <indypath>Lib/Core, 
Lib/Protocols and Lib/System, the

<indypath>Lib/Protocols/OpenSSL

<indypath>Lib/Protocols/OpenSSL/dynamic

directories, and adding to the include path

<indy path>/Lib/FCL

2. Using the IdOpenSSLIOHandlerClient unit instead of the 
IdSSL,IdSSLOpenSSLunits.

3. For an http client using the TIdOpenSSLIOHandlerClient class instead 
of the TIdSSLIOHandlerSocketOpenSSLclass as the httpclient's SSLHandler 
(no need for any options).

4. compiling and fixing a compile time bug (stray ':' after and "out").

In my test program all then seemed to work fine with OpenSSL 1.1.1. and 
the updated Indy source.

On 13/01/2024 08:30, Michael Van Canneyt via lazarus wrote:
>
>
> On Sat, 13 Jan 2024, Bo Berglund via lazarus wrote:
>
>> I wrote a commit reporting application for Windows Server16 back in 
>> 2018 using
>> then current Lazarus/Fpc.
>> It is a command line program called from a hook in subversion to 
>> distribute the
>> log message and details of commits among co-workers.
>>
>> It uses Indy 10.6.2 to do its job.
>> The mailer class has these in uses:
>>  {Indy units:}
>>  IdSMTP,
>>  IdMessage,
>>  IdEMailAddress,
>>  IdIOHandler,
>>  IdIOHandlerSocket,
>>  IdIOHandlerStack,
>>  IdSSL,
>>  IdSSLOpenSSL,
>>  IdExplicitTLSClientServerBase,
>>  IdMessageBuilder,
>>
>> Back mid-december 2023 the emails stopped arriving but the problem 
>> was not
>> discovered/reported until I myself recently did a commit and I did 
>> not get the
>> expected log message email...
>>
>> Now I have looked in the logfiles the application creates and found 
>> this error
>> example:
>>
>> 20240111 17:13:35.343 Connecting to mailserver
>> 20240111 17:13:36.590 EXCEPTION: In SendSvnMessage = Error connecting 
>> with SSL.
>> error:1409442E:SSL routines:ssl3_read_bytes:tlsv1 alert protocol version
>>
>> Can someone please advice:
>> - Is there an external (dll?) file on Windows Server 2016 might need 
>> to be
>> updated for ssl to work in email handling using Indy10 with SSL?
>
> Indy 10 uses a completely outdated version of the SSL library, which does
> not have the most recent cryptographic routines (notably for tls).
>
> Most likely the server was updated and now rejects this old version.
>
> There is of course a new version of the openssl library (3.2.x).
> The interface of that library changed, but to the best of my 
> knowledge, indy does not support it.
>
> The sgcWebSockets suite has an updated version of openssl which should 
> be able to
> support openssl 3, but that is paying software..
>
> Michael.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lazarus-ide.org/pipermail/lazarus/attachments/20240113/9cc369f6/attachment-0001.htm>


More information about the lazarus mailing list