Skip to first unread message
Ivan Acevedo
Mar 2, 2017, 3:16:45 PM3/2/17
to Kivy users support
Hi.
I have a problem uploading my apk to google play, I get this message:
OpenSSL was detected in the 1501
Your app uses an OpenSSL version that contains a security vulnerability. Check out this Google Help Center article for more information, including the deadline for resolving the vulnerability.
How can I update openssl to upload my application?
Alexander Taylor
Mar 2, 2017, 4:27:46 PM3/2/17
to Kivy users support
Are you building with `buildozer android_new debug`? I thought this was fixed in the python-for-android master branch, which that command would use. It may never have been fixed in the old toolchain.
Ivan Acevedo
Mar 2, 2017, 6:06:55 PM3/2/17
to Kivy users support
Yes, I'm using `buildozer android_new debug`
ZenCODE
Mar 3, 2017, 9:18:27 AM3/3/17
to kivy-...@googlegroups.com
When did you last update and rebuild? We got this and fixed it on the old toolchain (https://github.com/kivy/python-for-android/commit/447cea28b982fb0c8b4d9ea044a8977f2ca65350).
This is the same version (1.0.2h) as the new toolchain (android_new) and the app was accepted. It does fix that vulnerability they are flagging (heartbleed I think). So please:
1. post the exact version of openssl your app is shipping with.
2. The complete rejection message. Our message from google did specify exactly which version fixes the vulnerability in question.
Peace
This is the same version (1.0.2h) as the new toolchain (android_new) and the app was accepted. It does fix that vulnerability they are flagging (heartbleed I think). So please:
1. post the exact version of openssl your app is shipping with.
2. The complete rejection message. Our message from google did specify exactly which version fixes the vulnerability in question.
Peace
Ivan Acevedo
Mar 3, 2017, 2:33:24 PM3/3/17
to Kivy users support
Every time I upload my apk I get this message:
I do not know what to do, how can I solve this?
| Vulnerability | APK Version(s) |
| OpenSSL The vulnerabilities were addressed in OpenSSL 1.0.2f/1.0.1r. To confirm your OpenSSL version, you can do a grep search for: \$ unzip -p YourApp.apk | strings | grep "OpenSSL" You can find more information and next steps in this Google Help Center article. | 1504 |
I'm using "android_new" and add "openssl" to the list of requirements, and the version is 1.0.2h.
I have executed this command: unzip -p YourApp.apk | Strings | Grep "OpenSSL"
And gives me this result:
OpenSSLDieDH_OpenSSLDSA_OpenSSLECDSA_OpenSSLECDH_OpenSSLUI_OpenSSLOpenSSL 1.0.2h 3 May 2016%s(%d): OpenSSL internal error, assertion failed: %sOpenSSL DH MethodOpenSSL X9.42 DH methodOpenSSL PKCS#3 DH methodOpenSSL CMAC methodOpenSSL HMAC methodOpenSSL EC algorithmOpenSSL RSA methodOpenSSL DSA methodOpenSSL ECDSA methodOpenSSL ECDH methodYou need to read the OpenSSL FAQ, http://www.openssl.org/support/faq.htmlOpenSSL defaultOpenSSL default user interfaceSSLv3 part of OpenSSL 1.0.2h 3 May 2016TLSv1 part of OpenSSL 1.0.2h 3 May 2016nopqrsDTLSv1 part of OpenSSL 1.0.2h 3 May 2016MD5 part of OpenSSL 1.0.2h 3 May 2016SHA1 part of OpenSSL 1.0.2h 3 May 2016SHA-256 part of OpenSSL 1.0.2h 3 May 2016SHA-512 part of OpenSSL 1.0.2h 3 May 2016Big Number part of OpenSSL 1.0.2h 3 May 2016EC part of OpenSSL 1.0.2h 3 May 2016(1RSA part of OpenSSL 1.0.2h 3 May 2016Diffie-Hellman part of OpenSSL 1.0.2h 3 May 2016Stack part of OpenSSL 1.0.2h 3 May 2016lhash part of OpenSSL 1.0.2h 3 May 2016EVP part of OpenSSL 1.0.2h 3 May 2016ASN.1 part of OpenSSL 1.0.2h 3 May 2016PEM part of OpenSSL 1.0.2h 3 May 2016X.509 part of OpenSSL 1.0.2h 3 May 2016DES part of OpenSSL 1.0.2h 3 May 2016libdes part of OpenSSL 1.0.2h 3 May 2016AES part of OpenSSL 1.0.2h 3 May 2016RC2 part of OpenSSL 1.0.2h 3 May 2016IDEA part of OpenSSL 1.0.2h 3 May 2016CAMELLIA part of OpenSSL 1.0.2h 3 May 2016EDSA part of OpenSSL 1.0.2h 3 May 2016ECDSA part of OpenSSL 1.0.2h 3 May 2016ECDH part of OpenSSL 1.0.2h 3 May 2016RAND part of OpenSSL 1.0.2h 3 May 2016CONF part of OpenSSL 1.0.2h 3 May 2016CONF_def part of OpenSSL 1.0.2h 3 May 2016TXT_DB part of OpenSSL 1.0.2h 3 May 2016RC4 part of OpenSSL 1.0.2h 3 May 2016OpenSSLDieDSA_OpenSSLECDSA_OpenSSLDH_OpenSSLECDH_OpenSSLOpenSSL_add_all_ciphersOpenSSL_add_all_digestsUI_OpenSSL%s(%d): OpenSSL internal error, assertion failed: %sOpenSSL 1.0.2h 3 May 2016OpenSSL HMAC methodOpenSSL EC algorithmOpenSSL RSA methodOpenSSL DSA methodOpenSSL ECDSA methodOpenSSL DH MethodOpenSSL X9.42 DH methodOpenSSL PKCS#3 DH methodOpenSSL ECDH methodYou need to read the OpenSSL FAQ, http://www.openssl.org/support/faq.htmlOpenSSL defaultOpenSSL default user interfaceOpenSSL CMAC methodMD4 part of OpenSSL 1.0.2h 3 May 2016MD5 part of OpenSSL 1.0.2h 3 May 2016SHA part of OpenSSL 1.0.2h 3 May 2016SHA1 part of OpenSSL 1.0.2h 3 May 2016SHA-256 part of OpenSSL 1.0.2h 3 May 2016SHA-512 part of OpenSSL 1.0.2h 3 May 2016RIPE-MD160 part of OpenSSL 1.0.2h 3 May 2016DES part of OpenSSL 1.0.2h 3 May 2016libdes part of OpenSSL 1.0.2h 3 May 2016 !"#$% !"#$%&'()*+,-./0123456789:;<=>?@ABCD./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyzAES part of OpenSSL 1.0.2h 3 May 2016RC2 part of OpenSSL 1.0.2h 3 May 2016RC4 part of OpenSSL 1.0.2h 3 May 2016IDEA part of OpenSSL 1.0.2h 3 May 2016:Blowfish part of OpenSSL 1.0.2h 3 May 2016\CAST part of OpenSSL 1.0.2h 3 May 2016OCAMELLIA part of OpenSSL 1.0.2h 3 May 2016Big Number part of OpenSSL 1.0.2h 3 May 2016EC part of OpenSSL 1.0.2h 3 May 2016(1RSA part of OpenSSL 1.0.2h 3 May 2016ggenDSA part of OpenSSL 1.0.2h 3 May 2016ECDSA part of OpenSSL 1.0.2h 3 May 2016Diffie-Hellman part of OpenSSL 1.0.2h 3 May 2016ECDH part of OpenSSL 1.0.2h 3 May 2016Stack part of OpenSSL 1.0.2h 3 May 2016lhash part of OpenSSL 1.0.2h 3 May 2016RAND part of OpenSSL 1.0.2h 3 May 2016EVP part of OpenSSL 1.0.2h 3 May 2016ASN.1 part of OpenSSL 1.0.2h 3 May 2016PEM part of OpenSSL 1.0.2h 3 May 2016X.509 part of OpenSSL 1.0.2h 3 May 2016CONF part of OpenSSL 1.0.2h 3 May 2016CONF_def part of OpenSSL 1.0.2h 3 May 2016TXT_DB part of OpenSSL 1.0.2h 3 May 2016Returns 1 if the OpenSSL PRNG has been seeded with enough data and 0 if not.Mix string into the OpenSSL PRNG state. entropy (a float) is a lowerZenCODE
Mar 4, 2017, 12:18:57 AM3/4/17
to Kivy users support
Bizarre. It looks like you've got the right version but google is not picking that up. I would suggest the following:
1. Check that it works. The "
1. Check that it works. The "
%s(%d): OpenSSL internal error, assertion failed: %s" line is worrying. Test that your APK works i.e. install it, and check that openssl actually works.
2. If so, contact google and point out that your openssl does fit the requirements. It could be a glitch on their side when scanning.
Please keep us posted of developments...:-)
Cheers
Ivan Acevedo
Mar 4, 2017, 7:46:01 AM3/4/17
to Kivy users support
I found the problem, it is the "_ssl.so" file that I use to make the raven (Sentry) library work. Without that file it does not work, because the error "No module named _ssl" appears. Apparently that file is outdated. How can I get that updated file? Or how can I compile it to a newer version? Or how else can I make raven work?
Alexander Taylor
Mar 4, 2017, 9:16:50 AM3/4/17
to kivy-...@googlegroups.com
What _ssl.so file? The one in Python itself? If so, it sounds like
you've compiled against the old version, not the new one.
> --
> You received this message because you are subscribed to a topic in the
> Google Groups "Kivy users support" group.
> To unsubscribe from this topic, visit
> https://groups.google.com/d/topic/kivy-users/D9Nb_MYsT0s/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to
> kivy-users+...@googlegroups.com
> <mailto:kivy-users+...@googlegroups.com>.
> For more options, visit https://groups.google.com/d/optout.
you've compiled against the old version, not the new one.
> You received this message because you are subscribed to a topic in the
> Google Groups "Kivy users support" group.
> To unsubscribe from this topic, visit
> https://groups.google.com/d/topic/kivy-users/D9Nb_MYsT0s/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to
> kivy-users+...@googlegroups.com
> <mailto:kivy-users+...@googlegroups.com>.
> For more options, visit https://groups.google.com/d/optout.
Ivan Acevedo
Mar 4, 2017, 9:26:31 AM3/4/17
to Kivy users support
If exactly the python _ssl.so is added to the "lib-dynload" folder.
How do I compile the new version?
Alexander Taylor
Mar 4, 2017, 9:29:50 AM3/4/17
to kivy-...@googlegroups.com
This is discussed at https://github.com/kivy/buildozer/issues/332 . I
made a PR to update the downloaded version in the old toolchain, but
havent' tested it.
On 04/03/17 14:26, Ivan Acevedo wrote:
> If exactly the python _ssl.so is added to the "lib-dynload" folder.
> How do I compile the new version?
>
made a PR to update the downloaded version in the old toolchain, but
havent' tested it.
On 04/03/17 14:26, Ivan Acevedo wrote:
> If exactly the python _ssl.so is added to the "lib-dynload" folder.
> How do I compile the new version?
>
Ivan Acevedo
Mar 4, 2017, 4:38:00 PM3/4/17
to Kivy users support
I have solved the problem.
Unfortunately OpenSSL does not work with raven using "android_new".
Solve it as follows:
1) I compiled the application using "buildozer android debug" (old toolchain). Adding to the requirements: raven and openssl.
2) At the end of compiling (the apk compiles with version 1.0.2h of openssl), I searched for the file "_ssl.so" inside the folder: .buildozer.
3) Copy this file and place it in the project folder like this: lib/python2.7/lib-dynload/_ssl.so
And with that raven works perfectly and google play accepts the application.
Thank you very much for your help :D
Reply all
Reply to author
Forward
0 new messages