OpenSSL 1.0.2.g update breaks my Delphi app

问题

My Win32 program fails after an upgrade from OpenSSL 1.02f to 1.02g.
I made sure to reboot after the upgrade, and I have verified that the correct libeay32.dll, libssl32.dll, and ssleay32.dll are in C:\Windows\SysWOW64 (and it does not help either if I copy them to my app directory).

var
  lIOHandleSSL      : TIdServerIOHandlerSSLOpenSSL;
  FWebBrokerBridge  : TIdHTTPWebBrokerBridge;       // = class(TIdCustomHTTPServer)
begin    
  FWebBrokerBridge := TIdHTTPWebBrokerBridge.Create(Self);    
  LIOHandleSSL := TIdServerIOHandlerSSLOpenSSL.Create(FWebBrokerBridge);    // LIOHandleSSL.SSLOptions.method is sslvTLSv1
  LIOHandleSSL.SSLOptions.CertFile     := ...
  LIOHandleSSL.SSLOptions.RootCertFile := ...
  LIOHandleSSL.SSLOptions.KeyFile      := ...
  LIOHandleSSL.OnGetPassword := HTTPSIOHandlerSSLOpenSSLGetPassword;
  FWebBrokerBridge.IOHandler := LIOHandleSSL;
  FWebBrokerBridge.Active := true;

The error is EIdOSSLCouldNotLoadSSLLibrary: Could not load SSL library on the 'Active' statement.

What can be going on, and how to fix it?

It's a Delphi XE2 app, the Indy version is 10.5.8.0

FWIW Here is the OpenSSL 1.02g changelog

[Edited to add]
- We use this OpenSSL binary installer.
- I added the WhichFailedToLoad() function (from IdSSLOpenSSLHeaders.pas) and it returns the following string: SSLv2_method,SSLv2_server_method,SSLv2_client_method
- I have removed the description of my certificate files from this question. Ken White correctly remarked that the code is not at the stage yet where the certs are loaded

回答1:

This is covered here: http://www.indyproject.org/sockets/blogs/changelog/20150907.en.aspx

In summary, SSLv2 is not secure, so some distributors of OpenSSL disable SSL2. You appear to be using such an OpenSSL. Older versions of Indy regard the following functions as critical:

• SSLv2_method
• SSLv2_server_method
• SSLv2_client_method

These versions of Indy will fail to load if these functions are not exported by the OpenSSL DLLs.

To get past this problem you will need to do one of the following:

• Find OpenSSL DLLs that do not disable SSLv2. This does not sound like a clever way to tackle your problem.
• Upgrade to a version of Indy that can handle SSLv2 being disabled.
• Upgrade to Delphi 10 Seattle Update 1 which includes Indy revision 5311 is the earliest Delphi version to deal with the issue.

来源：https://stackoverflow.com/questions/35895377/openssl-1-0-2-g-update-breaks-my-delphi-app