Software Archive
Read-only legacy content
17061 Discussions

Verify OpenSSL version

Claude_N_
Beginner
‎07-01-2015 07:41 PM
637 Views
Solved Jump to solution

As we get close to the security fix drop dead date for Google Play, I am trying to update our apps.

Google Play Developer Support suggests that one can use a command line something like the one below in order to see what your current version is.

unzip -p YourApp.apk | strings | grep "OpenSSL"

Below is the listing I get when I run the above command line.

(Cannot find system OpenSSLEngine class:
/Cannot find system OpenSSLRSAPrivateKey class:
;Engine is not an OpenSSLEngine instance, its class name is:
9Exception while trying to retrieve OpenSSLEngine object:
+No getEngine() method on OpenSSLKey member:
0No getPkeyContext() method on OpenSSLKey member:
GPrivate key is not an OpenSSLRSAPrivateKey instance, its class name is:
+com.android.org.conscrypt.

OpenSSLSocketImpl
getOpenSSLEngineForPrivateKey
getOpenSSLHandleForPrivateKey
getOpenSSLKey
getOpenSSLKey() returned null
getOpenSSLKeyForPrivateKey
3org.apache.harmony.xnet.provider.jsse.OpenSSLEngine
:org.apache.harmony.xnet.provider.jsse.OpenSSLRSAPrivateKey
7org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl
424386 SSLClientSocketOpenSSL::UpdateServerCert
424386 SSLClientSocketOpenSSL::UpdateServerCert1
424386 SSLClientSocketOpenSSL::CertVerifyCallback
424386 SSLClientSocketOpenSSL::BIOCallback
424386 SSLClientSocketOpenSSL::InfoCallback
424386 SSLClientSocketOpenSSL::DoHandshake2
424386 SSLClientSocketOpenSSL::DoHandshake3
424386 SSLClientSocketOpenSSL::DoHandshake4
424386 SSLClientSocketOpenSSL::SelectNextProtoCallback
424386 SSLClientSocketOpenSSL::ClientCertRequestCallback
424386 SSLSessionCacheOpenSSLImpl::GenerateSessionIdStatic
424386 SSLSessionCacheOpenSSLImpl::MarkSSLSessionAsGood
424386 SSLSessionCacheOpenSSLImpl::SSLSessionIsInCache
424386 SSLSessionCacheOpenSSLImpl::Flush
424386 SSLSessionCacheOpenSSLImpl::SSLSessionCacheOpenSSLImpl
424386 SSLSessionCacheOpenSSLImpl::RemoveSessionCallbackStatic
424386 SSLSessionCacheOpenSSLImpl::SetSSLSessionWithKey
424386 SSLSessionCacheOpenSSLImpl::SetSSLSession
424386 SSLSessionCacheOpenSSLImpl::NewSessionCallbackStatic
OpenSSL SYSCALL error, earliest error code in error queue:
Unknown OpenSSL error
OpenSSL EC algorithm
OpenSSL HMAC method
OpenSSL RSA method
OpenSSLAdapter::Error(
OpenSSLAdapter::OnCloseEvent(
OpenSSLAdapter::OnConnectEvent
Failed to create OpenSSLCertificate from PEM string.
OpenSSLStreamAdapter::Error(
OpenSSLStreamAdapter::Write(
OpenSSLStreamAdapter::OnEvent SE_OPEN
OpenSSLStreamAdapter::OnEvent
OpenSSLStreamAdapter::OnEvent(SE_CLOSE,
OpenSSLStreamAdapter::Read(
virtual int net::SSLClientSocketOpenSSL::GetTLSUniqueChannelBinding(std::string*             )
OpenSSL
 
I do not see a version number in the output.
Before I go through the effort of building and uploading 12 apps, can I get a confirmation that Crosswalk 11 and Crosswalk 12 have updated OpenSSL?
 
I don't actually use openssl. I just want to get Google off my back.
 
By the way, since the aforementioned Google test command line fails, are they going to get a false positive on my apps?
 
Thanks
 
0 Kudos
1 Solution
PaulF_IntelCorp
Employee
‎07-02-2015 02:59 PM
637 Views
Solved Jump to solution

My understanding is that Crosswalk 10 and above do not have the issue, they switched to "BoringSSL." I did the same test with a Crosswalk 7 build and was able to find the version number (it isn't easy), it still reports 1.0.1e.

Chromium 39 (which Crosswalk 10 is based off) switched to BoringSSL. I recommend that you use Crosswalk 10 or 12 (see this notice: https://software.intel.com/en-us/xdk/docs/using-the-build-tab#recbuildversions for details).

View solution in original post

0 Kudos
Copy link

Link Copied

1 Reply
PaulF_IntelCorp
Employee
‎07-02-2015 02:59 PM
638 Views
Solved Jump to solution

My understanding is that Crosswalk 10 and above do not have the issue, they switched to "BoringSSL." I did the same test with a Crosswalk 7 build and was able to find the version number (it isn't easy), it still reports 1.0.1e.

Chromium 39 (which Crosswalk 10 is based off) switched to BoringSSL. I recommend that you use Crosswalk 10 or 12 (see this notice: https://software.intel.com/en-us/xdk/docs/using-the-build-tab#recbuildversions for details).

0 Kudos
Copy link
Reply

Community support is provided Monday to Friday. Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.