Android的OpenSSL应用拒绝问题 [英] OpenSSL App rejection issue Android
本文介绍了Android的OpenSSL应用拒绝问题的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
经过大量研究,我仍然无法弄清楚我的应用程序的哪个部分正在使用Google不接受的OpenSSL.
After researching so much, I still could not figure out what part of my app is using OpenSSL that is not accepted by Google.
查询以下命令后,我收到的输出为:
After querying the below command, I received the output as:
unzip -p MyApp.apk | strings | grep "OpenSSL"
GmsCore_OpenSSL
OpenSSLDie
ECDH_OpenSSL
ECDSA_OpenSSL
OpenSSL_add_all_ciphers
OpenSSL_add_all_digests
UI_OpenSSL
SSLv2 part of OpenSSL 1.0.1e 11 Feb 2013
SSLv3 part of OpenSSL 1.0.1e 11 Feb 2013
TLSv1 part of OpenSSL 1.0.1e 11 Feb 2013
OpenSSL 1.0.1e 11 Feb 2013
DTLSv1 part of OpenSSL 1.0.1e 11 Feb 2013
%s(%d): OpenSSL internal error, assertion failed: %s
AES part of OpenSSL 1.0.1e 11 Feb 2013
ASN.1 part of OpenSSL 1.0.1e 11 Feb 2013
Blowfish part of OpenSSL 1.0.1e 11 Feb 2013
Big Number part of OpenSSL 1.0.1e 11 Feb 2013
CONF_def part of OpenSSL 1.0.1e 11 Feb 2013
OpenSSL default
CONF part of OpenSSL 1.0.1e 11 Feb 2013
OpenSSL CMAC method
libdes part of OpenSSL 1.0.1e 11 Feb 2013
DES part of OpenSSL 1.0.1e 11 Feb 2013
OpenSSL PKCS#3 DH method
OpenSSL DH Method
Diffie-Hellman part of OpenSSL 1.0.1e 11 Feb 2013
OpenSSL DSA method
DSA part of OpenSSL 1.0.1e 11 Feb 2013
OpenSSL 'dlfcn' shared library method
OpenSSL EC algorithm
ECDH part of OpenSSL 1.0.1e 11 Feb 2013
OpenSSL ECDH method
ECDSA part of OpenSSL 1.0.1e 11 Feb 2013
OpenSSL ECDSA method
EVP part of OpenSSL 1.0.1e 11 Feb 2013
OpenSSL HMAC method
lhash part of OpenSSL 1.0.1e 11 Feb 2013
MD4 part of OpenSSL 1.0.1e 11 Feb 2013
MD5 part of OpenSSL 1.0.1e 11 Feb 2013
PEM part of OpenSSL 1.0.1e 11 Feb 2013
RAND part of OpenSSL 1.0.1e 11 Feb 2013
You need to read the OpenSSL FAQ, http://www.openssl.org/support/faq.html
RC2 part of OpenSSL 1.0.1e 11 Feb 2013
RC4 part of OpenSSL 1.0.1e 11 Feb 2013
RIPE-MD160 part of OpenSSL 1.0.1e 11 Feb 2013
OpenSSL RSA method
RSA part of OpenSSL 1.0.1e 11 Feb 2013
SHA1 part of OpenSSL 1.0.1e 11 Feb 2013
SHA-256 part of OpenSSL 1.0.1e 11 Feb 2013
SHA-512 part of OpenSSL 1.0.1e 11 Feb 2013
Stack part of OpenSSL 1.0.1e 11 Feb 2013
TXT_DB part of OpenSSL 1.0.1e 11 Feb 2013
OpenSSL default user interface
X.509 part of OpenSSL 1.0.1e 11 Feb 2013
MSG: DTLS-SRTP enabled but not supported. Please rebuild the code with this option enabled (requires OpenSSL 1.0.1+)
_ZN5resip12BaseSecurity20OpenSSLCTXSetOptionsE
_ZN5resip12BaseSecurity22OpenSSLCTXClearOptionsE
_ZN5resip12BaseSecurity21parseOpenSSLCTXOptionERKNS_4DataE
_Z23handleOpenSSLErrorQueueimPKc
_ZN5resip11OpenSSLInit4initEv
resip_OpenSSLInit_threadIdFunction
_ZN5resip11OpenSSLInitD2Ev
_ZN5resip11OpenSSLInit12mInitializedE
_ZN5resip11OpenSSLInit8mMutexesE
resip_OpenSSLInit_lockingFunction
_ZN5resip11OpenSSLInitC2Ev
_ZN5resip11OpenSSLInitC1Ev
_ZN5resip11OpenSSLInitD1Ev
resip_OpenSSLInit_dynCreateFunction
resip_OpenSSLInit_dynDestroyFunction
resip_OpenSSLInit_dynLockFunction
OpenSSLDie
DH_OpenSSL
OpenSSL_add_all_ciphers
OpenSSL_add_all_digests
DSA_OpenSSL
ECDSA_OpenSSL
ECDH_OpenSSL
UI_OpenSSL
Not a recognized OpenSSL option name:
SSL_CTX_new failed, dumping OpenSSL error stack:
OpenSSL error stack:
Failed to create OpenSSL BIO for socket
OpenSSL 1.0.2a 19 Mar 2015
%s(%d): OpenSSL internal error, assertion failed: %s
OpenSSL DH Method
OpenSSL X9.42 DH method
OpenSSL PKCS#3 DH method
OpenSSL default
OpenSSL CMAC method
OpenSSL HMAC method
OpenSSL EC algorithm
OpenSSL RSA method
OpenSSL DSA method
OpenSSL ECDSA method
OpenSSL ECDH method
You need to read the OpenSSL FAQ, http://www.openssl.org/support/faq.html
OpenSSL default user interface
OpenSSL 'dlfcn' shared library method
TLSv1 part of OpenSSL 1.0.2a 19 Mar 2015
SSLv3 part of OpenSSL 1.0.2a 19 Mar 2015
DTLSv1 part of OpenSSL 1.0.2a 19 Mar 2015
MD5 part of OpenSSL 1.0.2a 19 Mar 2015
SHA1 part of OpenSSL 1.0.2a 19 Mar 2015
SHA-256 part of OpenSSL 1.0.2a 19 Mar 2015
SHA-512 part of OpenSSL 1.0.2a 19 Mar 2015
Big Number part of OpenSSL 1.0.2a 19 Mar 2015
EC part of OpenSSL 1.0.2a 19 Mar 2015
iRSA part of OpenSSL 1.0.2a 19 Mar 2015
Diffie-Hellman part of OpenSSL 1.0.2a 19 Mar 2015
Stack part of OpenSSL 1.0.2a 19 Mar 2015
lhash part of OpenSSL 1.0.2a 19 Mar 2015
EVP part of OpenSSL 1.0.2a 19 Mar 2015
ASN.1 part of OpenSSL 1.0.2a 19 Mar 2015
PEM part of OpenSSL 1.0.2a 19 Mar 2015
X.509 part of OpenSSL 1.0.2a 19 Mar 2015
CONF part of OpenSSL 1.0.2a 19 Mar 2015
CONF_def part of OpenSSL 1.0.2a 19 Mar 2015
DES part of OpenSSL 1.0.2a 19 Mar 2015
libdes part of OpenSSL 1.0.2a 19 Mar 2015
AES part of OpenSSL 1.0.2a 19 Mar 2015
RC2 part of OpenSSL 1.0.2a 19 Mar 2015
IDEA part of OpenSSL 1.0.2a 19 Mar 2015
CAMELLIA part of OpenSSL 1.0.2a 19 Mar 2015
EDSA part of OpenSSL 1.0.2a 19 Mar 2015
ECDSA part of OpenSSL 1.0.2a 19 Mar 2015
ECDH part of OpenSSL 1.0.2a 19 Mar 2015
RAND part of OpenSSL 1.0.2a 19 Mar 2015
TXT_DB part of OpenSSL 1.0.2a 19 Mar 2015
MD4 part of OpenSSL 1.0.2a 19 Mar 2015
SHA part of OpenSSL 1.0.2a 19 Mar 2015
RIPE-MD160 part of OpenSSL 1.0.2a 19 Mar 2015
3RC4 part of OpenSSL 1.0.2a 19 Mar 2015
Blowfish part of OpenSSL 1.0.2a 19 Mar 2015
\CAST part of OpenSSL 1.0.2a 19 Mar 2015
_ZN5resip12BaseSecurity20OpenSSLCTXSetOptionsE
_ZN5resip12BaseSecurity22OpenSSLCTXClearOptionsE
_ZN5resip12BaseSecurity21parseOpenSSLCTXOptionERKNS_4DataE
_Z23handleOpenSSLErrorQueueimPKc
_ZN5resip11OpenSSLInit4initEv
resip_OpenSSLInit_threadIdFunction
_ZN5resip11OpenSSLInitD2Ev
_ZN5resip11OpenSSLInit12mInitializedE
_ZN5resip11OpenSSLInit8mMutexesE
resip_OpenSSLInit_lockingFunction
_ZN5resip11OpenSSLInitC2Ev
_ZN5resip11OpenSSLInitC1Ev
_ZN5resip11OpenSSLInitD1Ev
resip_OpenSSLInit_dynCreateFunction
resip_OpenSSLInit_dynDestroyFunction
resip_OpenSSLInit_dynLockFunction
OpenSSLDie
DH_OpenSSL
OpenSSL_add_all_ciphers
OpenSSL_add_all_digests
DSA_OpenSSL
ECDSA_OpenSSL
ECDH_OpenSSL
UI_OpenSSL
OpenSSL error stack:
OpenSSL 1.0.2a 19 Mar 2015
OpenSSL DH Method
OpenSSL X9.42 DH method
OpenSSL PKCS#3 DH method
OpenSSL default
OpenSSL CMAC method
OpenSSL HMAC method
OpenSSL EC algorithm
OpenSSL RSA method
OpenSSL DSA method
OpenSSL ECDSA method
OpenSSL ECDH method
Not a recognized OpenSSL option name:
SSL_CTX_new failed, dumping OpenSSL error stack:
Failed to create OpenSSL BIO for socket
%s(%d): OpenSSL internal error, assertion failed: %s
You need to read the OpenSSL FAQ, http://www.openssl.org/support/faq.html
OpenSSL default user interface
OpenSSL 'dlfcn' shared library method
TLSv1 part of OpenSSL 1.0.2a 19 Mar 2015
SSLv3 part of OpenSSL 1.0.2a 19 Mar 2015
DTLSv1 part of OpenSSL 1.0.2a 19 Mar 2015
MD5 part of OpenSSL 1.0.2a 19 Mar 2015
SHA1 part of OpenSSL 1.0.2a 19 Mar 2015
SHA-256 part of OpenSSL 1.0.2a 19 Mar 2015
SHA-512 part of OpenSSL 1.0.2a 19 Mar 2015
Big Number part of OpenSSL 1.0.2a 19 Mar 2015
EC part of OpenSSL 1.0.2a 19 Mar 2015
RSA part of OpenSSL 1.0.2a 19 Mar 2015
Diffie-Hellman part of OpenSSL 1.0.2a 19 Mar 2015
Stack part of OpenSSL 1.0.2a 19 Mar 2015
lhash part of OpenSSL 1.0.2a 19 Mar 2015
EVP part of OpenSSL 1.0.2a 19 Mar 2015
ASN.1 part of OpenSSL 1.0.2a 19 Mar 2015
PEM part of OpenSSL 1.0.2a 19 Mar 2015
X.509 part of OpenSSL 1.0.2a 19 Mar 2015
CONF part of OpenSSL 1.0.2a 19 Mar 2015
CONF_def part of OpenSSL 1.0.2a 19 Mar 2015
DES part of OpenSSL 1.0.2a 19 Mar 2015
libdes part of OpenSSL 1.0.2a 19 Mar 2015
AES part of OpenSSL 1.0.2a 19 Mar 2015
RC2 part of OpenSSL 1.0.2a 19 Mar 2015
IDEA part of OpenSSL 1.0.2a 19 Mar 2015
DSA part of OpenSSL 1.0.2a 19 Mar 2015
ECDSA part of OpenSSL 1.0.2a 19 Mar 2015
ECDH part of OpenSSL 1.0.2a 19 Mar 2015
RAND part of OpenSSL 1.0.2a 19 Mar 2015
TXT_DB part of OpenSSL 1.0.2a 19 Mar 2015
MD4 part of OpenSSL 1.0.2a 19 Mar 2015
SHA part of OpenSSL 1.0.2a 19 Mar 2015
RIPE-MD160 part of OpenSSL 1.0.2a 19 Mar 2015
Blowfish part of OpenSSL 1.0.2a 19 Mar 2015
\CAST part of OpenSSL 1.0.2a 19 Mar 2015
当我在项目中使用不同的库jar文件和library.so文件时,我的问题是如何确定哪个库导致了此问题?我应该替换哪个库文件,以免再次拒绝我的应用程序?
As I am using different library jar files and a library.so file in my project, my question is how should I figure out which library causes this issue?. Which library file should I replace so that My app is not rejected again?
我们非常感谢您的帮助.
Any help is really appreciated.
推荐答案
经过长时间的研究,我确实发现我在App中使用的一个库是使用较旧的OpenSSL版本编译的.即不受支持的OpenSSL版本.因此,对我来说,解决方案是使用最新版本的OpenSSL重新编译该库Jar.
After a long research, I did figured out that one of the library that I was using in my App was compiled using older OpenSSL version. ie, unsupported versions of OpenSSL. Hence the solution for me was to recompiled that library Jar using latest version of OpenSSL.
此外,六月期间, Google 在以下电子邮件中通知了所有开发人员/通知:
Further, All developers were informed/notified by Google in the following Email during June:
Hello Google Play Developer,
We wanted to let you know that your app(s) listed below statically link against a version of OpenSSL that has multiple security vulnerabilities for users. Please migrate your app(s) to an updated version of OpenSSL by 7/7/15. Starting on this date, Google Play will block publishing of any new apps and updates that use unsupported versions of OpenSSL.
REASON FOR WARNING: Violation of the dangerous products provision of the Content Policy and section 4.4 of the Developer Distribution Agreement.
The vulnerabilities were fixed in OpenSSL versions beginning with 1.0.1h, 1.0.0m, and 0.9.8za. To confirm your OpenSSL version, you can do a grep via:
$ unzip -p YourApp.apk | strings | grep "OpenSSL"
For more information about the vulnerability, please see this OpenSSL Security Advisory. To confirm you’ve upgraded correctly, submit the updated version of the app(s) to the Developer Console and check back after five hours.
Starting on 7/7/15, we will not accept app updates containing the vulnerabilities. Any new apps containing the vulnerabilities will be rejected.
While these issues may not affect every app that uses OpenSSL versions prior to 1.0.1h, 1.0.0m, or 0.9.8za, it’s best to stay up to date on all security patches. Make sure to update any libraries in your app that have known issues, even if you're not sure the issues are relevant to your app.
Before publishing applications, please ensure your apps’ compliance with the Developer Distribution Agreement and Content Policy.
If you feel we’ve sent this warning in error, please contact our appeals team through the App Developer help center.
Sincerely,
Google Play Team
因此,您将必须弄清楚应用程序的哪一部分使用较旧版本的OpenSSL来解决此问题.您还需要检查是否使用较旧版本的OpenSSL编译了任何jar文件.
Hence you will have to figure out what part of your application uses older version of OpenSSL to resolve this issue. You also need to check if any jar file was compiled using older version of OpenSSL.
希望这对您有所帮助.问候.
Hope this helps you in someway. Regards.
这篇关于Android的OpenSSL应用拒绝问题的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
