[Interest] Qt Android with OpenSSL problems "OpenSSL vulnerabilities in your apps"

René Hansen renehh at gmail.com
Mon Oct 29 10:51:19 CET 2018 

It looks like you're bundling the stale version of OpenSSL. Try deleting
your *build-* folder to get a fresh one and maybe set *ANDROID_EXTRA_LIBS *to
point directly to the libs outside of your project folder.

/René

On Mon, 29 Oct 2018 at 10:38 Nguyen Ngoc Thach Chau <chaupad at gmail.com>
wrote:

> Thank you Rene
>
> I check by source code functions below:
> ====
> long sslLibraryVersionNumber
> <http://doc.qt.io/qt-5/qsslsocket.html#sslLibraryVersionNumber>()
> QString sslLibraryVersionString
> <http://doc.qt.io/qt-5/qsslsocket.html#sslLibraryVersionString>()
> long sslLibraryBuildVersionNumber
> <http://doc.qt.io/qt-5/qsslsocket.html#sslLibraryBuildVersionNumber>()
> QString sslLibraryBuildVersionString
> <http://doc.qt.io/qt-5/qsslsocket.html#sslLibraryBuildVersionString>()
>
> =======
>
>
> Here is output
>
> ====
>
> 268439647
>
> "OpenSSL 1.0.1e 11 Feb 2013"
>
> 268443903
>
> "OpenSSL 1.0.2o 27 Mar 2018"
>
> ====
>
>
> I still can not figure out why it is 1.0.1e.....
>
> Does it related to graddle build version ?
>
> I checked output folder and see it is using as below
>
> *classpath 'com.android.tools.build:gradle:2.2.3'*
>
>
>
> On Mon, Oct 29, 2018 at 3:33 PM René Hansen <renehh at gmail.com> wrote:
>
>> Try to make sure you're actually on the right version, from inside the
>> app. Ie, what does *OpenSSL_version(OPENSSL_VERSION)* return? Your
>> setting of *ANDROID_EXTRA_LIBS* looks correct enough.
>>
>> /René
>>
>>
>>
>> On Mon, 29 Oct 2018 at 08:59 Nguyen Ngoc Thach Chau <chaupad at gmail.com>
>> wrote:
>>
>>> Dear supporters
>>>
>>> I'm using Qt Android for mobile project.
>>> When I upload APK file to Google Play Store, they always send me an
>>> alert as below
>>> =============
>>> https://support.google.com/faqs/answer/6376725
>>> =============
>>> I checked APK, it is return openSSL 1.0.2k but it is confusing then I
>>> want to ask to make sure
>>> I searched Google a lot and applied some solutions:
>>> - Add library file to "android\libs\armeabi-v7a" folder
>>> - Add library path to .pro file
>>> =======
>>> android {
>>>
>>>     ANDROID_PACKAGE_SOURCE_DIR = $$PWD/android
>>>     contains(ANDROID_TARGET_ARCH,armeabi-v7a) {
>>>          ANDROID_EXTRA_LIBS = \
>>>             $$PWD/android/libs/armeabi-v7a/libcrypto.so \
>>>             $$PWD/android/libs/armeabi-v7a/libssl.so
>>>     }
>>>     OTHER_FILES += \
>>> #        android/build.gradle \
>>>         libs/armeabi-v7a/libcrypto.so \
>>>         libs/armeabi-v7a/libssl.so \
>>>         android/AndroidManifest.xml
>>>
>>> }
>>> ==========
>>>
>>> The question is:
>>> When I'm checking output of build process
>>> ("...android-build\libs\armeabi-v7a" folder)
>>> I always see old openSSL library file (libcrypto.so / libssl.so).
>>> I also see that my library files are copied but they are replaced by old
>>> library files (may be it is process of Qt)
>>> => How can I prevent Qt replace my library file in this cases ?
>>> => Is there any success case that use Qt to build Android game / app for
>>> Qt recently ? ( before, I already uploaded successfully some apps, but from
>>> 2 months ago. I can not upload any more because of this problem)
>>>
>>> Note:
>>> - NDK: android-ndk-r17c
>>> - Java: Java\jdk1.8.0_111
>>> - Qt: 5.9.4 => I can upgrade this if needed
>>> - SDK: Android SDK (build tool v25.0.3, android build sdk 28)
>>> - target: min API 16, max API 26
>>> - error details: https://support.google.com/faqs/answer/6376725
>>> _______________________________________________
>>> Interest mailing list
>>> Interest at qt-project.org
>>> http://lists.qt-project.org/mailman/listinfo/interest
>>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.qt-project.org/pipermail/interest/attachments/20181029/5bf0555d/attachment.html>

More information about the Interest mailing list