OpenSSL vulnerability

Report bugs and issues

Re: OpenSSL vulnerability

Postby broozar » 2016-04-01 12:59

User avatar
broozar
Administrator
Administrator
 
Posts: 4172
Joined: 2007-09-16 10:22
Location: Berlin - Germany

Re: OpenSSL vulnerability

Postby Fraser » 2016-04-03 02:13

Last edited by Fraser on 2016-04-04 17:59, edited 1 time in total.
Fraser,
User avatar
Fraser
Platinum Boarder
Platinum Boarder
 
Posts: 1324
Joined: 2012-02-05 19:28
Location: Europe

Re: OpenSSL vulnerability

Postby fossillabs » 2016-04-03 15:14

I tried on two of my apps as a quick test. Disclaimer , I am not a good tester so I did not inspect the logcat and just uploaded to play store after a quick text.

- The play store accepted the apk and removed the SSL warning
- I downloaded apk from playstore and tested the functionality, everything is working, no crashes

I am not using any of the SSL functionality in my app, maybe that is why it is not crashing. Or maybe the the logcat is still spitting out the message as a warning and the app continues to function without crashing.
fossillabs
Junior Boarder
Junior Boarder
 
Posts: 29
Joined: 2014-02-01 00:30

Re: OpenSSL vulnerability

Postby broozar » 2016-04-03 20:55

thanks for testing. hmm, 2 conflicting messages... Fraser, what can you tell us about your setup?
- do you actually use the lib in your code?
- is it a lua build or a native build?
- if native, is it eclipse or android studio?
- are you sure this is not just a naming problem?
- is it possible for you to share the faulty app?
User avatar
broozar
Administrator
Administrator
 
Posts: 4172
Joined: 2007-09-16 10:22
Location: Berlin - Germany

Re: OpenSSL vulnerability

Postby Fraser » 2016-04-03 21:56

I don't actively use the SSL lib in my project.

1.4 c++ export built in UAT
also beta4 ( checked generate c++ )
both using GNU Static STL (this may be causing it)

It is strange that the last 6 hotfix .so files do not give the problem.

I will try and generate a standalone project to reproduce the problem...
Fraser,
User avatar
Fraser
Platinum Boarder
Platinum Boarder
 
Posts: 1324
Joined: 2012-02-05 19:28
Location: Europe

Re: OpenSSL vulnerability

Postby fossillabs » 2016-04-04 01:09

If it helps to troubleshoot. I am using Shva 1.9.2.0 . The android environment is eclipse.
fossillabs
Junior Boarder
Junior Boarder
 
Posts: 29
Joined: 2014-02-01 00:30

Re: OpenSSL vulnerability

Postby kaxig » 2016-04-04 09:55

Last edited by kaxig on 2016-04-05 11:43, edited 1 time in total.
kaxig
Senior Boarder
Senior Boarder
 
Posts: 73
Joined: 2010-12-15 12:54

Re: OpenSSL vulnerability

Postby Fraser » 2016-04-04 15:59

Fraser,
User avatar
Fraser
Platinum Boarder
Platinum Boarder
 
Posts: 1324
Joined: 2012-02-05 19:28
Location: Europe

Re: OpenSSL vulnerability

Postby Fraser » 2016-04-04 18:03

Fraser,
User avatar
Fraser
Platinum Boarder
Platinum Boarder
 
Posts: 1324
Joined: 2012-02-05 19:28
Location: Europe

Re: OpenSSL vulnerability

Postby Fraser » 2016-04-04 18:13

Fraser,
User avatar
Fraser
Platinum Boarder
Platinum Boarder
 
Posts: 1324
Joined: 2012-02-05 19:28
Location: Europe

PreviousNext

Return to Bugs

Who is online

Users browsing this forum: No registered users and 2 guests

cron