[Interest] Qt Android with OpenSSL problems "OpenSSL vulnerabilities in your apps"

René Hansen renehh at gmail.com
Wed Oct 31 10:13:10 CET 2018 

Somehow it seems you're still bundling 1.0.1e, so that's what you need to
look for. I'm not sure where to start, since I don't know your specific
project but afaik OpenSSL was a manual include as far back as 5.6
<http://doc.qt.io/qt-5.6/opensslsupport.html>, so the version you're using,
5.9.4, shouldn't be doing any magic stuff either. /René

On Wed, 31 Oct 2018 at 02:34 Nguyen Ngoc Thach Chau <chaupad at gmail.com>
wrote:

> The problem is not about send HTTPS request,
> It is about Google Play Store rejection.
> Google Play Store still alert me about OpenSSL library & do not let me
> upload to play store
> Refer alert here: https://support.google.com/faqs/answer/6376725
> :( I update library and re-upload but still do not success.
> I ask Google but they may not give any answer
>
>
> On Tue, Oct 30, 2018 at 12:23 AM René Hansen <renehh at gmail.com> wrote:
>
>> Nguyen, I've just updated from 1.0.2n in my own app to 1.0.2p, using my
>> own homegrown build system for OpenSSL.
>>
>> It seems to work and I can complete https request just fine. This is what
>> I get in the app when I query the version:
>>
>> main.cpp:117 (int main(int, char**)): sslLibraryVersionString() "OpenSSL
>> 1.0.2p  14 Aug 2018"
>>
>> I don't know it will solve your problem, but maybe it's worth trying a
>> different build. Here's the link: https://github.com/rhardih/bad.
>>
>> The readme has instructions, but basically it's just:
>>
>>
>>    1. Clone repo
>>    2. Run make openssl
>>    3. Extract libs
>>
>> This is the Android part of the .pri file I use for OpenSSL:
>>
>> linux:android {
>>   OSSL_BUILD_PATH =
>> /Users/rene/Code/bad/extracted/openssl-1.0.2p-armv7-a-build
>>
>>   ANDROID_EXTRA_LIBS += \
>>     $$OSSL_BUILD_PATH/lib/libcrypto.so \
>>     $$OSSL_BUILD_PATH/lib/libssl.so
>> }
>>
>> /René
>>
>> On Mon, 29 Oct 2018 at 17:17 Thiago Macieira <thiago.macieira at intel.com>
>> wrote:
>>
>>> On Monday, 29 October 2018 00:58:20 PDT Nguyen Ngoc Thach Chau wrote:
>>> > I checked APK, it is return openSSL 1.0.2k but it is confusing then I
>>> want
>>>
>>> 1.0.2k is not up-to-date. Upgrade to 1.0.2p.
>>>
>>> --
>>> Thiago Macieira - thiago.macieira (AT) intel.com
>>>   Software Architect - Intel Open Source Technology Center
>>>
>>>
>>>
>>> _______________________________________________
>>> Interest mailing list
>>> Interest at qt-project.org
>>> http://lists.qt-project.org/mailman/listinfo/interest
>>>
>> _______________________________________________
>> Interest mailing list
>> Interest at qt-project.org
>> http://lists.qt-project.org/mailman/listinfo/interest
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.qt-project.org/pipermail/interest/attachments/20181031/da89ab04/attachment.html>

More information about the Interest mailing list