Update Android app to latest version of OpenSSL

Question

This morning i got a Mail from google's developer console that i'm using a version of OpenSSL that is open to security vulnerabilities.

Actually I'm just maintaining the code and i haven't developer it rather. However, I am supposed to fix this issue.

I would like to know how to update open SSL to the latest supported version in my Android application.

Tried searching a lot, but have not how to do so in an Android application.

This would be a solution for all the developers who got the same Mail this morning.

Thanks in advance.

Answer 1

I would like to know how to update open SSL to the latest supported version in my Android application.

1. Download OpenSSL 1.0.2a from OpenSSL: Source, Tarballs
2. Cross-compile OpenSSL for Android
3. Rebuild your app, linking against the cross-compiled library

Note: your shared object must use static linking against OpenSSL (libssl.a and libcrypto.a). You cannot link your shared object against the OpenSSL shared objects. If you link against 1.0.2 shared objects, then Android's Zygote (the parent of all processes), will load its down-level version and your 1.0.2 version will never load.