Revert "openssl 3"

This reverts commit 6239e3a.

Author: esegece-com

IdSSLOpenSSL.pas

@@ -234,7 +234,7 @@ interface
   IdYarn;
 
 type
-  TIdSSLVersion = (sslvSSLv2, sslvSSLv23, sslvSSLv3, sslvTLSv1,sslvTLSv1_1,sslvTLSv1_2, sslvTLSv1_3);
+  TIdSSLVersion = (sslvSSLv2, sslvSSLv23, sslvSSLv3, sslvTLSv1,sslvTLSv1_1,sslvTLSv1_2);
   TIdSSLVersions = set of TIdSSLVersion;
   TIdSSLMode = (sslmUnassigned, sslmClient, sslmServer, sslmBoth);
   TIdSSLVerifyMode = (sslvrfPeer, sslvrfFailIfNoPeerCert, sslvrfClientOnce);
@@ -243,8 +243,8 @@ interface
   TIdSSLAction = (sslRead, sslWrite);
 
 const
-  DEF_SSLVERSION = sslvTLSv1_3;
-  DEF_SSLVERSIONS = [sslvTLSv1_3];
+  DEF_SSLVERSION = sslvTLSv1;
+  DEF_SSLVERSIONS = [sslvTLSv1];
   P12_FILETYPE = 3;
   MAX_SSL_PASSWORD_LENGTH = 128;
 
@@ -901,12 +901,10 @@ function calls will reset that value and we can't know what a programmer will
     LockInfoCB.Enter;
     try
       IdSSLSocket := TIdSSLSocket(SSL_get_app_data(sslSocket));
-      if Assigned(IdSSLSocket) then begin
-        if Supports(IdSSLSocket.fParent, IIdSSLOpenSSLCallbackHelper, IInterface(LHelper)) then begin
-          StatusStr := IndyFormat(RSOSSLStatusString, [String(SSL_state_string_long(sslSocket))]);
-          LHelper.StatusInfo(sslSocket, where, ret, StatusStr);
-          LHelper := nil;
-        end;
+      if Supports(IdSSLSocket.fParent, IIdSSLOpenSSLCallbackHelper, IInterface(LHelper)) then begin
+        StatusStr := IndyFormat(RSOSSLStatusString, [String(SSL_state_string_long(sslSocket))]);
+        LHelper.StatusInfo(sslSocket, where, ret, StatusStr);
+        LHelper := nil;
       end;
     finally
       LockInfoCB.Leave;
@@ -948,7 +946,7 @@ function VerifyCallback(Ok: TIdC_INT; ctx: PX509_STORE_CTX): TIdC_INT; cdecl;
   try
     VerifiedOK := True;
     try
-      hSSL := X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx);
+      hSSL := X509_STORE_CTX_get_app_data(ctx);
       if hSSL = nil then begin
         Result := Ok;
         Exit;
@@ -957,23 +955,21 @@ function VerifyCallback(Ok: TIdC_INT; ctx: PX509_STORE_CTX): TIdC_INT; cdecl;
       Certificate := TIdX509.Create(hcert, False); // the certificate is owned by the store
       try
         IdSSLSocket := TIdSSLSocket(SSL_get_app_data(hSSL));
-        if Assigned(IdSSLSocket) then begin
-          Error := X509_STORE_CTX_get_error(ctx);
-          Depth := X509_STORE_CTX_get_error_depth(ctx);
-          if not ((Ok > 0) and (IdSSLSocket.fSSLContext.VerifyDepth >= Depth)) then begin
-            Ok := 0;
-            {if Error = X509_V_OK then begin
-              Error := X509_V_ERR_CERT_CHAIN_TOO_LONG;
-            end;}
-          end;
-          LOk := False;
-          if Ok = 1 then begin
-            LOk := True;
-          end;
-          if Supports(IdSSLSocket.fParent, IIdSSLOpenSSLCallbackHelper, IInterface(LHelper)) then begin
-            VerifiedOK := LHelper.VerifyPeer(Certificate, LOk, Depth, Error);
-            LHelper := nil;
-          end;
+        Error := X509_STORE_CTX_get_error(ctx);
+        Depth := X509_STORE_CTX_get_error_depth(ctx);
+        if not ((Ok > 0) and (IdSSLSocket.fSSLContext.VerifyDepth >= Depth)) then begin
+          Ok := 0;
+          {if Error = X509_V_OK then begin
+            Error := X509_V_ERR_CERT_CHAIN_TOO_LONG;
+          end;}
+        end;
+        LOk := False;
+        if Ok = 1 then begin
+          LOk := True;
+        end;
+        if Supports(IdSSLSocket.fParent, IIdSSLOpenSSLCallbackHelper, IInterface(LHelper)) then begin
+          VerifiedOK := LHelper.VerifyPeer(Certificate, LOk, Depth, Error);
+          LHelper := nil;
         end;
       finally
         FreeAndNil(Certificate);
@@ -2364,11 +2360,33 @@ function LoadOpenSSLLibrary: Boolean;
     // has to be done before anything that uses memory
     IdSslCryptoMallocInit;
 {$ENDIF}
+    // required eg to encrypt a private key when writing
+    OpenSSL_add_all_ciphers;
+    OpenSSL_add_all_digests;
+    InitializeRandom;
+    // IdSslRandScreen;
+    SSL_load_error_strings;
+    // Successful loading if true
+    Result := SSLeay_add_ssl_algorithms > 0;
+    if not Result then begin
+      Exit;
+    end;
     // Create locking structures, we need them for callback routines
     Assert(LockInfoCB = nil);
     LockInfoCB := TIdCriticalSection.Create;
     LockPassCB := TIdCriticalSection.Create;
     LockVerifyCB := TIdCriticalSection.Create;
+    // Handle internal OpenSSL locking
+    CallbackLockList := TIdCriticalSectionThreadList.Create;
+    PrepareOpenSSLLocking;
+    CRYPTO_set_locking_callback(@SslLockingCallback);
+{$IFNDEF WIN32_OR_WIN64}
+    if Assigned(CRYPTO_THREADID_set_callback) then begin
+      CRYPTO_THREADID_set_callback(@_threadid_func);
+    end else begin
+      CRYPTO_set_id_callback(@_GetThreadID);
+    end;
+{$ENDIF}
     SSLIsLoaded.Value := True;
     Result := True;
   finally
@@ -2442,7 +2460,7 @@ procedure TIdSSLOptions.SetMethod(const AValue: TIdSSLVersion);
 begin
   fMethod := AValue;
   if AValue = sslvSSLv23 then begin
-    fSSLVersions := [sslvSSLv2,sslvSSLv3,sslvTLSv1,sslvTLSv1_1,sslvTLSv1_2,sslvTLSv1_3];
+    fSSLVersions := [sslvSSLv2,sslvSSLv3,sslvTLSv1,sslvTLSv1_1,sslvTLSv1_2];
   end else begin
     fSSLVersions := [AValue];
   end;
@@ -2466,15 +2484,12 @@ procedure TIdSSLOptions.SetSSLVersions(const AValue: TIdSSLVersions);
   else if fSSLVersions = [sslvTLSv1_2 ] then begin
     fMethod := sslvTLSv1_2;
   end
-  else if fSSLVersions = [sslvTLSv1_3] then begin
-    fMethod := sslvTLSv1_3;
-  end
   else begin
     fMethod := sslvSSLv23;
     if sslvSSLv23 in fSSLVersions then begin
       Exclude(fSSLVersions, sslvSSLv23);
       if fSSLVersions = [] then begin
-        fSSLVersions := [sslvSSLv2,sslvSSLv3,sslvTLSv1,sslvTLSv1_1,sslvTLSv1_2,sslvTLSv1_3];
+        fSSLVersions := [sslvSSLv2,sslvSSLv3,sslvTLSv1,sslvTLSv1_1,sslvTLSv1_2];
       end;
     end;
   end;
@@ -3284,24 +3299,7 @@ procedure TIdSSLContext.InitContext(CtxMode: TIdSSLCtxMode);
       SSL_CTX_clear_options(fContext, SSL_OP_NO_TLSv1_2);
     end;
   end;
-  if IsOpenSSL_TLSv1_3_Available then begin
-    if not(sslvTLSv1_3 in SSLVersions) then begin
-      SSL_CTX_set_options(fContext, SSL_OP_NO_TLSv1_3);
-    end 
-	else if (fMethod = sslvSSLv23) then begin
-      SSL_CTX_clear_options(fContext, SSL_OP_NO_TLSv1_3);
-    end;
-  end;
 
-  if sslvTLSv1_3 in SSLVersions then
-    SSL_CTX_set_min_proto_version(fContext, TLS1_2_VERSION)
-  else if sslvTLSv1_2 in SSLVersions then
-    SSL_CTX_set_min_proto_version(fContext, TLS1_2_VERSION)
-  else if sslvTLSv1_1 in SSLVersions then
-    SSL_CTX_set_min_proto_version(fContext, TLS1_1_VERSION)
-  else
-    SSL_CTX_set_min_proto_version(fContext, TLS1_VERSION);
-  SSL_CTX_set_max_proto_version(fContext, TLS1_3_VERSION);
   SSL_CTX_set_mode(fContext, SSL_MODE_AUTO_RETRY);
   // assign a password lookup routine
 //  if PasswordRoutineOn then begin
@@ -3464,10 +3462,22 @@ function TIdSSLContext.SetSSLMethod: PSSL_METHOD;
         end;
       end;
     sslvSSLv23:
-      if Assigned(TLS_method) then
-        Result := TLS_method()
+      case fMode of
+        sslmServer : begin
+          if Assigned(SSLv23_server_method) then begin
+            Result := SSLv23_server_method();
+          end;
+        end;
+        sslmClient : begin
+          if Assigned(SSLv23_client_method) then begin
+            Result := SSLv23_client_method();
+          end;
+        end;
       else
-        Result := SelectTLS1Method(fMode);
+        if Assigned(SSLv23_method) then begin
+          Result := SSLv23_method();
+        end;
+      end;
     sslvSSLv3:
       case fMode of
         sslmServer : begin
@@ -3545,11 +3555,6 @@ function TIdSSLContext.SetSSLMethod: PSSL_METHOD;
           Result := SelectTLS1Method(fMode);
         end;
       end;
-    sslvTLSv1_3:
-      if Assigned(TLS_method) then
-        Result := TLS_method()
-      else
-        Result := SelectTLS1Method(fMode);
   end;
   if Result = nil then begin
     raise EIdOSSLGetMethodError.Create(RSSSLGetMethodError);