适用于Android和BoringSSL的Qt [英] Qt for Android and BoringSSL
问题描述
我正在为Android开发基于Qt的应用程序,该应用程序使用QSslSocket下载数据.自从棉花糖Qt程序依靠OpenSSL库在Android 6+上产生以下警告后,由于Android从OpenSSL转移到BoringSSL,导致了以下警告:
I'm developing a Qt-based app for Android, which uses QSslSocket to download data. Due to Android's moving away from OpenSSL to BoringSSL since Marshmallow Qt programs, relying on the OpenSSL library, produce the following warnings on Android 6+:
W libtestopenssl.so: (null):0 ((null)): qt.network.ssl: QSslSocket: cannot resolve CRYPTO_free
W libtestopenssl.so: (null):0 ((null)): qt.network.ssl: QSslSocket: cannot resolve EVP_CipherFinal
W libtestopenssl.so: (null):0 ((null)): qt.network.ssl: QSslSocket: cannot resolve EVP_rc2_cbc
W libtestopenssl.so: (null):0 ((null)): qt.network.ssl: QSslSocket: cannot resolve SSLv2_client_method
W libtestopenssl.so: (null):0 ((null)): qt.network.ssl: QSslSocket: cannot resolve SSLv2_server_method
W libtestopenssl.so: (null):0 ((null)): qt.network.ssl: QSslSocket: cannot resolve OPENSSL_add_all_algorithms_noconf
W libtestopenssl.so: (null):0 ((null)): qt.network.ssl: QSslSocket: cannot resolve OPENSSL_add_all_algorithms_conf
W libtestopenssl.so: (null):0 ((null)): qt.network.ssl: QSslSocket: cannot resolve EC_get_builtin_curves
W libtestopenssl.so: (null):0 ((null)): qt.network.ssl: QSslSocket: cannot call unresolved function OPENSSL_add_all_algorithms_conf
W libtestopenssl.so: (null):0 ((null)): qt.network.ssl: QSslSocket: cannot call unresolved function EC_get_builtin_curves
W libtestopenssl.so: (null):0 ((null)): qt.network.ssl: QSslSocket: cannot call unresolved function EC_get_builtin_curves
W libtestopenssl.so: (null):0 ((null)): qt.network.ssl: could not set SSL_CTRL_SET_TLSEXT_HOSTNAME, Server Name Indication disabled
W libtestopenssl.so: (null):0 ((null)): qt.network.ssl: QSslSocket: cannot call unresolved function CRYPTO_free
但是,套接字本身可以成功连接到远程主机并从那里读取数据,而没有任何可见的问题.这使我想知道是否需要自己构建OpenSSL库并将其打包,还是可以使用平台提供的BoringSSL很好.
However, the socket itself successfully connects to a remote host and reads data from there without any visible issues. That makes me wonder whether I need to build the OpenSSL library myself and package it or it is fine to use BoringSSL provided by the platform.
我还注意到,即使我提供自己的版本,Android 6以下版本的应用程序仍倾向于使用OpenSSL的系统版本.我尝试用ANDROID_EXTRA_LIBS(不确定是否也需要使用LIBS+=)添加构建的libssl.so和libcrypto.so(从libssl.so.1.0.0和libcrypto.so.1.0.0重命名),甚至静态链接libssl.a和libcrypto.a.仍然QSslSocket :: sslLibraryVersionString()返回平台上可用的版本.
I've also come to notice that the app on Android versions below 6 tends to use the system version of OpenSSL even if I provide my own one. I tried adding the built libssl.so and libcrypto.so (renamed from libssl.so.1.0.0 and libcrypto.so.1.0.0) with ANDROID_EXTRA_LIBS (not sure whether LIBS+= needs to be used too) and even statically linking libssl.a and libcrypto.a. Still QSslSocket::sslLibraryVersionString() returns the version available on the platform.
我的问题是:
- 我是否需要自己构建OpenSSL库并将其打包,还是可以使用平台提供的库?
- 如果这样做,如何使Android识别libssl.so和libcrypto.so?
推荐答案
1.我需要自己构建OpenSSL库并将其打包,还是可以使用平台提供的库?
- 是-您应该构建OpenSSL并将其打包.
https://developer.android.com/about /versions/nougat/android-7.0-changes.html
从Android 7.0开始,系统阻止应用程序动态链接非NDK库,这可能会导致您的应用程序崩溃.这种行为上的变化旨在在平台更新和不同设备上创建一致的应用程序体验.
Starting in Android 7.0, the system prevents apps from dynamically linking against non-NDK libraries, which may cause your app to crash. This change in behavior aims to create a consistent app experience across platform updates and different devices.
- 暂时可以使用已安装的BoringSSL,但建议该应用程序带有其自己的OpenSSL库.
- 否则,您的用户将看到一条警告消息,并且该应用程序可能无法在更高版本的Android上运行.
-
我成功地遵循了此处概述的步骤: http://doc.qt.io/qt-5/opensslsupport.html
I succeded mostly following the steps outlined here: http://doc.qt.io/qt-5/opensslsupport.html
为了减少此限制可能对当前发布的应用程序造成的影响,可以临时访问一组使用率很高的库,例如libandroid_runtime.so,libcutils.so,libcrypto.so和libssl.so.在Android 7.0(API级别24)上定位到API级别23或更低版本的应用.如果您的应用程序加载了这些库之一,则logcat会生成一条警告,并且在目标设备上会出现一个提示信息,以通知您.如果看到这些警告,则应更新您的应用程序,使其包含这些库的自己的副本,或者仅使用公共NDK API. Android平台的未来版本可能会完全限制私有库的使用,并导致您的应用程序崩溃.
In order to reduce the impact that this restriction may have on currently released apps, a set of libraries that see significant use—such as libandroid_runtime.so, libcutils.so, libcrypto.so, and libssl.so—are temporarily accessible on Android 7.0 (API level 24) for apps targeting API level 23 or lower. If your app loads one of these libraries, logcat generates a warning and a toast appears on the target device to notify you. If you see these warnings, you should update your app to either include its own copy of those libraries or only use the public NDK APIs. Future releases of the Android platform may restrict the use of private libraries altogether and cause your app to crash.
2.如果可以,如何使Android识别libssl.so和libcrypto.so?
但是请确保您具有正确的版本:openssl-1.1.0f.tar.gz似乎与Qt 5.9不兼容,并且我的应用未加载库.
But make sure you got the right version: openssl-1.1.0f.tar.gz seems to be incompatible with Qt 5.9 and my app didn't load the libs.
我使用的是API级别19.一旦测试了API级别23或25,我将更新此答案.
I used API level 19. Once I've tested with API level 23 or 25 I'll update this answer.
这篇关于适用于Android和BoringSSL的Qt的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
