OpenSSL

OpenSSL is a software library for applications that secure communications over computer networks against eavesdropping or need to identify the party at the other end. It is widely used by Internet servers, including the majority of HTTPS websites.

 

This library is required by components based on Indy Library when a secure connection is needed. If your application requires OpenSSL, you must have necessary files in your file system before deploying your application:

 

Currently, sgcWebSockets supports: 1.0.2, 1.1 and 3.0 to 3.3 openSSL versions.

 

Platform API 1.0 API 1.1 API 3.* Static/Dynamic Linking
Windows (32-bit and 64-bit) libeay32.dll and ssleay32.dll libcrypto-1_1.dll and libssl-1_1.dll libcrypto-3.dll and libssl-3.dll Dynamic
OSX libcrypto.dylib, libssl.dylib libcrypto.1.1.dylib, libssl.1.1.dylib libcrypto.3.dylib, libssl.3.dylib Dynamic
iOS Device (32-bit and 64-bit) libcrypto.a and libssl.a libcrypto.a and libssl.a libcrypto.a and libssl.a Static
iOS Simulator libcrypto.dylib, libssl.dylib libcrypto.1.1.dylib, libssl.1.1.dylib libcrypto.3.dylib, libssl.3.dylib Dynamic
Android Device libcrypto.so, libssl.so libcrypto.so, libssl.so libcrypto.so, libssl.so Dynamic

 

 

Find below how configure openSSL libraries for every Personality:

 

 

openSSL Configurations

sgcWebSockets Indy based components allows to configure some openSSL properties. Access to the following properties:

 

 

API Version

 

Standard Indy library only allow to load 1.0.2 openSSL libraries, these libraries have been deprecated and latest openSSL releases use 1.1.1 API.

sgcWebSockets Enterprise allows to load 1.1.1 openSSL libraries, you can configure in this property which openSSL API version will be loaded. Only one API version can be loaded by process (so you can't mix openSSL 1.0.2 and 1.1.1 libraries in the same application).

 

 

LibPath

 

This property allows to set the location of openSSL libraries. This is useful for Android or OSX projects, where the location of the openSSL libraries must be set.

Accepts the following values:

 

 

 

Self-Signed Certificates

You can use self-signed certificates for testing purposes, you only need to execute the following command to create a self-signed certificate

 

openssl req -newkey rsa:2048 -new -nodes -x509 -days 3650 -keyout key.pem -out cert.pem

It will create 2 files: cert.pem (certificate) and key.pem (private key). You can combine both files in a single one. Just create a new file and copy the content of both files on the new file. So you will have an structure like this:

 

-----BEGIN PRIVATE KEY-----

....

-----END PRIVATE KEY-----

-----BEGIN CERTIFICATE-----

....

-----END CERTIFICATE-----

 

Common Errors

SSL_GET_RECORD: wrong version number

 

This error means that the server and the client are using a different version of SSL/TLS protocol, to fix it, try to set the correct version in Server and/or client component

 

Server.SSLOptions.Version

Client.TLSOptions.Version

 

SSL3_GET_RECORD: decryption failed or bad record mac

 

Usually these error is raised when:

 

1. Check that you are using the latest OpenSSL version, if is too old, update to latest supported.

2. If this error appears randomly, usually is because more than one thread is accessing to the OpenSSL connection. You can try to set NotifyEvents = neNoSync which means that the events: OnConnect, OnDisconnect, OnMessage... will be fired in the context of thread connection, this avoids some synchronization problems and provides better performance. As a down side, if for example you are updating a visual control in a form when you receive a message, you must implement your own synchronization methods because visual controls are not thread-safe.