我正在为
Android开发一个基于Qt的应用程序,它使用QSslSocket下载数据.由于依赖于OpenSSL库的Marshmallow Qt程序,Android从OpenSSL转向BoringSSL,因此在Android 6上产生以下警告:
W libtestopenssl.so: (null):0 ((null)): qt.network.ssl: QSslSocket: cannot resolve CRYPTO_free W libtestopenssl.so: (null):0 ((null)): qt.network.ssl: QSslSocket: cannot resolve EVP_CipherFinal W libtestopenssl.so: (null):0 ((null)): qt.network.ssl: QSslSocket: cannot resolve EVP_rc2_cbc W libtestopenssl.so: (null):0 ((null)): qt.network.ssl: QSslSocket: cannot resolve SSLv2_client_method W libtestopenssl.so: (null):0 ((null)): qt.network.ssl: QSslSocket: cannot resolve SSLv2_server_method W libtestopenssl.so: (null):0 ((null)): qt.network.ssl: QSslSocket: cannot resolve OPENSSL_add_all_algorithms_noconf W libtestopenssl.so: (null):0 ((null)): qt.network.ssl: QSslSocket: cannot resolve OPENSSL_add_all_algorithms_conf W libtestopenssl.so: (null):0 ((null)): qt.network.ssl: QSslSocket: cannot resolve EC_get_builtin_curves W libtestopenssl.so: (null):0 ((null)): qt.network.ssl: QSslSocket: cannot call unresolved function OPENSSL_add_all_algorithms_conf W libtestopenssl.so: (null):0 ((null)): qt.network.ssl: QSslSocket: cannot call unresolved function EC_get_builtin_curves W libtestopenssl.so: (null):0 ((null)): qt.network.ssl: QSslSocket: cannot call unresolved function EC_get_builtin_curves W libtestopenssl.so: (null):0 ((null)): qt.network.ssl: could not set SSL_CTRL_SET_TLSEXT_HOSTNAME, Server Name Indication disabled W libtestopenssl.so: (null):0 ((null)): qt.network.ssl: QSslSocket: cannot call unresolved function CRYPTO_free
但是,套接字本身成功连接到远程主机并从那里读取数据而没有任何明显的问题.这让我想知道我是否需要自己构建OpenSSL库并打包它,或者使用平台提供的BoringSSL是好的.
我还注意到,即使我提供自己的版本,Android 6以下版本的应用程序也倾向于使用OpenSSL的系统版本.我尝试使用ANDROID_EXTRA_LIBS添加构建的libssl.so和libcrypto.so(从libssl.so.1.0.0和libcrypto.so.1.0.0重命名)(不确定LIBS是否也需要使用)甚至静态链接libssl .a和libcrypto.a.仍然QSslSocket :: sslLibraryVersionString()返回平台上可用的版本.
我的问题是:
>我是否需要自己构建OpenSSL库并将其打包,否则可以使用平台提供的库?
>如果我这样做,如何让Android识别libssl.so和libcrypto.so?
最佳答案 1.我是否需要自己构建OpenSSL库并将其打包,否则可以使用平台提供的库?
>是的 – 你应该构建OpenSSL并打包它.
https://developer.android.com/about/versions/nougat/android-7.0-changes.html
Starting in Android 7.0, the system prevents apps from dynamically linking against non-NDK libraries, which may cause your app to crash. This change in behavior aims to create a consistent app experience across platform updates and different devices.
>使用已安装的BoringSSL可能现在可以使用,但建议应用程序带来自己的OpenSSL库.
>否则,您的用户会看到弹出警告消息,该应用可能无法在以后的Android版本上运行.
In order to reduce the impact that this restriction may have on currently released apps, a set of libraries that see significant use—such as libandroid_runtime.so, libcutils.so, libcrypto.so, and libssl.so—are temporarily accessible on Android 7.0 (API level 24) for apps targeting API level 23 or lower. If your app loads one of these libraries, logcat generates a warning and a toast appears on the target device to notify you. If you see these warnings, you should update your app to either include its own copy of those libraries or only use the public NDK APIs. Future releases of the Android platform may restrict the use of private libraries altogether and cause your app to crash.
2.如果我这样做,如何让Android识别libssl.so和libcrypto.so?
>我成功地完成了以下步骤:
http://doc.qt.io/qt-5/opensslsupport.html
>但请确保您的版本正确:openssl-1.1.0f.tar.gz似乎与Qt 5.9不兼容,我的应用程序没有加载libs.
>编译桌面并调用QSslSocket :: sslLibraryVersionString()以查看您的Qt使用的OpenSSL版本.对我而言,它显示了“OpenSSL 1.0.1t 2016年5月3日”
>使用Qt 5.9.1在git repo中标记“OpenSSL_1_0_1t”
来自openssl.org的openssl-1.0.2l.tar.gz也与Qt 5.9.1合作
我使用API级别19.一旦我使用API级别23或25进行测试,我将更新此答案.
