我需要在我的项目中使用自定义OpenSSL库对于的HttpClient 。
我已编制的 libcrypto.so 和 libssl.so Android和将文件放在一个文件夹jniLibs。应用Heartbleed扫描仪看到它们。 的System.loadLibrary(密码)和的System.loadLibrary(SSL)的作品。
但现在我需要做的的HttpClient 使用标准的SSL库我的图书馆代替。但我不知道哪个方向移动,如何做到这一点。
我使用OpenSSL 1.0.1h和Android工作室1.0.2。
在此先感谢您的咨询。
解决方案我已经编译libcrypto.so和libssl.so Android和把文件夹中jniLibs ...
这是行不通的。
Android的使用OpenSSL的1.0.0,并提供了其在 /系统。受精卵开始在启动和加载的OpenSSL的下级版本(它像的init - 所有的Android程序都是由它派生)。
当你的进程是从受精卵分叉,您的1.0.1版本是从来没有加载,因为1.0.0已经从受精卵加载。你永远不知道有一个问题,因为下级版本提供你所需要的(它的二进制兼容)。
符号
您需要编写一个包装共享对象。该包装共享对象必须与OpenSSL的1.0.1的静态版本进行链接( libcrypto.a 和 libssl.a ) 。你的包装必须导出独特的符号,如 My_OpenSSL_add_all_algorithms 和 My_SSL_load_error_strings 。在内部,你的共享对象可以指未修饰的名称, OpenSSL_add_all_algorithms 和 SSL_load_error_strings 。
所以,你的共享对象看起来像这样(参见GCC的能见度页面):
#如果__GNUC__> = 4
#定义DLL_PUBLIC __attribute__((能见度(默认)))
#定义DLL_LOCAL __attribute__((能见度(隐藏)))
#其他
#定义DLL_PUBLIC
#定义DLL_LOCAL
#ENDIF
DLL_PUBLIC无效My_OpenSSL_add_all_algorithms(){
返程(无效)OpenSSL_add_all_algorithms();
}
DLL_PUBLIC无效My_SSL_load_error_strings(){
返程(无效)SSL_load_error_strings();
}
...
然后,编译与 -fvisibility =隐藏国旗和链接对 libcrypto.a 和 libssl.a 。只有标记为 DLL_PUBLIC 的功能将被导出,并调用通过JNI。
我不认为#如果__GNUC__> = 4 是必要的,因为搭载Android提供的交叉编译工具是上述GCC 4.0。事实上,我认为它目前GCC 4.8。
更改Android应用程序的OpenSSL库的HttpClient
这个问题是强硬。一旦您提供共享的包装更新OpenSSL的,我不知道你怎么能够让Android的的HttpClient 来使用它。
在最坏的情况下回答:您可能需要到餐桌Android和提供更新的OpenSSL
。一个可能更好的解决方案:裂口的HttpClient code,把它放在自己的包,然后确保你共享对象所使用的源端口code。
I need to use custom OpenSSL library for HttpClient in my project.
I have compiled libcrypto.so and libssl.so for Android and put the files in a folder jniLibs. Application Heartbleed Scanner sees them. System.loadLibrary("crypto") and System.loadLibrary("ssl") works.
But now I need to make HttpClient use my library instead of the standard SSL library. But I do not know about which way to move and how to do it.
I use OpenSSL 1.0.1h and Android Studio 1.0.2.
Thanks in advance for your advice.
解决方案I have compiled libcrypto.so and libssl.so for Android and put the files in a folder jniLibs...
This won't work.
Android utilizes OpenSSL 1.0.0 and provides it in /system. Zygote starts at boot and loads the down level version of OpenSSL (its like init - all Android processes are forked from it).
When your process is forked from Zygote, your 1.0.1 version is never loaded because 1.0.0 is already loaded from Zygote. You never know there's a problem because the down level version provides all the symbols you need (its binary compatible).
You need to write a wrapper shared object. The wrapper shared object must link against the static versions of OpenSSL 1.0.1 (libcrypto.a and libssl.a). Your wrapper must export unique symbols, like My_OpenSSL_add_all_algorithms and My_SSL_load_error_strings. Internally, your shared object can refer to the undecorated names, OpenSSL_add_all_algorithms and SSL_load_error_strings.
So your shared object would look like so (also see GCC's Visibility page):
#if __GNUC__ >= 4
#define DLL_PUBLIC __attribute__ ((visibility ("default")))
#define DLL_LOCAL __attribute__ ((visibility ("hidden")))
#else
#define DLL_PUBLIC
#define DLL_LOCAL
#endif
DLL_PUBLIC void My_OpenSSL_add_all_algorithms() {
return (void)OpenSSL_add_all_algorithms();
}
DLL_PUBLIC void My_SSL_load_error_strings() {
return (void)SSL_load_error_strings();
}
...
Then, compile with the -fvisibility=hidden flag and link against libcrypto.a and libssl.a. Only the functions marked with DLL_PUBLIC will be exported and callable through JNI.
I don't think the #if __GNUC__ >= 4 is needed because the cross compiler tools provided by Android are GCC 4.0 above. In fact, I think its currently GCC 4.8.
Changing OpenSSL library in Android app for HttpClient
This question is tougher. Once you provide the updated OpenSSL in your shared wrapper, I don't know how you would get Android's HttpClient to use it.
The worse case answer: you might need to fork Android and provide an updated OpenSSL.
A potentially better solution: rip the HttpClient code, put it in your own package, and then be sure you shared object is used by port of the source code.
相关推荐
最新文章