Hello,
SSLOpenSSL.CreateSelfSignedCert creates invalis certificates on 64 Bits Linux. This was tested on x86_64 and AArch64. The problem is in the declaration of X509GmtimeAdj.
Problem:
OpenSSL declares the adj
of X509GmtimeAdj parameter to be of type long. (See https://www.openssl.org/docs/man3.0/man3/X509_gmtime_adj.html). Synapse declares the adj
parameter to be of type integer. This works on Windows and 32 bits Linux. But on 64 bits Linux the long data type of C is 8 bits in size (see the Data Models part of https://en.cppreference.com/w/cpp/language/types. Delphi and FPC integer are 4 bytes in size on all platforms. This leads to a size mismatch on 64 Bits Linux, which in turn leads to problems when using X509GmtimeAdj with negative values for the adj
parameter.
Suggested solution:
For Delphi the use of the longint
datatype should solve the problem. It is documented to be 32 bits on Windows and 64 bits on POSIX platforms (see https://docwiki.embarcadero.com/RADStudio/Athens/en/Delphi_to_C++_types_mapping.
For FPC longint
is documented to always be 32 bits in size. But the ctypes
unit has suitable types for mapping. On FPC the clong
type can be used because it always maps to the correct type for the selected platform.
A patch is attached that contains the propsed soution.
With best regards,
Jan