在研究了这么多之后,我仍然无法弄清楚我的应用程序的哪个部分正在使用未被Google接受的OpenSSL。
查询下面的命令后,我收到输出:
unzip -p MyApp.apk | strings | grep "OpenSSL"
GmsCore_OpenSSL
OpenSSLDie
ECDH_OpenSSL
ECDSA_OpenSSL
OpenSSL_add_all_ciphers
OpenSSL_add_all_digests
UI_OpenSSL
SSLv2 part of OpenSSL 1.0.1e 11 Feb 2013
SSLv3 part of OpenSSL 1.0.1e 11 Feb 2013
TLSv1 part of OpenSSL 1.0.1e 11 Feb 2013
OpenSSL 1.0.1e 11 Feb 2013
DTLSv1 part of OpenSSL 1.0.1e 11 Feb 2013
%s(%d): OpenSSL internal error, assertion failed: %s
AES part of OpenSSL 1.0.1e 11 Feb 2013
ASN.1 part of OpenSSL 1.0.1e 11 Feb 2013
Blowfish part of OpenSSL 1.0.1e 11 Feb 2013
Big Number part of OpenSSL 1.0.1e 11 Feb 2013
CONF_def part of OpenSSL 1.0.1e 11 Feb 2013
OpenSSL default
CONF part of OpenSSL 1.0.1e 11 Feb 2013
OpenSSL CMAC method
libdes part of OpenSSL 1.0.1e 11 Feb 2013
DES part of OpenSSL 1.0.1e 11 Feb 2013
OpenSSL PKCS#3 DH method
OpenSSL DH Method
Diffie-Hellman part of OpenSSL 1.0.1e 11 Feb 2013
OpenSSL DSA method
DSA part of OpenSSL 1.0.1e 11 Feb 2013
OpenSSL 'dlfcn' shared library method
OpenSSL EC algorithm
ECDH part of OpenSSL 1.0.1e 11 Feb 2013
OpenSSL ECDH method
ECDSA part of OpenSSL 1.0.1e 11 Feb 2013
OpenSSL ECDSA method
EVP part of OpenSSL 1.0.1e 11 Feb 2013
OpenSSL HMAC method
lhash part of OpenSSL 1.0.1e 11 Feb 2013
MD4 part of OpenSSL 1.0.1e 11 Feb 2013
MD5 part of OpenSSL 1.0.1e 11 Feb 2013
PEM part of OpenSSL 1.0.1e 11 Feb 2013
RAND part of OpenSSL 1.0.1e 11 Feb 2013
You need to read the OpenSSL FAQ, http://www.openssl.org/support/faq.html
RC2 part of OpenSSL 1.0.1e 11 Feb 2013
RC4 part of OpenSSL 1.0.1e 11 Feb 2013
RIPE-MD160 part of OpenSSL 1.0.1e 11 Feb 2013
OpenSSL RSA method
RSA part of OpenSSL 1.0.1e 11 Feb 2013
SHA1 part of OpenSSL 1.0.1e 11 Feb 2013
SHA-256 part of OpenSSL 1.0.1e 11 Feb 2013
SHA-512 part of OpenSSL 1.0.1e 11 Feb 2013
Stack part of OpenSSL 1.0.1e 11 Feb 2013
TXT_DB part of OpenSSL 1.0.1e 11 Feb 2013
OpenSSL default user interface
X.509 part of OpenSSL 1.0.1e 11 Feb 2013
MSG: DTLS-SRTP enabled but not supported. Please rebuild the code with this option enabled (requires OpenSSL 1.0.1+)
_ZN5resip12BaseSecurity20OpenSSLCTXSetOptionsE
_ZN5resip12BaseSecurity22OpenSSLCTXClearOptionsE
_ZN5resip12BaseSecurity21parseOpenSSLCTXOptionERKNS_4DataE
_Z23handleOpenSSLErrorQueueimPKc
_ZN5resip11OpenSSLInit4initEv
resip_OpenSSLInit_threadIdFunction
_ZN5resip11OpenSSLInitD2Ev
_ZN5resip11OpenSSLInit12mInitializedE
_ZN5resip11OpenSSLInit8mMutexesE
resip_OpenSSLInit_lockingFunction
_ZN5resip11OpenSSLInitC2Ev
_ZN5resip11OpenSSLInitC1Ev
_ZN5resip11OpenSSLInitD1Ev
resip_OpenSSLInit_dynCreateFunction
resip_OpenSSLInit_dynDestroyFunction
resip_OpenSSLInit_dynLockFunction
OpenSSLDie
DH_OpenSSL
OpenSSL_add_all_ciphers
OpenSSL_add_all_digests
DSA_OpenSSL
ECDSA_OpenSSL
ECDH_OpenSSL
UI_OpenSSL
Not a recognized OpenSSL option name:
SSL_CTX_new failed, dumping OpenSSL error stack:
OpenSSL error stack:
Failed to create OpenSSL BIO for socket
OpenSSL 1.0.2a 19 Mar 2015
%s(%d): OpenSSL internal error, assertion failed: %s
OpenSSL DH Method
OpenSSL X9.42 DH method
OpenSSL PKCS#3 DH method
OpenSSL default
OpenSSL CMAC method
OpenSSL HMAC method
OpenSSL EC algorithm
OpenSSL RSA method
OpenSSL DSA method
OpenSSL ECDSA method
OpenSSL ECDH method
You need to read the OpenSSL FAQ, http://www.openssl.org/support/faq.html
OpenSSL default user interface
OpenSSL 'dlfcn' shared library method
TLSv1 part of OpenSSL 1.0.2a 19 Mar 2015
SSLv3 part of OpenSSL 1.0.2a 19 Mar 2015
DTLSv1 part of OpenSSL 1.0.2a 19 Mar 2015
MD5 part of OpenSSL 1.0.2a 19 Mar 2015
SHA1 part of OpenSSL 1.0.2a 19 Mar 2015
SHA-256 part of OpenSSL 1.0.2a 19 Mar 2015
SHA-512 part of OpenSSL 1.0.2a 19 Mar 2015
Big Number part of OpenSSL 1.0.2a 19 Mar 2015
EC part of OpenSSL 1.0.2a 19 Mar 2015
iRSA part of OpenSSL 1.0.2a 19 Mar 2015
Diffie-Hellman part of OpenSSL 1.0.2a 19 Mar 2015
Stack part of OpenSSL 1.0.2a 19 Mar 2015
lhash part of OpenSSL 1.0.2a 19 Mar 2015
EVP part of OpenSSL 1.0.2a 19 Mar 2015
ASN.1 part of OpenSSL 1.0.2a 19 Mar 2015
PEM part of OpenSSL 1.0.2a 19 Mar 2015
X.509 part of OpenSSL 1.0.2a 19 Mar 2015
CONF part of OpenSSL 1.0.2a 19 Mar 2015
CONF_def part of OpenSSL 1.0.2a 19 Mar 2015
DES part of OpenSSL 1.0.2a 19 Mar 2015
libdes part of OpenSSL 1.0.2a 19 Mar 2015
AES part of OpenSSL 1.0.2a 19 Mar 2015
RC2 part of OpenSSL 1.0.2a 19 Mar 2015
IDEA part of OpenSSL 1.0.2a 19 Mar 2015
CAMELLIA part of OpenSSL 1.0.2a 19 Mar 2015
EDSA part of OpenSSL 1.0.2a 19 Mar 2015
ECDSA part of OpenSSL 1.0.2a 19 Mar 2015
ECDH part of OpenSSL 1.0.2a 19 Mar 2015
RAND part of OpenSSL 1.0.2a 19 Mar 2015
TXT_DB part of OpenSSL 1.0.2a 19 Mar 2015
MD4 part of OpenSSL 1.0.2a 19 Mar 2015
SHA part of OpenSSL 1.0.2a 19 Mar 2015
RIPE-MD160 part of OpenSSL 1.0.2a 19 Mar 2015
3RC4 part of OpenSSL 1.0.2a 19 Mar 2015
Blowfish part of OpenSSL 1.0.2a 19 Mar 2015
\CAST part of OpenSSL 1.0.2a 19 Mar 2015
_ZN5resip12BaseSecurity20OpenSSLCTXSetOptionsE
_ZN5resip12BaseSecurity22OpenSSLCTXClearOptionsE
_ZN5resip12BaseSecurity21parseOpenSSLCTXOptionERKNS_4DataE
_Z23handleOpenSSLErrorQueueimPKc
_ZN5resip11OpenSSLInit4initEv
resip_OpenSSLInit_threadIdFunction
_ZN5resip11OpenSSLInitD2Ev
_ZN5resip11OpenSSLInit12mInitializedE
_ZN5resip11OpenSSLInit8mMutexesE
resip_OpenSSLInit_lockingFunction
_ZN5resip11OpenSSLInitC2Ev
_ZN5resip11OpenSSLInitC1Ev
_ZN5resip11OpenSSLInitD1Ev
resip_OpenSSLInit_dynCreateFunction
resip_OpenSSLInit_dynDestroyFunction
resip_OpenSSLInit_dynLockFunction
OpenSSLDie
DH_OpenSSL
OpenSSL_add_all_ciphers
OpenSSL_add_all_digests
DSA_OpenSSL
ECDSA_OpenSSL
ECDH_OpenSSL
UI_OpenSSL
OpenSSL error stack:
OpenSSL 1.0.2a 19 Mar 2015
OpenSSL DH Method
OpenSSL X9.42 DH method
OpenSSL PKCS#3 DH method
OpenSSL default
OpenSSL CMAC method
OpenSSL HMAC method
OpenSSL EC algorithm
OpenSSL RSA method
OpenSSL DSA method
OpenSSL ECDSA method
OpenSSL ECDH method
Not a recognized OpenSSL option name:
SSL_CTX_new failed, dumping OpenSSL error stack:
Failed to create OpenSSL BIO for socket
%s(%d): OpenSSL internal error, assertion failed: %s
You need to read the OpenSSL FAQ, http://www.openssl.org/support/faq.html
OpenSSL default user interface
OpenSSL 'dlfcn' shared library method
TLSv1 part of OpenSSL 1.0.2a 19 Mar 2015
SSLv3 part of OpenSSL 1.0.2a 19 Mar 2015
DTLSv1 part of OpenSSL 1.0.2a 19 Mar 2015
MD5 part of OpenSSL 1.0.2a 19 Mar 2015
SHA1 part of OpenSSL 1.0.2a 19 Mar 2015
SHA-256 part of OpenSSL 1.0.2a 19 Mar 2015
SHA-512 part of OpenSSL 1.0.2a 19 Mar 2015
Big Number part of OpenSSL 1.0.2a 19 Mar 2015
EC part of OpenSSL 1.0.2a 19 Mar 2015
RSA part of OpenSSL 1.0.2a 19 Mar 2015
Diffie-Hellman part of OpenSSL 1.0.2a 19 Mar 2015
Stack part of OpenSSL 1.0.2a 19 Mar 2015
lhash part of OpenSSL 1.0.2a 19 Mar 2015
EVP part of OpenSSL 1.0.2a 19 Mar 2015
ASN.1 part of OpenSSL 1.0.2a 19 Mar 2015
PEM part of OpenSSL 1.0.2a 19 Mar 2015
X.509 part of OpenSSL 1.0.2a 19 Mar 2015
CONF part of OpenSSL 1.0.2a 19 Mar 2015
CONF_def part of OpenSSL 1.0.2a 19 Mar 2015
DES part of OpenSSL 1.0.2a 19 Mar 2015
libdes part of OpenSSL 1.0.2a 19 Mar 2015
AES part of OpenSSL 1.0.2a 19 Mar 2015
RC2 part of OpenSSL 1.0.2a 19 Mar 2015
IDEA part of OpenSSL 1.0.2a 19 Mar 2015
DSA part of OpenSSL 1.0.2a 19 Mar 2015
ECDSA part of OpenSSL 1.0.2a 19 Mar 2015
ECDH part of OpenSSL 1.0.2a 19 Mar 2015
RAND part of OpenSSL 1.0.2a 19 Mar 2015
TXT_DB part of OpenSSL 1.0.2a 19 Mar 2015
MD4 part of OpenSSL 1.0.2a 19 Mar 2015
SHA part of OpenSSL 1.0.2a 19 Mar 2015
RIPE-MD160 part of OpenSSL 1.0.2a 19 Mar 2015
Blowfish part of OpenSSL 1.0.2a 19 Mar 2015
\CAST part of OpenSSL 1.0.2a 19 Mar 2015
由于我在项目中使用不同的库jar文件和library.so文件,我的问题是我应该如何找出导致此问题的库?我应该替换哪个库文件,以便不再拒绝我的应用程序?
非常感谢任何帮助。
答案 0 :(得分:0)
经过长时间的研究,我确实发现我在我的应用程序中使用的一个库是使用较旧的OpenSSL版本编译的。即,不支持的OpenSSL版本。因此我的解决方案是使用最新版本的OpenSSL重新编译该库Jar。
此外,所有开发者都在6月份的以下电子邮件中通过 Google 获得通知/通知:
Hello Google Play Developer,
We wanted to let you know that your app(s) listed below statically link against a version of OpenSSL that has multiple security vulnerabilities for users. Please migrate your app(s) to an updated version of OpenSSL by 7/7/15. Starting on this date, Google Play will block publishing of any new apps and updates that use unsupported versions of OpenSSL.
REASON FOR WARNING: Violation of the dangerous products provision of the Content Policy and section 4.4 of the Developer Distribution Agreement.
The vulnerabilities were fixed in OpenSSL versions beginning with 1.0.1h, 1.0.0m, and 0.9.8za. To confirm your OpenSSL version, you can do a grep via:
$ unzip -p YourApp.apk | strings | grep "OpenSSL"
For more information about the vulnerability, please see this OpenSSL Security Advisory. To confirm you’ve upgraded correctly, submit the updated version of the app(s) to the Developer Console and check back after five hours.
Starting on 7/7/15, we will not accept app updates containing the vulnerabilities. Any new apps containing the vulnerabilities will be rejected.
While these issues may not affect every app that uses OpenSSL versions prior to 1.0.1h, 1.0.0m, or 0.9.8za, it’s best to stay up to date on all security patches. Make sure to update any libraries in your app that have known issues, even if you're not sure the issues are relevant to your app.
Before publishing applications, please ensure your apps’ compliance with the Developer Distribution Agreement and Content Policy.
If you feel we’ve sent this warning in error, please contact our appeals team through the App Developer help center.
Sincerely,
Google Play Team
因此,您必须弄清楚应用程序的哪个部分使用旧版本的OpenSSL来解决此问题。您还需要检查是否使用旧版本的OpenSSL编译了任何jar文件。
希望这会对你有所帮助。问候。