[Interest] Qt Android with OpenSSL problems "OpenSSL vulnerabilities in your apps"

Nguyen Ngoc Thach Chau chaupad at gmail.com
Mon Oct 29 10:38:17 CET 2018


Thank you Rene

I check by source code functions below:
====
long sslLibraryVersionNumber
<http://doc.qt.io/qt-5/qsslsocket.html#sslLibraryVersionNumber>()
QString sslLibraryVersionString
<http://doc.qt.io/qt-5/qsslsocket.html#sslLibraryVersionString>()
long sslLibraryBuildVersionNumber
<http://doc.qt.io/qt-5/qsslsocket.html#sslLibraryBuildVersionNumber>()
QString sslLibraryBuildVersionString
<http://doc.qt.io/qt-5/qsslsocket.html#sslLibraryBuildVersionString>()

=======


Here is output

====

268439647

"OpenSSL 1.0.1e 11 Feb 2013"

268443903

"OpenSSL 1.0.2o 27 Mar 2018"

====


I still can not figure out why it is 1.0.1e.....

Does it related to graddle build version ?

I checked output folder and see it is using as below

*classpath 'com.android.tools.build:gradle:2.2.3'*



On Mon, Oct 29, 2018 at 3:33 PM René Hansen <renehh at gmail.com> wrote:

> Try to make sure you're actually on the right version, from inside the
> app. Ie, what does *OpenSSL_version(OPENSSL_VERSION)* return? Your
> setting of *ANDROID_EXTRA_LIBS* looks correct enough.
>
> /René
>
>
>
> On Mon, 29 Oct 2018 at 08:59 Nguyen Ngoc Thach Chau <chaupad at gmail.com>
> wrote:
>
>> Dear supporters
>>
>> I'm using Qt Android for mobile project.
>> When I upload APK file to Google Play Store, they always send me an alert
>> as below
>> =============
>> https://support.google.com/faqs/answer/6376725
>> =============
>> I checked APK, it is return openSSL 1.0.2k but it is confusing then I
>> want to ask to make sure
>> I searched Google a lot and applied some solutions:
>> - Add library file to "android\libs\armeabi-v7a" folder
>> - Add library path to .pro file
>> =======
>> android {
>>
>>     ANDROID_PACKAGE_SOURCE_DIR = $$PWD/android
>>     contains(ANDROID_TARGET_ARCH,armeabi-v7a) {
>>          ANDROID_EXTRA_LIBS = \
>>             $$PWD/android/libs/armeabi-v7a/libcrypto.so \
>>             $$PWD/android/libs/armeabi-v7a/libssl.so
>>     }
>>     OTHER_FILES += \
>> #        android/build.gradle \
>>         libs/armeabi-v7a/libcrypto.so \
>>         libs/armeabi-v7a/libssl.so \
>>         android/AndroidManifest.xml
>>
>> }
>> ==========
>>
>> The question is:
>> When I'm checking output of build process
>> ("...android-build\libs\armeabi-v7a" folder)
>> I always see old openSSL library file (libcrypto.so / libssl.so).
>> I also see that my library files are copied but they are replaced by old
>> library files (may be it is process of Qt)
>> => How can I prevent Qt replace my library file in this cases ?
>> => Is there any success case that use Qt to build Android game / app for
>> Qt recently ? ( before, I already uploaded successfully some apps, but from
>> 2 months ago. I can not upload any more because of this problem)
>>
>> Note:
>> - NDK: android-ndk-r17c
>> - Java: Java\jdk1.8.0_111
>> - Qt: 5.9.4 => I can upgrade this if needed
>> - SDK: Android SDK (build tool v25.0.3, android build sdk 28)
>> - target: min API 16, max API 26
>> - error details: https://support.google.com/faqs/answer/6376725
>> _______________________________________________
>> Interest mailing list
>> Interest at qt-project.org
>> http://lists.qt-project.org/mailman/listinfo/interest
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.qt-project.org/pipermail/interest/attachments/20181029/1fbf743c/attachment.html>


More information about the Interest mailing list