在 Android 应用程序中为 HttpClient 更改 OpenSSL 库 [英] Changing OpenSSL library in Android app for HttpClient

问题描述

我需要在我的项目中为 HttpClient 使用自定义 OpenSSL 库.

I need to use custom OpenSSL library for HttpClient in my project.

我已经为 Android 编译了 libcrypto.so 和 libssl.so 并将文件放在文件夹 jniLibs 中.应用程序 Heartbleed Scanner 会看到它们.System.loadLibrary("crypto") 和 System.loadLibrary("ssl") 有效.但现在我需要让 HttpClient 使用我的库而不是标准 SSL 库.但我不知道移动的方式和方法.

I have compiled libcrypto.so and libssl.so for Android and put the files in a folder jniLibs. Application Heartbleed Scanner sees them. System.loadLibrary("crypto") and System.loadLibrary("ssl") works. But now I need to make HttpClient use my library instead of the standard SSL library. But I do not know about which way to move and how to do it.

我使用 OpenSSL 1.0.1h 和 Android Studio 1.0.2.

I use OpenSSL 1.0.1h and Android Studio 1.0.2.

预先感谢您的建议.

推荐答案

我已经为 Android 编译了 libcrypto.so 和 libssl.so 并将文件放在文件夹 jniLibs...

I have compiled libcrypto.so and libssl.so for Android and put the files in a folder jniLibs...

这行不通.

Android 使用 OpenSSL 1.0.0 并在 /system 中提供.Zygote 在启动时启动并加载 OpenSSL 的下层版本(类似于 init - 所有 Android 进程都从它派生出来).

Android utilizes OpenSSL 1.0.0 and provides it in /system. Zygote starts at boot and loads the down level version of OpenSSL (its like init - all Android processes are forked from it).

当您的进程从 Zygote 分叉时，您的 1.0.1 版本永远不会加载，因为 1.0.0 已经从 Zygote 加载.你永远不知道有问题，因为下层版本提供了你需要的所有符号(它的二进制兼容).

When your process is forked from Zygote, your 1.0.1 version is never loaded because 1.0.0 is already loaded from Zygote. You never know there's a problem because the down level version provides all the symbols you need (its binary compatible).

您需要编写一个包装器共享对象.包装器共享对象必须链接到 OpenSSL 1.0.1 的静态版本(libcrypto.a 和 libssl.a).您的包装器必须导出唯一符号，例如 My_OpenSSL_add_all_algorithms 和 My_SSL_load_error_strings.在内部，您的共享对象可以引用未修饰的名称，OpenSSL_add_all_algorithms 和 SSL_load_error_strings.

You need to write a wrapper shared object. The wrapper shared object must link against the static versions of OpenSSL 1.0.1 (libcrypto.a and libssl.a). Your wrapper must export unique symbols, like My_OpenSSL_add_all_algorithms and My_SSL_load_error_strings. Internally, your shared object can refer to the undecorated names, OpenSSL_add_all_algorithms and SSL_load_error_strings.

所以你的共享对象看起来像这样(另见 GCC 的可见性页面):>

So your shared object would look like so (also see GCC's Visibility page):

#if __GNUC__ >= 4
    #define DLL_PUBLIC __attribute__ ((visibility ("default")))
    #define DLL_LOCAL  __attribute__ ((visibility ("hidden")))
#else
    #define DLL_PUBLIC
    #define DLL_LOCAL
#endif

DLL_PUBLIC void My_OpenSSL_add_all_algorithms() {

    return (void)OpenSSL_add_all_algorithms();
}

DLL_PUBLIC void My_SSL_load_error_strings() {

    return (void)SSL_load_error_strings();
}
...

然后，使用 -fvisibility=hidden 标志编译并链接 libcrypto.a 和 libssl.a.只有标有 DLL_PUBLIC 的函数将被导出和通过 JNI 调用.

Then, compile with the -fvisibility=hidden flag and link against libcrypto.a and libssl.a. Only the functions marked with DLL_PUBLIC will be exported and callable through JNI.

我不认为 #if __GNUC__ >= 4 是必要的，因为 Android 提供的交叉编译器工具是 GCC 4.0 以上.事实上，我认为它目前是 GCC 4.8.

I don't think the #if __GNUC__ >= 4 is needed because the cross compiler tools provided by Android are GCC 4.0 above. In fact, I think its currently GCC 4.8.

在 Android 应用程序中为 HttpClient 更改 OpenSSL 库

Changing OpenSSL library in Android app for HttpClient

这个问题比较难.一旦您在共享包装器中提供更新的 OpenSSL，我不知道您将如何让 Android 的 HttpClient 使用它.

This question is tougher. Once you provide the updated OpenSSL in your shared wrapper, I don't know how you would get Android's HttpClient to use it.

更糟糕的答案:您可能需要 fork Android 并提供更新的 OpenSSL.

The worse case answer: you might need to fork Android and provide an updated OpenSSL.

一个可能更好的解决方案:翻录 HttpClient 代码，将其放入您自己的包中，然后确保源代码的端口使用共享对象.

A potentially better solution: rip the HttpClient code, put it in your own package, and then be sure you shared object is used by port of the source code.

这篇关于在 Android 应用程序中为 HttpClient 更改 OpenSSL 库的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！