Support for OpenSSL 1.1

[ael]

Hello,

With OpenSSL 1.0.2 reaching EOL in a few months I'd like to switch to OpenSSL 1.1. Unfortunately UniDAC only tries to load the 1.0.2 library (libeay/ssleay) instead of the 1.1 library (libcrypto-1_1/libssl-1_1).

Is there a way to switch which library is loaded? Do you have a ETA for OpenSSL 1.1 support?

[ViktorV]

At present, UniDAC supports OpenSSL 1.0.2.
If you want us to implement the feature, please post this suggestion at our user voice forum: https://devart.uservoice.com/forums/104 ... components If the suggestion gets a lot of votes, we will consider the possibility to implement it.

[ael]

I've added a suggestion for this feature, thank you.

However, I would argue that with OpenSSL 1.0.2 being EOL very soon you really need to support an alternative (be it OpenSSL 1.1, LibreSSL or BoringSSL).

[ViktorV]

In addition, to solve the issue, you can use UniDAC and SecureBridge components. SecureBridge allows to establish secure connections within a single application without any external files. You can learn how to use SecureBridge with PgDAC in "Secure connections" topic of PgDAC help.
The TCRSSLIOHandler component is located in the dcldacsbridgeXXX package. This package is included in the UniDAC demos. See the package installation instructions in the file "%UniDACDemos%\TechnologySpecific\SecureBridge\Readme.html", where %UniDACDemos% is the UniDAC Demo projects installation path on your computer.

[ael]

If someone is interested here's a patch against UniDAC 7.5.13 for CRVioTcpSSL.pas to add support for OpenSSL 1.1. It should support both 32 and 64 bit and automatically fallback to legacy version if necessary.

https://drillscan.egnyte.com/dl/ECNESz84Hr

[ViktorV]

Thank you for the information and your contribution to our product development.
We'll consider implementing your suggestion for OpenSSL 1.1.