1. 技术文章
  2. Qt for Android and BoringSSL

Qt for Android and BoringSSL

こ雲淡風輕ζ 提交于 2019-12-22 08:41:08

问题


I'm developing a Qt-based app for Android, which uses QSslSocket to download data. Due to Android's moving away from OpenSSL to BoringSSL since Marshmallow Qt programs, relying on the OpenSSL library, produce the following warnings on Android 6+:

W libtestopenssl.so: (null):0 ((null)): qt.network.ssl: QSslSocket: cannot resolve CRYPTO_free
W libtestopenssl.so: (null):0 ((null)): qt.network.ssl: QSslSocket: cannot resolve EVP_CipherFinal
W libtestopenssl.so: (null):0 ((null)): qt.network.ssl: QSslSocket: cannot resolve EVP_rc2_cbc
W libtestopenssl.so: (null):0 ((null)): qt.network.ssl: QSslSocket: cannot resolve SSLv2_client_method
W libtestopenssl.so: (null):0 ((null)): qt.network.ssl: QSslSocket: cannot resolve SSLv2_server_method
W libtestopenssl.so: (null):0 ((null)): qt.network.ssl: QSslSocket: cannot resolve OPENSSL_add_all_algorithms_noconf
W libtestopenssl.so: (null):0 ((null)): qt.network.ssl: QSslSocket: cannot resolve OPENSSL_add_all_algorithms_conf
W libtestopenssl.so: (null):0 ((null)): qt.network.ssl: QSslSocket: cannot resolve EC_get_builtin_curves
W libtestopenssl.so: (null):0 ((null)): qt.network.ssl: QSslSocket: cannot call unresolved function OPENSSL_add_all_algorithms_conf
W libtestopenssl.so: (null):0 ((null)): qt.network.ssl: QSslSocket: cannot call unresolved function EC_get_builtin_curves
W libtestopenssl.so: (null):0 ((null)): qt.network.ssl: QSslSocket: cannot call unresolved function EC_get_builtin_curves
W libtestopenssl.so: (null):0 ((null)): qt.network.ssl: could not set SSL_CTRL_SET_TLSEXT_HOSTNAME, Server Name Indication disabled
W libtestopenssl.so: (null):0 ((null)): qt.network.ssl: QSslSocket: cannot call unresolved function CRYPTO_free

However, the socket itself successfully connects to a remote host and reads data from there without any visible issues. That makes me wonder whether I need to build the OpenSSL library myself and package it or it is fine to use BoringSSL provided by the platform.

I've also come to notice that the app on Android versions below 6 tends to use the system version of OpenSSL even if I provide my own one. I tried adding the built libssl.so and libcrypto.so (renamed from libssl.so.1.0.0 and libcrypto.so.1.0.0) with ANDROID_EXTRA_LIBS (not sure whether LIBS+= needs to be used too) and even statically linking libssl.a and libcrypto.a. Still QSslSocket::sslLibraryVersionString() returns the version available on the platform.

My questions are:

  1. Do I need to build the OpenSSL library myself and package it or it is fine to use the library provided by the platform?
  2. If I do, how to make Android recognize libssl.so and libcrypto.so?

回答1:


1. Do I need to build the OpenSSL library myself and package it or it is fine to use the library provided by the platform?

  • Yes - you should build OpenSSL and package it.

https://developer.android.com/about/versions/nougat/android-7.0-changes.html

Starting in Android 7.0, the system prevents apps from dynamically linking against non-NDK libraries, which may cause your app to crash. This change in behavior aims to create a consistent app experience across platform updates and different devices.

  • Using the installed BoringSSL might work for now, but it is recommended that the app brings it's own OpenSSL library.
  • Otherwise your user will see a warning message pop up, and the app might not work on later Android versions.

In order to reduce the impact that this restriction may have on currently released apps, a set of libraries that see significant use—such as libandroid_runtime.so, libcutils.so, libcrypto.so, and libssl.so—are temporarily accessible on Android 7.0 (API level 24) for apps targeting API level 23 or lower. If your app loads one of these libraries, logcat generates a warning and a toast appears on the target device to notify you. If you see these warnings, you should update your app to either include its own copy of those libraries or only use the public NDK APIs. Future releases of the Android platform may restrict the use of private libraries altogether and cause your app to crash.

2. If I do, how to make Android recognize libssl.so and libcrypto.so?

  • I succeded mostly following the steps outlined here: http://doc.qt.io/qt-5/opensslsupport.html

  • But make sure you got the right version: openssl-1.1.0f.tar.gz seems to be incompatible with Qt 5.9 and my app didn't load the libs.

  • compile for desktop and call QSslSocket::sslLibraryVersionString() to see which OpenSSL version your Qt uses. For me it showed "OpenSSL 1.0.1t 3 May 2016"
  • Tag "OpenSSL_1_0_1t" in the git repo worked for me with Qt 5.9.1
  • openssl-1.0.2l.tar.gz from openssl.org also worked with Qt 5.9.1

I used API level 19. Once I've tested with API level 23 or 25 I'll update this answer.



来源:https://stackoverflow.com/questions/42442688/qt-for-android-and-boringssl

标签
android
qt
ssl
OpenSSL
boringssl
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!