Discussion:
OpenSSL for Windows XP and example code - how to determine and where to get ?
Add Reply
R.Wieser
2024-07-21 18:31:18 UTC
Reply
Permalink
Hello all,

I'm running into a few problems regarding OpenSSL.

1) I can't seem to find which OpenSSL version is the last one which will run
under XP.

I have tried OpenSSL v3.3.1, but when I extract the "openssl-3\x86\bin\"
folder and try try to start 'openssl.exe' I get the error that it isn't a
valid windows executable.

2) I've got OpenSSL v1.0.2 (just the DLLs), but can't seem to find example
code (a basic client) for it.

I've found a number of code samples, but no indication which version of
OpenSSL they are for. The same is goes when I look for information one any
of the DLLs functions.


This one

https://wiki.openssl.org/index.php/SSL/TLS_Client

looked to be a fit for OpenSSL v1.0.2 - it mentions that version a few times
in the page - but I than run into a brick wall because BIO_get_ssl isn't
available in v1.0.2 . :-(


Questions:

1) Where can I find a webpage where the "minimum OS" requirement is named
for the different versions of OpenSSL ?

... or at least what the last version for XP is.

2) Where can I find code samples which specify which versions(s) of OpenSSL
they are valid for.

Help?

Regards,
Rudy Wieser
Charlie Gibbs
2024-07-21 22:04:11 UTC
Reply
Permalink
On 2024-07-21, R.Wieser <***@is.invalid> wrote:

<snip>
Post by R.Wieser
1) Where can I find a webpage where the "minimum OS" requirement is named
for the different versions of OpenSSL ?
... or at least what the last version for XP is.
2) Where can I find code samples which specify which versions(s) of OpenSSL
they are valid for.
Help?
I got OpenSSL 1.0.1g working under XP several years ago, using Borland
C++ Builder 5.5. It only handles up to TLS 1.1, though. I tried
building the latest version of OpenSSL, but its code requires features
that the Borland compiler doesn't provide. I got a copy of MinGW,
which compiles the latest OpenSSL, created another makefile to build
my programs under MinGW, and made the few necessary tweaks to my code.
My programs compile with both compilers under XP, and the resulting
executables (both versions) run under any Windows version from XP
through 11. The MinGW versions support up to TLS 1.3.

I tend to not try to use every bleeding-edge option of a system,
so my C code compiles and runs under a wide range of versions.
I now have two makefiles for Win32 (plus one for Linux); makefile.w32
uses Borland and makefile.mgw uses MinGW. (Getting a Linux version
running was dead easy, since OpenSSL comes standard with Linux.)
All makefiles compile the same source module, which incorporates
maybe half a dozen #ifdefs to accomodate slight differences between
Borland and MinGW, e.g.

#ifndef MINGW

/* The following function is a wrapper for compatibility with
Borland Win32, which doesn's support SSL_get1_peer_certificate(). */

X509 *SSL_get1_peer_certificate(const SSL *ssl)
{
return(SSL_get_peer_certificate(ssl));
}
#endif /* !MINGW */
--
/~\ Charlie Gibbs | We'll go down in history as the
\ / <***@kltpzyxm.invalid> | first society that wouldn't save
X I'm really at ac.dekanfrus | itself because it wasn't cost-
/ \ if you read it the right way. | effective. -- Kurt Vonnegut
R.Wieser
2024-07-22 08:13:22 UTC
Reply
Permalink
Charlie,
Post by Charlie Gibbs
I got OpenSSL 1.0.1g working under XP several years ago, using
Borland C++ Builder 5.5. It only handles up to TLS 1.1, though.
That last part is the point of my current searching.

I would like to be able to use TLS 1.2 (and higher?) connections too, but
have zero idea if OpenSSL v1.0.2 supports it (and having a bad time trying
to find excample code to help me figure it out), or which version does, and
if its (still) compatible with XP.
Post by Charlie Gibbs
I tried building the latest version of OpenSSL, but its code requires
features that the Borland compiler doesn't provide.
As I don't have a(ny) compiler(s)* I just downloaded the Windows binaries
and worked with them.

* I'm writing Assembly, using Borlands Tasm v5. Yes, very old school. :-)


I'm getting the idea that you are statically compile OpenSSL into your
programs.

If not and you dynamically load ssleay32.dll and libeay32.dll, is there a
chance you would be willing to share those DLLs (and possibly the code using
them as well, as my sought for "example programs") ?

Yes, I would rather download those pre-compiled DLLs from a known source,
but as long as those are not available (or error-out when I try to use them)
I would not mind at all (understatement) to use yours instead.


By the way, I downloaded the "not a valid Windows executable" v3.3.1 from
here :

https://kb.firedaemon.com/support/solutions/articles/4000121705-firedaemon-openssl-1-1-1l-dev-binary-distribution-for-microsoft-windows#Download-OpenSSL

(the "OpenSSL 3.3.1 ZIP File (x64/x86)" top-right)

Any chance that you [c|w]ould take a peek and possibly be able to tell me
why the "openssl.exe" file I mentioned errors-out on XP ? I'm rather
curious ...

Regards,
Rudy Wieser
R.Wieser
2024-07-22 15:33:35 UTC
Reply
Permalink
Charlie,
is there a chance you would be willing to share those DLLs (and possibly
the code using them as well, as my sought for "example programs") ?
Ignore that request please.
but I than run into a brick wall because BIO_get_ssl isn't available in
v1.0.2 . :-(
Its true, neither of the DLLs contains a "BIO_get_ssl" function. Though
while (again) seeking information about the different OpenSSL versions and
looking for example code I ran across a website which shows the MAN pages
for OpenSSL v1.0.2 .

And in there I noticed it does have an entry for that "BIO_get_ssl"
function. Following the link and viewing the man page for it it turns out
that that function is simply a #define using a a BIO_ctrl function :

#define BIO_get_ssl(b,sslp) BIO_ctrl(b,BIO_C_GET_SSL,0,(char *)sslp)

And that ofcourse means my "brick wall" has disolved, and I can now continue
converting the example client code.


Though if you have any information on how to check and/or enable the TLS 1.x
ciphers I'd still like to hear.

Regards,
Rudy Wieser
Charlie Gibbs
2024-07-22 18:43:02 UTC
Reply
Permalink
Post by R.Wieser
Though if you have any information on how to check and/or enable the TLS 1.x
ciphers I'd still like to hear.
Dunno about the ciphers, but I do check which version of TLS I've
connected with.

i = SSL_SESSION_get_protocol_version(sslsession);

I use this to reject anything less than TLS 1.2.
(TLS 1.1 is deprecated and its use is now discouraged.)
--
/~\ Charlie Gibbs | We'll go down in history as the
\ / <***@kltpzyxm.invalid> | first society that wouldn't save
X I'm really at ac.dekanfrus | itself because it wasn't cost-
/ \ if you read it the right way. | effective. -- Kurt Vonnegut
Charlie Gibbs
2024-07-22 18:43:01 UTC
Reply
Permalink
Post by R.Wieser
Charlie,
Post by Charlie Gibbs
I got OpenSSL 1.0.1g working under XP several years ago, using
Borland C++ Builder 5.5. It only handles up to TLS 1.1, though.
That last part is the point of my current searching.
I would like to be able to use TLS 1.2 (and higher?) connections too, but
have zero idea if OpenSSL v1.0.2 supports it (and having a bad time trying
to find excample code to help me figure it out), or which version does, and
if its (still) compatible with XP.
After a bit of searching, I get the impression that TLS 1.2 was supported
starting in OpenSSL 1.0.1.

https://stackoverflow.com/questions/48178052/when-was-tls-1-2-support-added-to-openssl

TLS 1.3 support first appeared in in OpenSSL 1.1.1.

https://wiki.openssl.org/index.php/TLS1.3

If you're using TLS at all, you might as well go for 1.3 - it's more secure
than its predecessors and the code contains lots of fixes.
Post by R.Wieser
I'm getting the idea that you are statically compile OpenSSL into your
programs.
Right you are. I'm not a DLL person. I configured the OpenSSL build
to create static-linkable libraries (.a files). It takes a separate
build with different options to create DLLs.
Post by R.Wieser
By the way, I downloaded the "not a valid Windows executable" v3.3.1 from
https://kb.firedaemon.com/support/solutions/articles/4000121705-firedaemon-openssl-1-1-1l-dev-binary-distribution-for-microsoft-windows#Download-OpenSSL
(the "OpenSSL 3.3.1 ZIP File (x64/x86)" top-right)
Any chance that you [c|w]ould take a peek and possibly be able to tell me
why the "openssl.exe" file I mentioned errors-out on XP ? I'm rather
curious ...
I've encountered this error message before. The exact text I see is

<progname> is not a valid Win32 application.

This is some sort of XP incompatibility. Here's a discussion:

https://stackoverflow.com/questions/11305633/xxxxxx-exe-is-not-a-valid-win32-application

It looks as if you'll have to build OpenSSL using your own tools.
Start here to get MinGW:

https://sourceforge.net/projects/mingw-w64/

This is an implementation of the GCC compiler used on Linux.
Although the name contains "w64", it runs on both 64- and 32-bit
systems. I found that the version 13.2.0 doesn't work under XP -
I had to go back to version 12.3.0. The OpenSSL documentation
covers how to build it using MinGW. It's a tricky process, and
I've forgotten some of the intricate twists I did to make it run.
But run it does. I built OpenSSL 3.1.4 last October and have
been using it on my XP virtual machine ever since.
--
/~\ Charlie Gibbs | We'll go down in history as the
\ / <***@kltpzyxm.invalid> | first society that wouldn't save
X I'm really at ac.dekanfrus | itself because it wasn't cost-
/ \ if you read it the right way. | effective. -- Kurt Vonnegut
R.Wieser
2024-07-23 06:40:42 UTC
Reply
Permalink
Charlie,
Post by Charlie Gibbs
After a bit of searching, I get the impression that TLS 1.2 was
supported starting in OpenSSL 1.0.1.
https://stackoverflow.com/questions/48178052/when-was-tls-1-2-support-added-to-openssl
Grumble. I didn't think of approaching the problem from that direction (to
focussed on getting info of all the OpenSSL versions).
Post by Charlie Gibbs
TLS 1.3 support first appeared in in OpenSSL 1.1.1.
https://wiki.openssl.org/index.php/TLS1.3
If you're using TLS at all, you might as well go for 1.3 - it's more
secure than its predecessors and the code contains lots of fixes
As chances have it I already downloaded a few OpenSSL 1.1.1{letter}
versions, but ran into that "<progname> is not a valid Win32 application"
there too. :-(

I did find a 1.1.1h version that does seem to want to work though.

... now I only have to go thru the whole song-and-dance again of trying to
find example code and info matching that version. :-|
Post by Charlie Gibbs
It looks as if you'll have to build OpenSSL using your own tools.
I do not have any compilers (to speak of) here, and have very little wish to
install them just to be able to create a pair of DLLs. Its like what they
say about RegEx-es : you try to solve a (small) problem with them, and now
you've got two (and in this case, more than a handfull). :-\

Besides, the DLLs are only a part of the problem. Absense of (version
annotated) example code and header file(s) is a major other part.

And by the way: I got the sample code that I linked to to work - even though
I had to figure out that more than that BIO_get_ssl function where actually
defines, and that the MAN page website for 1.0.2 only showed the define for
BIO_get_ssl, but somehow didn't for a few others. I took a chance and used
the ones I found on a MAN 1.1.x website - which seemed to work. Phew).

Another problem was that the sample code showed BIO_do_connect and
BIO_do_handshake, which do not exist in the DLL and the MAN page does not
show defines for. Worse, from my tinkering with OpenSSL v0.9.8 I seem to
remember that they both translate to the same
BIO_ctrl(b,BIO_C_DO_STATE_MACHINE,0,0) sequence. So, I chose to use only
one. Which, as far as can tell, works.

-- from your next post
Post by Charlie Gibbs
Post by R.Wieser
Though if you have any information on how to check and/or enable the
TLS 1.x ciphers I'd still like to hear.
Dunno about the ciphers, but I do check which version of TLS I've
connected with.
i = SSL_SESSION_get_protocol_version(sslsession);
Thanks. But my (first) step was aimed at checking which TLS versions are
supported by my current OpenSSL version. Being able to check which ciphers
the server offers would be a second, and being able to check the actually
negociated one a distant third.
Post by Charlie Gibbs
I use this to reject anything less than TLS 1.2.
(TLS 1.1 is deprecated and its use is now discouraged.)
I thought that you could tell OpenSSL to only use a certain TLS version ?

At least, I though that that was what the SSL_set_cipher_list(ssl,
PREFERRED_CIPHERS); line (in the example code) was for.


By the way, Thanks for the responses/help. :-)

Regards,
Rudy Wieser
Charlie Gibbs
2024-07-23 19:16:02 UTC
Reply
Permalink
Post by R.Wieser
Charlie,
Post by Charlie Gibbs
After a bit of searching, I get the impression that TLS 1.2 was
supported starting in OpenSSL 1.0.1.
https://stackoverflow.com/questions/48178052/when-was-tls-1-2-support-added-to-openssl
Grumble. I didn't think of approaching the problem from that direction (to
focussed on getting info of all the OpenSSL versions).
I tend to approach problems from oddball directions. :-)

<snip>
Post by R.Wieser
And by the way: I got the sample code that I linked to to work - even though
I had to figure out that more than that BIO_get_ssl function where actually
defines, and that the MAN page website for 1.0.2 only showed the define for
BIO_get_ssl, but somehow didn't for a few others. I took a chance and used
the ones I found on a MAN 1.1.x website - which seemed to work. Phew).
Another problem was that the sample code showed BIO_do_connect and
BIO_do_handshake, which do not exist in the DLL and the MAN page does not
show defines for. Worse, from my tinkering with OpenSSL v0.9.8 I seem to
remember that they both translate to the same
BIO_ctrl(b,BIO_C_DO_STATE_MACHINE,0,0) sequence. So, I chose to use only
one. Which, as far as can tell, works.
Speaking of oddball directions, I just did a scan of my entire
code base, and there is not a single occurrence of the string "BIO_".
I call functions with the prefix "SSL_", e.g.
SSL_CTX_new()
SSL_new()
SSL_set_fd()
SSL_accept()
SSL_connect()
SSL_read()
SSL_write()
SSL_error()
SSL_shutdown()
SSL_CTX_free()

<snip>
Post by R.Wieser
I thought that you could tell OpenSSL to only use a certain TLS version ?
At least, I though that that was what the SSL_set_cipher_list(ssl,
PREFERRED_CIPHERS); line (in the example code) was for.
There is indeed such an option. I found some code (currently #ifdefed
out), which controls this:

/* Disable older methods if desired. Setting all of the options below
(they can be ORed together) will disable anything less than TLS v1.2. */

SSL_CTX_set_options(sc->socksslcontext, SSL_OP_NO_SSLv2);
SSL_CTX_set_options(sc->socksslcontext, SSL_OP_NO_SSLv3);
SSL_CTX_set_options(sc->socksslcontext, SSL_OP_NO_COMPRESSION);
SSL_CTX_set_options(sc->socksslcontext, SSL_OP_NO_TLSv1);
SSL_CTX_set_options(sc->socksslcontext, SSL_OP_NO_TLSv1_1);
Post by R.Wieser
By the way, Thanks for the responses/help. :-)
You're welcome. It's not a easy path, but hopefully you can get
something going.
--
/~\ Charlie Gibbs | We'll go down in history as the
\ / <***@kltpzyxm.invalid> | first society that wouldn't save
X I'm really at ac.dekanfrus | itself because it wasn't cost-
/ \ if you read it the right way. | effective. -- Kurt Vonnegut
R.Wieser
2024-07-23 20:02:23 UTC
Reply
Permalink
Charlie,
Post by Charlie Gibbs
Speaking of oddball directions, I just did a scan of my entire
code base, and there is not a single occurrence of the string
"BIO_". I call functions with the prefix "SSL_", e.g.
When I was busy with v0.9.8 I tested versions using both. And yes, I
rather use only SSL_* calls than the BIO_* calls and than /still/ have to
use some SSL_* ones.

I will "most likely" also try to find example code using just those SSL_*
calls. But currently first had/have to find out which TLS versions v1.0.2
all supports (read: if I can access all websites I can reach with my FF v52
browser).

But ... do you perhaps have a link to example code using only SSL_* calls ?
I could use it.
Post by Charlie Gibbs
There is indeed such an option. I found some code (currently #ifdefed
I saw them mentioned too, thanks for reminding me. I imagine that using
that to disable everything but TLS 1.2 and than asking for the supported
ciphers should give an indication if its actualy supported.
Post by Charlie Gibbs
Post by R.Wieser
By the way, Thanks for the responses/help. :-)
You're welcome. It's not a easy path, but hopefully you can
get something going.
I think I have. It looks like I have converted the example code correctly,
seeing that I can do an HTTPS request and get data back.

Now its just a question of adding certificate checking and possible
connection restarts - neither of which looks, in the example code,
complicated.

I also downloaded some (the?) sourcecode to 1.0.2 , so that I have access to
its header files and definitions of certain funcions in it.

Regards,
Rudy Wieser
Charlie Gibbs
2024-07-23 23:50:34 UTC
Reply
Permalink
Post by R.Wieser
I will "most likely" also try to find example code using just those SSL_*
calls. But currently first had/have to find out which TLS versions v1.0.2
all supports (read: if I can access all websites I can reach with my FF v52
browser).
From what I've dug up, 0.9.8 does not support TLS 1.2, while 1.0.1 probably
does.
Post by R.Wieser
But ... do you perhaps have a link to example code using only SSL_* calls ?
I could use it.
Here's the code I use to start and stop SSL on an existing connection.
From here you can use SSL_read() and SSL_write(), which are pretty
straightforward.

/*----------------------------------------------------------------------

Negotiate an SSL connection.

If "server" is TRUE, call SSL_accept() to
wait for an SSL handshake from the client.
If "server" is FALSE, call SSL_connect() to
initiate an SSL handshake with the server.

"certfile" is the name of a file containing certificates
(or NULL if no certificates are provided).

If errors occur, build an error string and
return a pointer to it; otherwise return NULL.

----------------------------------------------------------------------*/

#ifdef PROTOTYPE
char *socksslstart(struct socktag *sc, BOOL server, char *certfile)
#else
char *socksslstart(sc, server, certfile)
struct socktag *sc;
BOOL server;
char *certfile;
#endif
{
static char errmsg[MAXLEN];
X509 *cert;
X509_NAME *certname;
FILE *fp;
extern char *logfilename;
long templong;
char *s;
int i;

if(sc == NULL) {
strcpy(errmsg, "socksslstart: NULL argument");
return(errmsg);
}

sc->socksslcontext = NULL;
sc->socksslhandle = NULL;

#ifndef _INC__MINGW_H
/* Register the available ciphers and digests. */

SSL_library_init();

/* Register the error strings for libcrypto & libssl. */

SSL_load_error_strings();
#endif

#ifdef DELETE_THIS
OPENSSL_config(NULL);
#endif

/* Create a new context. */

if(server)
sc->socksslcontext = SSL_CTX_new(SSLv23_server_method());
else
sc->socksslcontext = SSL_CTX_new(SSLv23_client_method());
if(sc->socksslcontext == NULL) {
strcpy(errmsg, "SSL_CTX_new() failed: ");
s = ERR_error_string(ERR_get_error(), NULL);
i = sizeof(errmsg) - strlen(errmsg) - 1;
strncpy(errmsg + strlen(errmsg), s, i);
errmsg[sizeof(errmsg)-1] = '\0';
return(errmsg);
}

#ifdef NEW_STUFF
/* Disable older methods if desired. Setting all of the options below
(they can be ORed together) will disable anything less than TLS v1.2. */

SSL_CTX_set_options(sc->socksslcontext, SSL_OP_NO_SSLv2);
SSL_CTX_set_options(sc->socksslcontext, SSL_OP_NO_SSLv3);
SSL_CTX_set_options(sc->socksslcontext, SSL_OP_NO_COMPRESSION);
SSL_CTX_set_options(sc->socksslcontext, SSL_OP_NO_TLSv1);
SSL_CTX_set_options(sc->socksslcontext, SSL_OP_NO_TLSv1_1);
#endif

/* Process certificates. */

if(certfile != NULL) {

/* Set default locations for trusted CA certificates.
"certfile" is the name of a file containing one or more CA certificates
in PEM format. The optional third argument names a path containing
PEM-format files, each of which contains one CA certificate. */

if(!SSL_CTX_load_verify_locations(sc->socksslcontext,certfile,NULL)) {
strcpy(errmsg, "SSL_CTX_load_verify_locations() failed: ");
s = ERR_error_string(ERR_get_error(), NULL);
i = sizeof(errmsg) - strlen(errmsg) - 1;
strncpy(errmsg + strlen(errmsg), s, i);
errmsg[sizeof(errmsg)-1] = '\0';
socksslstop(sc);
return(errmsg);
}

/* If we're a server, send the list of CAs to the client. */

if(server) {
SSL_CTX_set_client_CA_list(
sc->socksslcontext, SSL_load_client_CA_file(certfile));
}

/* Load the certificates in the file SSL_SERVER_CRT (if server)
or the file SSL_CLIENT_CRT (if client) into the SSL context. */

if(!SSL_CTX_use_certificate_file(sc->socksslcontext,
certfile, SSL_FILETYPE_PEM)) {
strcpy(errmsg, "SSL_CTX_use_certificate_file() failed: ");
s = ERR_error_string(ERR_get_error(), NULL);
i = sizeof(errmsg) - strlen(errmsg) - 1;
strncpy(errmsg + strlen(errmsg), s, i);
errmsg[sizeof(errmsg)-1] = '\0';
socksslstop(sc);
return(errmsg);
}

/* Load the private keys into the SSL context. */

if(!SSL_CTX_use_PrivateKey_file(sc->socksslcontext,
certfile, SSL_FILETYPE_PEM)) {
strcpy(errmsg, "SSL_CTX_use_PrivateKey_file() failed: ");
s = ERR_error_string(ERR_get_error(), NULL);
i = sizeof(errmsg) - strlen(errmsg) - 1;
strncpy(errmsg + strlen(errmsg), s, i);
errmsg[sizeof(errmsg)-1] = '\0';
socksslstop(sc);
return(errmsg);
}

/* Check the consistency of a private key with the
corresponding certificate loaded into the SSL context. */

if(!SSL_CTX_check_private_key(sc->socksslcontext)) {
strcpy(errmsg, "SSL_CTX_check_private_key() failed: ");
s = ERR_error_string(ERR_get_error(), NULL);
i = sizeof(errmsg) - strlen(errmsg) - 1;
strncpy(errmsg + strlen(errmsg), s, i);
errmsg[sizeof(errmsg)-1] = '\0';
socksslstop(sc);
return(errmsg);
}

SSL_CTX_set_mode(sc->socksslcontext, SSL_MODE_AUTO_RETRY);
SSL_CTX_set_verify(sc->socksslcontext,
SSL_VERIFY_PEER | (server & SSL_VERIFY_FAIL_IF_NO_PEER_CERT), NULL);
SSL_CTX_set_verify_depth(sc->socksslcontext, 1);
}

/* Create an SSL structure for the connection. */

sc->socksslhandle = SSL_new(sc->socksslcontext);
if(sc->socksslhandle == NULL) {
strcpy(errmsg, "SSL_new() failed: ");
s = ERR_error_string(ERR_get_error(), NULL);
i = sizeof(errmsg) - strlen(errmsg) - 1;
strncpy(errmsg + strlen(errmsg), s, i);
errmsg[sizeof(errmsg)-1] = '\0';
socksslstop(sc);
return(errmsg);
}

/* Connect the SSL structure to our connection. */

if(!SSL_set_fd(sc->socksslhandle, sc->sockfd)) {
strcpy(errmsg, "SSL_set_fd() failed: ");
s = ERR_error_string(ERR_get_error(), NULL);
i = sizeof(errmsg) - strlen(errmsg) - 1;
strncpy(errmsg + strlen(errmsg), s, i);
errmsg[sizeof(errmsg)-1] = '\0';
socksslstop(sc);
return(errmsg);
}

/* If we're the server, wait for an SSL handshake from the client. */

if(server) {
if(SSL_accept(sc->socksslhandle) != 1) {
strcpy(errmsg, "SSL_accept() failed: ");
s = ERR_error_string(ERR_get_error(), NULL);
i = sizeof(errmsg) - strlen(errmsg) - 1;
strncpy(errmsg + strlen(errmsg), s, i);
errmsg[sizeof(errmsg)-1] = '\0';
socksslstop(sc);
return(errmsg);
}

/* If we're the client, initiate an SSL handshake with the server. */

} else {
if(SSL_connect(sc->socksslhandle) != 1) {
strcpy(errmsg, "SSL_connect() failed: ");
s = ERR_error_string(ERR_get_error(), NULL);
i = sizeof(errmsg) - strlen(errmsg) - 1;
strncpy(errmsg + strlen(errmsg), s, i);
errmsg[sizeof(errmsg)-1] = '\0';
socksslstop(sc);
return(errmsg);
}
}

/* Get the remote certificate into an X509 structure. */

if(!server && (certfile != NULL)) {
cert = SSL_get1_peer_certificate(sc->socksslhandle);
if(cert == NULL) {
sprintf(errmsg,
"socksslstart(%s): SSL_get1_peer_certificate() returned NULL: ",
sc->sockname);
s = ERR_error_string(ERR_get_error(), NULL);
i = sizeof(errmsg) - strlen(errmsg) - 1;
strncpy(errmsg + strlen(errmsg), s, i);
errmsg[sizeof(errmsg)-1] = '\0';
writetolog(errmsg, FALSE, -9);
}
if(cert != NULL) {
templong = SSL_get_verify_result(sc->socksslhandle);
if(templong != X509_V_OK) {
sprintf(errmsg,
"socksslstart(%s): SSL_get_verify_result() failed: %ld",
sc->sockname, templong);
s = ERR_error_string(ERR_get_error(), NULL);
i = sizeof(errmsg) - strlen(errmsg) - 1;
strncpy(errmsg + strlen(errmsg), s, i);
errmsg[sizeof(errmsg)-1] = '\0';
writetolog(errmsg, FALSE, -9);
} else {
fp = fopen(logfilename, "a");
if(fp != NULL) {
#ifdef DELETE_THIS
certname = X509_NAME_new();
#endif
certname = X509_get_subject_name(cert);
X509_NAME_print_ex_fp(fp, certname, 4,
XN_FLAG_MULTILINE & ~ASN1_STRFLGS_ESC_MSB);
certname = X509_get_issuer_name(cert);
X509_NAME_print_ex_fp(fp, certname, 4,
XN_FLAG_MULTILINE & ~ASN1_STRFLGS_ESC_MSB);
fclose(fp);
}
}
X509_free(cert);
}
}

/* If all went well, we've successfully set up an SSL connection. */

return(NULL);
}



/*----------------------------------------------------------------------

Stop an SSL connection.

----------------------------------------------------------------------*/

#ifdef PROTOTYPE
void socksslstop(struct socktag *sc)
#else
void socksslstop(sc) struct socktag *sc;
#endif
{
if(sc == NULL)
return; /* Connection is missing! */

if(sc->socksslhandle != NULL) {
SSL_shutdown(sc->socksslhandle);
SSL_free(sc->socksslhandle);
sc->socksslhandle = NULL;
}
if(sc->socksslcontext != NULL) {
SSL_CTX_free(sc->socksslcontext);
sc->socksslcontext = NULL;
}
}
--
/~\ Charlie Gibbs | We'll go down in history as the
\ / <***@kltpzyxm.invalid> | first society that wouldn't save
X I'm really at ac.dekanfrus | itself because it wasn't cost-
/ \ if you read it the right way. | effective. -- Kurt Vonnegut
R.Wieser
2024-07-24 06:55:21 UTC
Reply
Permalink
Charlie,
Post by Charlie Gibbs
From what I've dug up, 0.9.8 does not support TLS 1.2, while 1.0.1
probably does.
It looks that way, yes. And why I was looking for a version newer than
0.9.8 . Getting a hard "no" from some webservers isn't what I want to hear
when retrieving data from them.
Post by Charlie Gibbs
Here's the code I use to start and stop SSL on an existing connection.
From here you can use SSL_read() and SSL_write(), which are pretty
straightforward.
[snip code]

Thats .. C++ ? Objective C ? Never can tell (shows you how much I use
those languages).

But thank you. I'll likely be able to rewrite it in Assembly (read: use it
to see what should happen when).

Regards,
Rudy Wieser
Charlie Gibbs
2024-07-24 18:21:43 UTC
Reply
Permalink
Post by R.Wieser
Charlie,
Post by Charlie Gibbs
From what I've dug up, 0.9.8 does not support TLS 1.2, while 1.0.1
probably does.
It looks that way, yes. And why I was looking for a version newer than
0.9.8 . Getting a hard "no" from some webservers isn't what I want to hear
when retrieving data from them.
Yes, it's sadly out of date. You might as well go for the whole enchilda
and try 3.x.x. It'll be more work up front, but it'll have all the latest
security fixes and will handle TLS 1.3.
Post by R.Wieser
Post by Charlie Gibbs
Here's the code I use to start and stop SSL on an existing connection.
From here you can use SSL_read() and SSL_write(), which are pretty
straightforward.
[snip code]
Thats .. C++ ? Objective C ? Never can tell (shows you how much I use
those languages).
Straight C. I never got into those newfangled variants.
Post by R.Wieser
But thank you. I'll likely be able to rewrite it in Assembly (read: use it
to see what should happen when).
Hopefully it'll give you enough hints. In case you're wondering,
these functions use a socket descriptor which contains the socket
handle plus a bunch of supporting stuff, e.g. SSL session handle.
--
/~\ Charlie Gibbs | We'll go down in history as the
\ / <***@kltpzyxm.invalid> | first society that wouldn't save
X I'm really at ac.dekanfrus | itself because it wasn't cost-
/ \ if you read it the right way. | effective. -- Kurt Vonnegut
R.Wieser
2024-07-25 07:02:02 UTC
Reply
Permalink
Charlie,
You might as well go for the whole enchilda and try 3.x.x.
I did.

But alas, I could only find ones which throw that "<progname> is not a valid
Win32 application" error when I try to start their "OpenSSL.exe" programs.
IOW, I still have to find a prebuild binaries download which (still)
supports XP - and I could imagine that they simply do not exist. XP is
/ancient/, and nobody uses it anymore. :-)
Post by R.Wieser
Thats .. C++ ? Objective C ? Never can tell (shows you how much I
use those languages).
Straight C. I never got into those newfangled variants.
Hmmmm... As I use straight C on a RPi (GCC) I should to take a look about
how to use objects (with members and properties) there. Over time I've
started to see the reason of having functions and data combined into a
single package (not in Assembly though. To much work to create an object
and call its members)

And it just occured to me : wouldn't "straight C" just be an "I" ? :-)

Years ago I attempted to decompile some C#. I should have suspected it, but
what I found was that a C# program was just a header which would call the C#
interpreter (stored in a DLL) providing it the rest of its "program" (the C#
bytecode) as data. ... just as if you would call "QBASIC /RUN
{somename}.BAS". :-)
Post by R.Wieser
But thank you. I'll likely be able to rewrite it in Assembly (read: use
it to see what should happen when).
Hopefully it'll give you enough hints.
It (most likely) will. It shows the methods to call, what data they expect
and the order in which its supposed to happen.
In case you're wondering, these functions use a socket descriptor
which contains the socket handle plus a bunch of supporting stuff,
e.g. SSL session handle.
:-) "Some" of the names strongly hinted in that direction, yes.

Ofcourse, it does help that I already "done stuff" with v0.9.8, where I
figured out that the BIO_* and SSL_* methods where doing the same (carrying
round CTX handles). IOW, there was a bit of recognition.

Regards,
Rudy Wieser
R.Wieser
2024-07-29 12:43:44 UTC
Reply
Permalink
Charlie,
Post by Charlie Gibbs
Here's the code I use to start and stop SSL on an existing connection.
Writing a basic client :

I just noticed how you did that, by providing the handle thru "sc->sockfd".

Does that mean you just do a connect to a server using a the OS standard
means and than call this method ?

Also, before calling "SSL_connect" I do not see you provide the hostname
anywhere. Neither the SSL_* equivalent to "BIO_set_conn_hostname", nor its
TLS cousin, "SSL_set_tlsext_host_name".

Could you please explain ?

Regards,
Rudy Wieser
Charlie Gibbs
2024-07-29 17:26:42 UTC
Reply
Permalink
Post by R.Wieser
Charlie,
Post by Charlie Gibbs
Here's the code I use to start and stop SSL on an existing connection.
I just noticed how you did that, by providing the handle thru "sc->sockfd".
Does that mean you just do a connect to a server using a the OS standard
means and than call this method ?
Exactly. For example, when talking to a mail server, I'll make a standard
connection, issue a STARTTLS command, then call socksslstart().
Post by R.Wieser
Also, before calling "SSL_connect" I do not see you provide the hostname
anywhere. Neither the SSL_* equivalent to "BIO_set_conn_hostname", nor its
TLS cousin, "SSL_set_tlsext_host_name".
Could you please explain ?
I never really thought about it. I already have an open socket,
so host name isn't really relevant here. The name is in sc->sockname,
but I think I only use it when building error and debug messages.
--
/~\ Charlie Gibbs | We'll go down in history as the
\ / <***@kltpzyxm.invalid> | first society that wouldn't save
X I'm really at ac.dekanfrus | itself because it wasn't cost-
/ \ if you read it the right way. | effective. -- Kurt Vonnegut
R.Wieser
2024-07-29 18:53:51 UTC
Reply
Permalink
Charlie,
Post by Charlie Gibbs
Post by R.Wieser
Also, before calling "SSL_connect" I do not see you provide the hostname
anywhere. Neither the SSL_* equivalent to "BIO_set_conn_hostname", nor its
TLS cousin, "SSL_set_tlsext_host_name".
Could you please explain ?
I never really thought about it. I already have an open socket,
so host name isn't really relevant here. The name is in sc->sockname,
but I think I only use it when building error and debug messages.
The thing is that the first SSL packet send normally contains the hostname -
to help the server send the request packet to the right handler (there might
be multiple virtual servers on a physical one).

I'll just have to try and see what actually gets send. Who knows, maybe
OpenSSL extracts the target hostname from the socket.

Regards,
Rudy Wieser
Charlie Gibbs
2024-07-29 20:45:15 UTC
Reply
Permalink
Post by R.Wieser
Charlie,
Post by Charlie Gibbs
Post by R.Wieser
Also, before calling "SSL_connect" I do not see you provide the hostname
anywhere. Neither the SSL_* equivalent to "BIO_set_conn_hostname", nor its
TLS cousin, "SSL_set_tlsext_host_name".
Could you please explain ?
I never really thought about it. I already have an open socket,
so host name isn't really relevant here. The name is in sc->sockname,
but I think I only use it when building error and debug messages.
The thing is that the first SSL packet send normally contains the hostname -
to help the server send the request packet to the right handler (there might
be multiple virtual servers on a physical one).
I'll just have to try and see what actually gets send. Who knows, maybe
OpenSSL extracts the target hostname from the socket.
Could be. All I know is that at this point I don't worry about the
host name, just the socket handle - and it Just Works.
--
/~\ Charlie Gibbs | We'll go down in history as the
\ / <***@kltpzyxm.invalid> | first society that wouldn't save
X I'm really at ac.dekanfrus | itself because it wasn't cost-
/ \ if you read it the right way. | effective. -- Kurt Vonnegut
R.Wieser
2024-07-30 05:58:39 UTC
Reply
Permalink
Charlie,
Post by Charlie Gibbs
All I know is that at this point I don't worry about the
host name, just the socket handle - and it Just Works.
I can't be satisfied with "it just works". I have the need to know *why* it
(not) works. One of the drawbacks of being a hobbyist programmer I guess.
:-)

Regards
Rudy Wieser
Charlie Gibbs
2024-07-30 20:02:50 UTC
Reply
Permalink
Post by R.Wieser
Charlie,
Post by Charlie Gibbs
All I know is that at this point I don't worry about the
host name, just the socket handle - and it Just Works.
I can't be satisfied with "it just works". I have the need to know *why* it
(not) works. One of the drawbacks of being a hobbyist programmer I guess.
:-)
s/hobbyist/inquisitive/

I'm a professional programmer and I really want to know how and why
things work (or don't work) too. It can save a lot of pain down the
road.

However, in this case all the TLS magic is being performed on an
already-opened socket. The host name (and port number) are no longer
relevant at this point; only the socket and SSL session handles matter.

By the same token, once I get a disk file open, I just call fgets(),
fputs(), getline(), etc. without worrying about what the file is called.
--
/~\ Charlie Gibbs | We'll go down in history as the
\ / <***@kltpzyxm.invalid> | first society that wouldn't save
X I'm really at ac.dekanfrus | itself because it wasn't cost-
/ \ if you read it the right way. | effective. -- Kurt Vonnegut
R.Wieser
2024-07-31 06:39:21 UTC
Reply
Permalink
Charlie,
Post by Charlie Gibbs
s/hobbyist/inquisitive/
True. Though as an inquisitive /commercial/ programmer there isn't always
time for that. But as a hobby programmer is already "wasting" his time ...
:-)
Post by Charlie Gibbs
I'm a professional programmer and I really want to know how and
why things work (or don't work) too. It can save a lot of pain
down the road.
Thats the positive side of being inquisitive. And ofcourse that that
knowledge helps making better choices in later projects.
Post by Charlie Gibbs
However, in this case all the TLS magic is being performed on
an already-opened socket. The host name (and port number) are
no longer relevant at this point; only the socket and SSL session
handles matter.
The problem is that the (only initial?) SSL communication with the server
needs(?) that hostname too. And as I said, where does that "TLS magic" get
it from ? Or is it that in your case its send as an empty string and you've
been lucky the other side doesn't need it ?

Regards,
Rudy Wieser
Charlie Gibbs
2024-07-31 20:04:39 UTC
Reply
Permalink
Post by R.Wieser
Post by Charlie Gibbs
However, in this case all the TLS magic is being performed on
an already-opened socket. The host name (and port number) are
no longer relevant at this point; only the socket and SSL session
handles matter.
The problem is that the (only initial?) SSL communication with the server
needs(?) that hostname too. And as I said, where does that "TLS magic" get
it from ? Or is it that in your case its send as an empty string and you've
been lucky the other side doesn't need it ?
Perhaps, but I've done SSL communication with lots of machines,
so either the host name isn't needed or I'm very lucky.

But you may be right. I haven't dug into the intricacies of the
SSL handshake, and maybe there's a host name is tucked in there
somewhere. The SSL code could be digging out the host name itself,
e.g. with gethostbyaddr().
--
/~\ Charlie Gibbs | We'll go down in history as the
\ / <***@kltpzyxm.invalid> | first society that wouldn't save
X I'm really at ac.dekanfrus | itself because it wasn't cost-
/ \ if you read it the right way. | effective. -- Kurt Vonnegut
R.Wieser
2024-08-01 06:08:08 UTC
Reply
Permalink
Charlie,
Post by Charlie Gibbs
Perhaps, but I've done SSL communication with lots of machines,
so either the host name isn't needed or I'm very lucky.
In that case I'm going to rule out luck.
Post by Charlie Gibbs
I haven't dug into the intricacies of the SSL handshake, and maybe
there's a host name is tucked in there somewhere.
It is. I'm capturing that name in a small program which I re-route all
unwanted SSL connections to, so I'm made aware of any attempted connections.
Post by Charlie Gibbs
The SSL code could be digging out the host name itself, e.g.
with gethostbyaddr().
I was thinking the same (though not with that function. It could return a
different name than you expect when targetting a server with multiple
hosts). But why than are there still two functions there which will also
set such a name ?

And what happens when you provide those two different hostnames ? Inquiring
minds want^Wneed to know ! :-)

Did I already mention that I find the absense of OpenSSL documentation a
problem ? :-|

Regards,
Rudy Wieser
David Goodwin
2024-07-26 04:56:21 UTC
Reply
Permalink
Post by R.Wieser
Hello all,
I'm running into a few problems regarding OpenSSL.
1) I can't seem to find which OpenSSL version is the last one which will run
under XP.
I have tried OpenSSL v3.3.1, but when I extract the "openssl-3\x86\bin\"
folder and try try to start 'openssl.exe' I get the error that it isn't a
valid windows executable.
2) I've got OpenSSL v1.0.2 (just the DLLs), but can't seem to find example
code (a basic client) for it.
I've found a number of code samples, but no indication which version of
OpenSSL they are for. The same is goes when I look for information one any
of the DLLs functions.
This one
https://wiki.openssl.org/index.php/SSL/TLS_Client
looked to be a fit for OpenSSL v1.0.2 - it mentions that version a few times
in the page - but I than run into a brick wall because BIO_get_ssl isn't
available in v1.0.2 . :-(
1) Where can I find a webpage where the "minimum OS" requirement is named
for the different versions of OpenSSL ?
... or at least what the last version for XP is.
2) Where can I find code samples which specify which versions(s) of OpenSSL
they are valid for.
Help?
Last I checked the current version of OpenSSL still works fine on
Windows XP. Certainly 3.0.14 still does, and I'm sure I checked the 3.1
series sometime in the past year too.

When building it though, you've got to pass -D"_WIN32_WINNT=0x502" to
the configure script or the resulting binaries will give you the error
you encountered.
R.Wieser
2024-07-26 08:26:39 UTC
Reply
Permalink
David,
Post by David Goodwin
Last I checked the current version of OpenSSL still works fine on
Windows XP. Certainly 3.0.14 still does, and I'm sure I checked the
3.1 series sometime in the past year too.
Thanks for that. I was already wondering if (when) the later versions had
dumped support for XP.
Post by David Goodwin
When building it though,
Thats the problem though, I do not have a build environment for them (I'm
using a fully different programming language), and am therefore dependant on
the so-called "prebuild binaries" (ssleay32.dll and libeay32.dll).

I've downloaded a number of them, but have had a significant number of them
error-out on my machine with the error message "OpenSSL.exe is not a valid
Win32 application".


Which is part of my subject line : most of those prebuild binaries do not
come with a list of requirements. You know, "minimum supported OS version"
or "Win32" / "Win64". Heck, I've even had dowloads which, if you actually
wanted to use them, needed other (C runtime) DLLs to be able to function.

In short: all I can currently do is to pick a, pretty-much random, one,
download it and *only than* see if it is compatible with my (XP sp3) OS.

... And dont even ask me about how I am able to find any kind of information
(including example programs), needed to be able to know how to use those
DLLs.

Its also remarkable that the targetted OpenSSL version is seldom, if ever,
mentioned in the (found) sourcecode, header files or the webpages
themselves. :-(


And that is what my question is all about : Trying to find something better
than throwing the dice and hoping to get lucky.

Currently I have a working set of DLLs (and some example code) for OpenSSL
v1.0.2h . Later (prebuild binaries) versions all errored out on me.

Regards,
Rudy Wieser
David Goodwin
2024-07-26 09:12:51 UTC
Reply
Permalink
Post by R.Wieser
David,
Post by David Goodwin
Last I checked the current version of OpenSSL still works fine on
Windows XP. Certainly 3.0.14 still does, and I'm sure I checked the
3.1 series sometime in the past year too.
Thanks for that. I was already wondering if (when) the later versions had
dumped support for XP.
Post by David Goodwin
When building it though,
Thats the problem though, I do not have a build environment for them (I'm
using a fully different programming language), and am therefore dependant on
the so-called "prebuild binaries" (ssleay32.dll and libeay32.dll).
I've downloaded a number of them, but have had a significant number of them
error-out on my machine with the error message "OpenSSL.exe is not a valid
Win32 application".
Which is part of my subject line : most of those prebuild binaries do not
come with a list of requirements. You know, "minimum supported OS version"
or "Win32" / "Win64". Heck, I've even had dowloads which, if you actually
wanted to use them, needed other (C runtime) DLLs to be able to function.
In short: all I can currently do is to pick a, pretty-much random, one,
download it and *only than* see if it is compatible with my (XP sp3) OS.
... And dont even ask me about how I am able to find any kind of information
(including example programs), needed to be able to know how to use those
DLLs.
Its also remarkable that the targetted OpenSSL version is seldom, if ever,
mentioned in the (found) sourcecode, header files or the webpages
themselves. :-(
And that is what my question is all about : Trying to find something better
than throwing the dice and hoping to get lucky.
Currently I have a working set of DLLs (and some example code) for OpenSSL
v1.0.2h . Later (prebuild binaries) versions all errored out on me.
Well, I *may* be able to help out with XP-compatible OpenSSL binaries. I
maintain the program formerly and soon again to be known as Kermit 95
which still supports TLS on Windows XP. So you could probably grab the
XP-compatible openssl 3.0.14 bits (libcrypto3.dll, libssl-3.dll,
zlib1.dll, openssl.exe) from a recent successful build of that from
Github such as:
https://github.com/davidrg/ckwin/actions/runs/10100891255
If you do this you'll want the ckwin-vc14.2-x86 or ckwin-vc14-x86
artifact - those are the only ones that have current OpenSSL and work on
XP.

Though if you want to keep up-to-date with OpenSSL *and* have Windows XP
support, getting a suitable build environment is probably better than
relying on finding compatible binaries online. You should be able to do
it with entirely free tools such as the community edition of Visual C++
2019 or older, or the old Windows 7 Platform SDK v7.1 (~Visual C++ 2010)
which you can grab here: https://ftp.zx.net.nz/pub/dev/WinSDK/win7-7.1-
dn4/

With Visual C++, perl, and nasm installed and in your path and the zlib
and openssl sources extracted somewhere you should be able to open a
Visual C++ command prompt and run something like this to build it (this
is effectively what my CI does):
cd zlib\1.2.13
cmake .
nmake -f win32\Makefile.msc
cd ..\..\
cd openssl\3.0.14
perl Configure VC-WIN32 zlib-dynamic --with-zlib-include=..\..\zlib
\1.2.13 -D"_WIN32_WINNT=0x502"
nmake

(though it would probably best to use zlib 1.3.1 now that thats out
assuming its XP compatible - something I guess I will have to test soon
now that I know about it)
R.Wieser
2024-07-27 07:04:38 UTC
Reply
Permalink
David,
So you could probably grab the XP-compatible openssl 3.0.14 bits
(libcrypto3.dll, libssl-3.dll, zlib1.dll, openssl.exe) from a recent
https://github.com/davidrg/ckwin/actions/runs/10100891255
I would love to. Really.

One problem though : that github page doesn't show any indication of which
of the (jobs?) download links there contains them.
If you do this you'll want the ckwin-vc14.2-x86 or ckwin-vc14-x86
artifact -
How ? The only occurrences of "ckwin" on that page are just bits of text in
the "deprication notice" and the "Artifacts" list - neither of which
contains anything downloadable.
Though if you want to keep up-to-date with OpenSSL *and* have Windows
XP support, getting a suitable build environment is probably better
than relying on finding compatible binaries online.
Thanks for the suggestion, but no thanks.

Besides that I've got zero wish to install a C{something} build environment
just to generate a few DLLs (and only for them!), one of the other
responders here told me that he needed to "tweak" the sourcecode to get it
to compile and work on XP. Did I already mention that C{something} is
*not* my programming language ?

IOW, I would be increasing (by quite a bit) the number of problems I would
need to solve, not lessening them. :-(
With Visual C++, perl, and nasm installed
:-) Lets guess : I just have to install a random version of each and it will
all work nicely together ? No ? Some combinations will work but others
won't ? And I just have to pick some and hope I get lucky ? :-)

Regards,
Rudy Wieser
David Goodwin
2024-07-27 22:16:34 UTC
Reply
Permalink
Post by R.Wieser
David,
So you could probably grab the XP-compatible openssl 3.0.14 bits
(libcrypto3.dll, libssl-3.dll, zlib1.dll, openssl.exe) from a recent
https://github.com/davidrg/ckwin/actions/runs/10100891255
I would love to. Really.
One problem though : that github page doesn't show any indication of which
of the (jobs?) download links there contains them.
If you do this you'll want the ckwin-vc14.2-x86 or ckwin-vc14-x86
artifact -
How ? The only occurrences of "ckwin" on that page are just bits of text in
the "deprication notice" and the "Artifacts" list - neither of which
contains anything downloadable.
Unfortunately you need to be logged in to github to download artifacts
from CI runs. If you don't have a github account, you could try the
openssl bits from this older build:
https://ftp2.zx.net.nz/pub/Kermit95/test_builds/regent25-test/ckw-pre-
b6-regent-test.zip
Post by R.Wieser
Though if you want to keep up-to-date with OpenSSL *and* have Windows
XP support, getting a suitable build environment is probably better
than relying on finding compatible binaries online.
Thanks for the suggestion, but no thanks.
Besides that I've got zero wish to install a C{something} build environment
just to generate a few DLLs (and only for them!), one of the other
responders here told me that he needed to "tweak" the sourcecode to get it
to compile and work on XP. Did I already mention that C{something} is
*not* my programming language ?
There is no need to tweak the C code at this time. OpenSSL 3.0.14 builds
unmodified for XP provided that you tell the configure step to build it
for XP rather than Vista or newer.

OpenSSL has required that special configure step to target Windows XP
for a few years now which will be why you've struggled to find any off-
the-shelf binaries that work. Anyone wanting OpenSSL for XP for the last
few years will have been building it themselves.
Post by R.Wieser
IOW, I would be increasing (by quite a bit) the number of problems I would
need to solve, not lessening them. :-(
yeah, targeting a 23 year old operating system thats been out of support
for a decade is not the easy path.

I'm thankful that OpenSSL hasn't dropped support yet, but its really a
matter of time. I've already had to patch one library I use (libssh) to
restore XP support, I don't think I will be willing to do the same for
OpenSSL when the time comes.
Post by R.Wieser
With Visual C++, perl, and nasm installed
:-) Lets guess : I just have to install a random version of each and it will
all work nicely together ? No ? Some combinations will work but others
won't ? And I just have to pick some and hope I get lucky ? :-)
Visual C++ 2019 is the newest that can target XP, Visual C++ 2010 is the
oldest I've attempted to build current OpenSSL on - I don't know how
much older you can go, but I do know that Visual C++ 6.0 is too old.

Any version of perl will do - its only used to run the configure script
that generates the makefile. I just grab the current version of
Strawberry perl from https://strawberryperl.com/

Any version of nasm will do. I just grab the current version from
https://www.nasm.us/
R.Wieser
2024-07-28 06:22:08 UTC
Reply
Permalink
David,
Post by David Goodwin
Unfortunately you need to be logged in to github to download
artifacts from CI runs.
Nope. For the same reason I'm not going to not install a VC compiler
environment (for a one-off something).
[snip link]

Thanks. Alas, the "openssl.exe" executable in it also thows that "is not a
valid Win32 application" error (although I can make a guess, I still don't
know what causes it).
Post by David Goodwin
one of the other responders here told me that he needed to "tweak" the
sourcecode to get it to compile and work on XP.
...
Post by David Goodwin
There is no need to tweak the C code at this time.
That means that I've now got two sources of information that are conflicting
with each other. :-(
Post by David Goodwin
yeah, targeting a 23 year old operating system thats been out of
support for a decade is not the easy path.
Preceede that with sorely lacking information about (the available for
download) OpenSSL versions in general (which makes it next-to-impossible to
figure out which download is compatible with my 32-bit XP OS), and you
understand the predicament I'm in. :-(

I would have thought that the users of XP would be making extensive use of
OpenSSL, because the commercial products have dropped XP from their
vocabulary.

Any chance you know of someone who's willing to compile a 32-bit XP
compatible version of OpenSSL 3.x for me ? It should be easy right ? It
just needs a small(?)configuration change. :-)

Thanks for the responses/help.

Regards,
Rudy Wieser
David Goodwin
2024-07-28 11:55:01 UTC
Reply
Permalink
Post by R.Wieser
David,
Post by David Goodwin
Unfortunately you need to be logged in to github to download
artifacts from CI runs.
Nope. For the same reason I'm not going to not install a VC compiler
environment (for a one-off something).
Well, its not really a one-off - there have already been 14 releases of
OpenSSL 3.0 and I'm sure there will be plenty more before it goes out of
support in September 2026.

If security is important (and I assume it is, otherwise why bother with
OpenSSL), you'll likely be building it a few times a year to fix
security vulnerabilities whenever they come up.
Post by R.Wieser
[snip link]
Thanks. Alas, the "openssl.exe" executable in it also thows that "is not a
valid Win32 application" error (although I can make a guess, I still don't
know what causes it).
Post by David Goodwin
one of the other responders here told me that he needed to "tweak" the
sourcecode to get it to compile and work on XP.
...
Post by David Goodwin
There is no need to tweak the C code at this time.
That means that I've now got two sources of information that are conflicting
with each other. :-(
Post by David Goodwin
yeah, targeting a 23 year old operating system thats been out of
support for a decade is not the easy path.
Preceede that with sorely lacking information about (the available for
download) OpenSSL versions in general (which makes it next-to-impossible to
figure out which download is compatible with my 32-bit XP OS), and you
understand the predicament I'm in. :-(
I would have thought that the users of XP would be making extensive use of
OpenSSL, because the commercial products have dropped XP from their
vocabulary.
Any chance you know of someone who's willing to compile a 32-bit XP
compatible version of OpenSSL 3.x for me ? It should be easy right ? It
just needs a small(?)configuration change. :-)
Thanks for the responses/help.
Just had a look and indeed that openssl.exe doesn't work on Windows XP.
I checked a build of my application that I know for certain can do TLS
on Windows XP and openssl.exe is broken there too despite the DLLs
working fine! Turns out the linker was marking the executable with a
subsystem version too high for XP. Ended up just patching the makefile
as the openssl configure script doesn't let you specify particular
linker flags (ran into this when cross-compiling OpenSSL for Itanium).

In here you'll find OpenSSL 3.0.14 built for Windows XP fresh from CI
along with a screenshot showing it running:
https://ftp.zx.net.nz/public/tmp/openssl-3-xp/
R.Wieser
2024-07-28 14:21:33 UTC
Reply
Permalink
David,
Post by David Goodwin
Post by R.Wieser
Nope. For the same reason I'm not going to not install a VC compiler
environment (for a one-off something).
Well, its not really a one-off
:-) Thats a maintainer kind of POV, not a/my User one. If v0.9.8 would
have had TLS1.2+ support I would not even have considered looking for a
newer version (don't try to fix what aint broken).
Post by David Goodwin
If security is important (and I assume it is, otherwise why bother
with OpenSSL),
You have no idea what another reason could be ?

In my case security could not be less important.

What is is that when I go to the baker to buy me a loaf bread - something
everyone can afford - I'm not allowed into the store without having a
money-movers type of truck to transport that loaf.

Sound silly ? But that is how it nowerdays works. Even when a website
doesn't have got anything of worth (like just a few pictures of pets doing
silly things or some webstrips) I may only get what they have when I have
high levels of SSL security.

As how low my interest in security is ? The version I now have (using the
DLLs FireFox comes with) I have not even bothered to check the servers
certificates.

IOW, the only reason I'm rewriting that version using OpenSSL is because the
locks on the servers front doors get ever more complex, and I want to make
sure that I can keep entering them.

Now you know /two/ reasons why someone would want to use OpenSSL. :-)

Regards,
Rudy Wieser
David Goodwin
2024-07-28 20:39:51 UTC
Reply
Permalink
Post by R.Wieser
David,
Post by David Goodwin
Post by R.Wieser
Nope. For the same reason I'm not going to not install a VC compiler
environment (for a one-off something).
Well, its not really a one-off
:-) Thats a maintainer kind of POV, not a/my User one. If v0.9.8 would
have had TLS1.2+ support I would not even have considered looking for a
newer version (don't try to fix what aint broken).
Post by David Goodwin
If security is important (and I assume it is, otherwise why bother
with OpenSSL),
You have no idea what another reason could be ?
In my case security could not be less important.
What is is that when I go to the baker to buy me a loaf bread - something
everyone can afford - I'm not allowed into the store without having a
money-movers type of truck to transport that loaf.
Sound silly ? But that is how it nowerdays works. Even when a website
doesn't have got anything of worth (like just a few pictures of pets doing
silly things or some webstrips) I may only get what they have when I have
high levels of SSL security.
As how low my interest in security is ? The version I now have (using the
DLLs FireFox comes with) I have not even bothered to check the servers
certificates.
IOW, the only reason I'm rewriting that version using OpenSSL is because the
locks on the servers front doors get ever more complex, and I want to make
sure that I can keep entering them.
Now you know /two/ reasons why someone would want to use OpenSSL. :-)
Out of curiousity, what is it you're trying to do? I assume not build a
web browser.

If you *are* doing https stuff though, there are perhaps easier ways
than dealing with OpenSSL directly. There are proxy servers you can run
on some other computer like a Raspberry Pi that will downgrade the
SSL/TLS version to something vintage computers will understand. There is
one that will re-render the page in a way vintage browsers will handle
too. Probably much easier than trying to wrangle the poorly documented
OpenSSL API.

Also, I forgot to mention those XP-compatible binaries I linked to will
need the Visual C++ redistributable installed, though I expect by now
mostly everyone will already have the last XP version of that:
https://ftp.zx.net.nz/pub/dev/redist/vcpp/2019_16.7/VC_redist.x86.exe
R.Wieser
2024-07-29 06:45:21 UTC
Reply
Permalink
David,
Post by David Goodwin
Out of curiousity, what is it you're trying to do? I assume not
build a web browser.
I'm trying to re-build my webpage download tool.
Post by David Goodwin
If you *are* doing https stuff though,
:-) Yep. Otherwise I would just have used Windows own WS2_32.DLL and be
done with it.
Post by David Goodwin
there are perhaps easier ways than dealing with OpenSSL directly.
I'm sure of it. But as a hobby programmer I'm inclined to see if I can do
it myself too (doesn't mean that I will never switch to use pre-made
solutions, just that they are not the first thing I think of)
Post by David Goodwin
There are proxy servers you can run on some other computer like a
Raspberry Pi that will downgrade the SSL/TLS version to something
vintage computers will understand.
There is not even a need to use a seperate 'puter for it, a proxy service
will run as well on the client 'puter itself.
Post by David Goodwin
There is one that will re-render the page in a way vintage browsers
will handle too.
That sounds /very/ interresting. Especially when you can script the
"re-endering" part (read: being able to scrub webpages before viewing).

IOW, do you perhaps have a name and/or link for me ?
Post by David Goodwin
Probably much easier than trying to wrangle the poorly documented
OpenSSL API.
"Probably" ? Thats an easy bet. :-) But as I'm not willing to just "give
up" because "it looks too hard" I will try my damnest to see if I can figure
it out before conceeding defeat (yeah, you can just call it "stubborn" if
you want. :-) ).
Post by David Goodwin
Also, I forgot to mention those XP-compatible binaries I linked to
will need the Visual C++ redistributable installed,
I didn't even get far enough to get an error about it. :-|

Regards,
Rudy Wieser
David Goodwin
2024-07-31 01:20:31 UTC
Reply
Permalink
Post by R.Wieser
David,
Post by David Goodwin
Out of curiousity, what is it you're trying to do? I assume not
build a web browser.
I'm trying to re-build my webpage download tool.
Post by David Goodwin
If you *are* doing https stuff though,
:-) Yep. Otherwise I would just have used Windows own WS2_32.DLL and be
done with it.
Post by David Goodwin
there are perhaps easier ways than dealing with OpenSSL directly.
I'm sure of it. But as a hobby programmer I'm inclined to see if I can do
it myself too (doesn't mean that I will never switch to use pre-made
solutions, just that they are not the first thing I think of)
Post by David Goodwin
There are proxy servers you can run on some other computer like a
Raspberry Pi that will downgrade the SSL/TLS version to something
vintage computers will understand.
There is not even a need to use a seperate 'puter for it, a proxy service
will run as well on the client 'puter itself.
Post by David Goodwin
There is one that will re-render the page in a way vintage browsers
will handle too.
That sounds /very/ interresting. Especially when you can script the
"re-endering" part (read: being able to scrub webpages before viewing).
IOW, do you perhaps have a name and/or link for me ?
This is the tool: https://github.com/tenox7/wrp

Its not quite what I would consider ideal though - it can either send
back a very simplified version of the webpage, or it can render the
webpage server-side and then send an imagemap to the browser. So in that
mode you're really just operating chrome remotely via a vintage web
browser.
Post by R.Wieser
Post by David Goodwin
Probably much easier than trying to wrangle the poorly documented
OpenSSL API.
"Probably" ? Thats an easy bet. :-) But as I'm not willing to just "give
up" because "it looks too hard" I will try my damnest to see if I can figure
it out before conceeding defeat (yeah, you can just call it "stubborn" if
you want. :-) ).
Post by David Goodwin
Also, I forgot to mention those XP-compatible binaries I linked to
will need the Visual C++ redistributable installed,
I didn't even get far enough to get an error about it. :-|
Regards,
Rudy Wieser
R.Wieser
2024-07-31 06:56:13 UTC
Reply
Permalink
David,
Post by David Goodwin
Post by R.Wieser
Post by David Goodwin
There is one that will re-render the page in a way vintage browsers
will handle too.
That sounds /very/ interresting. Especially when you can script the
"re-endering" part (read: being able to scrub webpages before viewing).
IOW, do you perhaps have a name and/or link for me ?
This is the tool: https://github.com/tenox7/wrp
Its not quite what I would consider ideal though - it can either send
back a very simplified version of the webpage, or it can render the
webpage server-side and then send an imagemap to the browser. So in
that mode you're really just operating chrome remotely via a vintage
web browser.
Thanks for that.

As for the drawback of the "simplified version of the webpage", between my
GreaseMonkey and RequestPolicy firefox add-ons (page scrubbing and
third-party resource blocking) I might well already be looking at such
"simplified versions" of webpages. :-)

Regards,
Rudy Wieser
Charlie Gibbs
2024-07-28 19:34:18 UTC
Reply
Permalink
Post by R.Wieser
Post by David Goodwin
one of the other responders here told me that he needed to "tweak" the
sourcecode to get it to compile and work on XP.
...
Post by David Goodwin
There is no need to tweak the C code at this time.
That means that I've now got two sources of information that are conflicting
with each other. :-(
As one of those sources, I probably misspoke. I'm trying to remember
something I did a while ago and probably got some of it wrong. It's
probably more accurate to say that I was tweaking not the C source
code itself, but the build procedures. It took a bit of work, and
I don't remember the intricacies in full detail. So no, there's
probably no conflict between us.

(Note that the word "probably" occurs four times in the preceding
paragraph. I qualify virtually everything I say.)
Post by R.Wieser
Any chance you know of someone who's willing to compile a 32-bit XP
compatible version of OpenSSL 3.x for me ? It should be easy right ?
It just needs a small(?)configuration change. :-)
If you don't mind figuring out how to statically link to MinGW libraries
(libcrypto.a and libssl.a), I could probably put the ones I finally built
up on Dropbox.
--
/~\ Charlie Gibbs | We'll go down in history as the
\ / <***@kltpzyxm.invalid> | first society that wouldn't save
X I'm really at ac.dekanfrus | itself because it wasn't cost-
/ \ if you read it the right way. | effective. -- Kurt Vonnegut
R.Wieser
2024-07-28 20:38:04 UTC
Reply
Permalink
Charlie,
Post by Charlie Gibbs
As one of those sources, I probably misspoke.
...
Post by Charlie Gibbs
It's probably more accurate to say that I was tweaking not the C
source code itself, but the build procedures.
...
Post by Charlie Gibbs
So no, there's probably no conflict between us.
Thank you for posting that. :-) It does take my confusion away.

Alas, it doesn't it doesn't really change anything for me. I still have no
intention to install a VC compiler (and its dependancies) just for the sake
of creating the two DLLs. Besides the problem of having to find the info to
how to tweak the build process - when finding even just basic info about
OpenSSL is problematic.
Post by Charlie Gibbs
If you don't mind figuring out how to statically link to MinGW
libraries (libcrypto.a and libssl.a), I could probably put the ones
I finally built up on Dropbox.
Thanks for the offer, but I'm afraid that my language-of-choice uses .OBJ
files for that. IOW, those files are likely incompatible with my Borlands
Tasm v5 assembler.

Regards,
Rudy Wieser
Newyana2
2024-09-18 21:08:16 UTC
Reply
Permalink
On 7/28/2024 4:38 PM, R.Wieser wrote:
nally built up on Dropbox.
Post by R.Wieser
Thanks for the offer, but I'm afraid that my language-of-choice uses .OBJ
files for that. IOW, those files are likely incompatible with my Borlands
Tasm v5 assembler.
Just came across this. I looked into openssl at one point for
email in VB6. Never got it working. I don't see anyplace where you said
what you're trying to do, but for what it's worth, I got libcurl working
on XP for downloading files and it also works on Win10. Version 7.8.

I originally used a winsock class, back in the days of simple
HTTP. Then I used winhttp. But that got outdated. I don't have
anything for actually talking directly to the server, like I could do
with HTTP. It gets confusing with something like openssl where
you don't actually know what it's doing. Libcurl was easier because
it handles the whole operation.
R.Wieser
2024-09-19 07:32:16 UTC
Reply
Permalink
Newyana2,
Post by Newyana2
Just came across this. I looked into openssl at one point
for email in VB6. Never got it working.
I got /something/ to work, but due to the absense of documentation I'm not
at all sure how it works (and thus how to extend on it). Though I did use
it to make a very straight-forward (polling mode) http-to-https tunnel.
Post by Newyana2
I don't see anyplace where you said what you're trying to do,
Just trying to replace SSL v0.9.8 with something that offers stronger, more
current encryptions.

As what I use that for ? Anything I want to try to create which needs an
SSL connection (HTTPS file downloader, newsgroup "new news" checker, etc).
Post by Newyana2
but for what it's worth, I got libcurl working
on XP for downloading files and it also works on Win10. Version 7.8.
"I got libcurl working on XP" ? That sounds omnious...

The thing is, I do not have any C{something} development environments
installed, so I'm looking for (need) the pre-compiled binaries. DLLs to be
specific.
Post by Newyana2
I originally used a winsock class, back in the days of simple
HTTP.
Same here.
Post by Newyana2
Then I used winhttp. But that got outdated.
I don't think I ever used that. I did use OpenSSL v0.9.8 though. When
that started to get old I looked into the (rather elegantly simple) way
Windows(98se) supported SSL (though also with very little info about it) and
sought for ways to upgrade its encryptions I found I was "a bit to late" to
that party - and aborted that approach.
Post by Newyana2
It gets confusing with something like openssl where you don't actually
know what it's doing.
Tell me about it... :-(

Heck, I can't even find info about what the different functions are for, are
supposed to work or work together.

All I can do is look at examples (the few I can find), and even those are
hard to come by - and most never show an indication of which version of
OpenSLL they are for. :-(
Post by Newyana2
Libcurl was easier because it handles the whole operation.
Any chance you know where I can download Windows XP compatible DLLs for it ?

Regards,
Rudy Wieser
Newyana2
2024-09-19 13:05:37 UTC
Reply
Permalink
Post by R.Wieser
Heck, I can't even find info about what the different functions are for, are
supposed to work or work together.
Programmers are not famous for literacy. Many of them just
impatiently proclaim that documentation is not their thing. I once
tried to work with the WINE people and found they had an idea
that they could create docs programmatically from inline code
comments. Anything to avoid constructing a coherent sentence. :)
Post by R.Wieser
Post by Newyana2
Libcurl was easier because it handles the whole operation.
Any chance you know where I can download Windows XP compatible DLLs for it ?
https://curl.se/download/

As mentioned, I used 7.8 on XP and it works on Win10. I use
it to access the Bing maps REST API, downloading json files and
images. I tried to get it to work for something else and now I
don't remember what that was, but I couldn't figure it out, despite
using pretty much the same code layout as I used for download.
It's been almost a year since I looked at this code, and I seem to be
reaching an age where memories require refreshing to recall details,
so I can't tell you what the problem was.

Libcurl is messy. A poorly designed API and less than optimal docs.
On top of that, it's CDECL. And this is the "easy" version! But once
you get past the maddening underscores, it seems to be solid. (One
would think that a library that needs to be initialized might have a
function called "Init". Instead it's "curl_easy_init". Like I didn't know
I was calling into libcurl and my underscore key is lonely?

It may all be more than you care to deal with. But I'll give you what
I've got in VB6. There's a download function, a callback function, and
a very nice CDECL class written by Paul Caton. (As you probably know,
VB6 can't use CDECL functions directly, but this class is flawless. I've
used it to make a cab.dll wrapper. Some of those functions have
10 parameters, including multiple callbacks. Caton does amazing things
with assembly, and he's generous with his efforts. I also use his
self-subclassing class, which allows me to subclass any number of
controls effortlessly and still be able to break in the VB6 IDE. The
class allows me to receive any number of messages, before or after
the main message proc.)

It would be very messy to try to post it all here with wordwrap, but
I've posted it to Fileconvoy, good for 14 days:

http://www.fileconvoy.com/dfl.php?id=g44cb750627119bf61000562358711cca53a7b97356

Inside you'll find the CDECL class, a module (.bas) with the curl ops,
and a cert package. You probably want a newer one of those, but
I don't remember details about that. The one I have is currently
working fine. If you have trouble you can also tell curl to bypass
cert checks.

The libcurl DLLs (3) need to be available. Libcurl.dll, libcrypto-1_1.dll
and libssl-1_1.dll. Let me know if I missed anything.
R.Wieser
2024-09-19 16:41:56 UTC
Reply
Permalink
Newyana2,
Post by Newyana2
Post by R.Wieser
Post by Newyana2
Libcurl was easier because it handles the whole operation.
Any chance you know where I can download Windows XP compatible DLLs for it ?
https://curl.se/download/
I did find that page to and downloaded the 7.88.1 ZIP file from it (before I
wrote my previous message). Alas, it just contains source files, no
pre-compiled DLLs of any kind. IOW, of no use to me.
Post by Newyana2
Libcurl is messy. A poorly designed API and less than optimal docs.
So, the same as OpenSLL ? :-)
Post by Newyana2
On top of that, it's CDECL.
Luckily my Borlands TASM has no problems with using them and mixing them
with STDCALL DLLs.
Post by Newyana2
But once you get past the maddening underscores, it seems to be solid.
:-) Translating "decorated" DLL function names into ones I can actually use
in my programs is something a .LIB file is for (I've done that before).
Post by Newyana2
One would think that a library that needs to be initialized might have a
function called "Init". Instead it's "curl_easy_init".
Just imagine *two* libaries that both have an "init" function. How would
your program know which one to call ?

I've ran into that problem recently-ish. ComCtl32.dll, shell32.dll and a few
others all have a function called DllGetVersion. I had to create a .DEF
file for each of the DLLs in which I made an alias for that function
prefixed with its DLL name (like "shell32_DllGetVersion") to be able to use
them. :-\ (or dynamically find those entry points, but thats ugly and
messy)
Post by Newyana2
But I'll give you what I've got in VB6. There's a download function,
a callback function, and a very nice CDECL class written by Paul Caton.
Thank you. It will come in handly as a reference.
Post by Newyana2
(As you probably know, VB6 can't use CDECL functions directly, but this
class is flawless.
Nope, I had no idea about that. The last time I used VB it was version 5.
Many, many years back. :-)
Post by Newyana2
The libcurl DLLs (3) need to be available. Libcurl.dll, libcrypto-1_1.dll
and libssl-1_1.dll. Let me know if I missed anything.
I've download your ZIP file, and it contains a .CLS, a .CRT and a .BAS file.
I could use the above three DLLs too ... (assuming you still have them).

Regards,
Rudy Wieser
Newyana2
2024-09-19 18:50:21 UTC
Reply
Permalink
Post by R.Wieser
Post by Newyana2
https://curl.se/download/
I did find that page to and downloaded the 7.88.1 ZIP file from it (before I
wrote my previous message). Alas, it just contains source files, no
pre-compiled DLLs of any kind. IOW, of no use to me.
Woops. Sorry about that. I think this is one of those cases
where I hunted all over for a usable Windows DLL of an OSS
project. I don't know where I found it and can't seem to find it
now. So I'm uploading the copy I have:

http://www.fileconvoy.com/dfl.php?id=g2e0326a7be4be4a710005623941d4db71d71b2b617

I also have the two other libraries in my project folder but not in
the installer for that program, so it looks like libcurl.dll is all you
need.
I suspect that this particular version has everything wrapped in because
it's 4 MB. Sorry for the confusion. I just don't remember all the details
about this.

The curl website does have some decent docs, if you need that.
Post by R.Wieser
Luckily my Borlands TASM has no problems with using them and mixing them
with STDCALL DLLs.
Oh, good. Then you can just translate my calls into the CDECL class
easily.
Post by R.Wieser
Just imagine *two* libaries that both have an "init" function. How would
your program know which one to call ?
I'd only be loading one of them. If I had to use both init functions
I'd alias one of them. There's no excuse for lowercase and underscore
mania.
Post by R.Wieser
I've ran into that problem recently-ish. ComCtl32.dll, shell32.dll and a few
others all have a function called DllGetVersion. I had to create a .DEF
file for each of the DLLs in which I made an alias for that function
prefixed with its DLL name (like "shell32_DllGetVersion") to be able to use
them. :-\ (or dynamically find those entry points, but thats ugly and
messy)
I see. In VB6 there are just inline declarations. I often use aliases
for things like winsock functions.
Charlie Gibbs
2024-09-19 23:52:42 UTC
Reply
Permalink
Post by Newyana2
I suspect that this particular version has everything wrapped in because
it's 4 MB. Sorry for the confusion. I just don't remember all the details
about this.
That looks right. My library is just over 4MB. However, it's probably
not of much use to you because it's built with MinGW and is designed
to be statically linked. But it is a recent version of OpenSSL (3.x),
and handles TLS 1.3.
--
/~\ Charlie Gibbs | We'll go down in history as the
\ / <***@kltpzyxm.invalid> | first society that wouldn't save
X I'm really at ac.dekanfrus | itself because it wasn't cost-
/ \ if you read it the right way. | effective. -- Kurt Vonnegut
Newyana2
2024-09-20 01:12:37 UTC
Reply
Permalink
Post by Charlie Gibbs
Post by Newyana2
I suspect that this particular version has everything wrapped in because
it's 4 MB. Sorry for the confusion. I just don't remember all the details
about this.
That looks right. My library is just over 4MB. However, it's probably
not of much use to you because it's built with MinGW and is designed
to be statically linked. But it is a recent version of OpenSSL (3.x),
and handles TLS 1.3.
Yes. I came across a mingw download. I don't know where I got
the libcurl.dll that I have. It may have been compiled by someone
who made vblibcurl. There was a wrapper vblibcurl, for VB6. It's
not unusual that I look for these things for days and then find them
in some obscure corner of the Internet. There are rarely people
interested in compiling Win32 DLLs from projects like this.

There's no current plan to "deprecate" TLS 1.2, so we're probably
OK for awhile. And Win10/11 actually have curl.exe pre-installed.
I haven't tried it. It looks like it can do the basics as a commandline
utility.
R.Wieser
2024-09-23 09:50:23 UTC
Reply
Permalink
Newyana2,
Post by Newyana2
Post by R.Wieser
I did find that page to and downloaded the 7.88.1 ZIP file from it
(before I wrote my previous message). Alas, it just contains source
files, no pre-compiled DLLs of any kind. IOW, of no use to me.
Woops. Sorry about that.
No problem. They could possibly function as a reference.
Post by Newyana2
http://www.fileconvoy.com/dfl.php?id=g2e0326a7be4be4a710005623941d4db71d71b2b617
Thank you. :-)
Post by Newyana2
I also have the two other libraries in my project folder but not in the
installer for that program, so it looks like libcurl.dll is all you need.
I just checked the DLLs that get imported by libcurl.dll itself, and all of
them seem to be present in my OS. So unless your VB6 program dynamically
loads either of those two other DLLs I should be fine.
Post by Newyana2
The curl website does have some decent docs, if you need that.
I'll have to search for them. Hopefully the libcurl.dll's version number
will allow me to pin-point the valid documentation for it.
Post by Newyana2
Post by R.Wieser
Luckily my Borlands TASM has no problems with using them and mixing them
with STDCALL DLLs.
Oh, good. Then you can just translate my calls into the CDECL class
easily.
Yep. And I have to generate the library and header files to that
libcurl.dll for my assembler anyway.
Post by Newyana2
Post by R.Wieser
I've ran into that problem recently-ish. ComCtl32.dll, shell32.dll and a
few others all have a function called DllGetVersion.
...
Post by Newyana2
I see. In VB6 there are just inline declarations. I often use aliases
for things like winsock functions.
I wish that Borlands Tasm would have some way to specify which DLL to use
(something like "dll.function" perhaps), but alas, although I did look for
that I have not been able to find any information to the existance of it.

Oh well, its not if I don't have two other methods to do the same (even if I
don't really like either of them).

Hmm. I should maybe check if I can put the alias into the libary file for
the DLL itself (next to the origional function name I mean).

Again, thanks for the help and files.

Regards,
Rudy Wieser
Newyana2
2024-09-23 20:01:13 UTC
Reply
Permalink
Post by R.Wieser
Again, thanks for the help and files.
I'm glad if you can use it. We spend so much time on
these things, and it won't be long before it's all useless.
R.Wieser
2024-09-24 06:39:47 UTC
Reply
Permalink
Newyana2,
We spend so much time on these things, and it won't be long before it's
all useless.
I hear you.

I've got my own programs which have become useless or superceeded and also
done a lot of work on reverse-engeneering certain API stuff, only to see the
stuff fall out of grace.

Same with my electronics hobby, where I designed small digital stuff
(combining AND, OR, XOR ports, counters, etc) and also created
circuit-boards for them. That too fell outof grace, as nowerdays everything
is either cheaper to buy pre-build, or can be replaced by a few dollars
costing micro-controller, which can do more complex stuff too. :-|

Regards,
Rudy Wieser

Loading...