|OpenSSL 1.0.1-beta2||Adam||3/6/12 3:51 PM|
I'm wondering if anyone has tried to compile OpenSSL 1.0.1-beta2 or
beta3 for Android. I tried to incorporate beta2 into the ICS source
using the patches in the [SRC]/external/openssl directory with no
luck. If anyone has any experience with this I would appreciate the
|Re: [android-security-discuss] OpenSSL 1.0.1-beta2||Brian Carlstrom||3/6/12 4:27 PM|
I typically do this for the Android team at Google but I have not done it for 1.0.1. I know from experience that 0.9.8 to 1.0.0 was non-trivial (leading to bug http://code.google.com/p/android/issues/detail?id=15356#c6) If you do make get it to work, I'd be happy if you wanted to share your work on AOSP for feedback.
|Re: OpenSSL 1.0.1-beta2||Adam||3/7/12 6:53 AM|
Thanks for the heads-up,
I'll be playing around with this for the next while. So far only two
of the patches fail, so hopefully the manual changes can be kept to a
minimum. If I make any headway I'll surely share the results for
feedback and advice.
> (leading to bughttp://code.google.com/p/android/issues/detail?id=15356#c6) If
> you do make get it to work, I'd be happy if you wanted to share your work
|Re: OpenSSL 1.0.1-beta2||vkasirajan||4/27/12 12:22 AM|
Were you successful in this? I'm looking for openSSL 1.0.1 on ICS. Any pointers will be helpful.
Thanks and best regards,
|Re: OpenSSL 1.0.1-beta2||vkasirajan||4/27/12 12:24 AM|
Any updates on this? Were you able to integrate openssl 1.0.1?
|Re: OpenSSL 1.0.1-beta2||jumper||4/27/12 1:14 AM|
Hi Adam / Carl,
Do u have any updates onto this? We are trying to get the OpenSSL 1.0.1 to work with ICS and not yet succeeded. Any help on that would be appreciated.
|Re: [android-security-discuss] Re: OpenSSL 1.0.1-beta2||Brian Carlstrom||4/27/12 8:57 PM|
Sure, I was able to update 1.0.1, 1.0.1a, and am now looking at 1.0.1b. There weren't any real conflicts, just us adding things adjacent to their add things. They did have a few compile issues along the way that I had to work around (such as build issue for non-x86 hosts in 1.0.1a)
|Re: [android-security-discuss] Re: OpenSSL 1.0.1-beta2||jumper||5/14/12 5:21 AM|
Hi Brian -
Can you please share the Android.mk files and patch files / steps that you had executed for compiling OpenSSL1.0.1b?
|Re: [android-security-discuss] Re: OpenSSL 1.0.1-beta2||Brian Carlstrom||5/14/12 10:42 AM|
Yes, I could, but I worried about doing so outside of AOSP, since the external/openssl changes were only part of the work, changes were also made to users of openssl to deal with issues surrounding TLSv1.1 and TLSv1.2 interoperability.
I don't understand this rush to 1.0.1. this is not a minor upgrade. we've had to push new patches back to OpenSSL upstream for almost every release. I think 1.0.1c might the the first one where we didn't need build fixes patches for upstream. they've continued to fix interoperability issues as well. Why does everyone seem so eager to have this? Security patches continue to be made on the 1.0.0 (and even 0.9.8) lines
To view this discussion on the web visit https://groups.google.com/d/msg/android-security-discuss/-/Xi_47o8LmM0J.
|Re: [android-security-discuss] Re: OpenSSL 1.0.1-beta2||jumper||5/14/12 11:15 PM|
Hi Brian -
Thanks for the immediate response. The protocol stack that i am working on needs to support secure communication using TLS 1.1 and that is the reason I thought if I migrate the platform from OpenSSL 1.0.0 to OpenSSL 1.0.1 I will be able to make the connection using the TLS 1.1.
|Re: [android-security-discuss] Re: OpenSSL 1.0.1-beta2||Brian Carlstrom||5/15/12 11:36 AM|
Here you go. make files and patches in attached tar ball. extract it
in an emtpy directory somewhere to be safe, it will write files to .
I don't know if you are doing this for a vendor or a personal project.
if you really are going to make this part of some ROM, you really need
to make sure to turn of TLS 1.1 and 1.2 by default in libcore and
external/chromium or you will have issues with interoperability which
will make users unhappy.