Arvid Winkelsdorf of the digivendo GmbH has published on the Delphi-PRAXiS a security patch for using OpenSSL with the Indy libraries. The original source code has some quiet dangerous buffer overflow security risks. He allowed me to post them here, so that you can get them without having to register at the Delphi-PRAXiS.
Short Installation Instructions
Copy header files into your programm folder to ensure use of the Delphi compiler. Rebuild your project. Copy the files libeay32.dll and libssl32.dll (old name ssleay32.dll) into your application folder.
Since Indy 9 and Indy 10 are differently structured, you have to rename either IdSSLOpenHeaders9.pas or IdSSLOpenHeaders10.pas in IdSSLOpenHeaders.pas to make the fix work. Both files are in the download package.
Arvid will probably start his own blog soon and will support the Indy team in this specific area. Let's see what he will do to support us Indy-lovers. Thanks Arvid.
Download Patch (ZIP, 800 Kb)
The opinions expressed herein are my own personal opinions and do not represent my employer's view in any way.
Theme design by Jelle Druyts