Using curl in an NDK project

[Andreas Falkenhahn]

How can I use curl in an NDK project? Is there any way to make curl use Android's system SSL stack or do I have to statically link OpenSSL into curl? That would be quite some waste of resources, the easiest way would be if it was possible to make curl use Android's system SSL stack but I'm not sure if it is possible to access it. At least I can't find any includes for BoringSSL/OpenSSL in the Android NDK.

Any ideas?

--
Best regards,
Andreas Falkenhahn mailto:and...@falkenhahn.com

[Andrew Esh]

I'm on a project that uses curl for making secure REST transactions. We build and package our own OpenSSL because the same source needs to be built for Linux as well as Android. Since we use gstreamer, we build all third party libraries using the "cerbero" build system from within the Gstreamer project. We have also supported builds that use Autotools to build curl. The "configure" script for curl produces a set of build files that will compile for Android:

    ANDROID_NDK_HOST=arm-linux-androideabi

...

    ./configure --host=$ANDROID_NDK_HOST --enable-http --enable-shared --disable-ftp --disable-file --disable-ldap --disable-ldaps --disable-rtsp --disable-proxy --disable-dict --disable-telnet --disable-tftp --disable-pop3 --disable-imap --disable-smtp --disable-gopher --without-librtmp --without-libidn --without-zlib --enable-threaded-resolver --disable-manual --disable-smb --prefix=$SYSROOT LDFLAGS=-L$SYSROOT/lib CPPFLAGS=-I$SYSROOT/include

    make clean

    make depend

    make CALC_VERSIONS="SHLIB_COMPAT=; SHLIB_SOVER=" MAKE="make -e" all

 

This may not be too helpful if you do not use cerbero, but here is the cerbero curl recipe we use:

# -*- Mode: Python -*- vi:si:et:sw=4:sts=4:ts=4:syntax=python

import shutil

class Recipe(recipe.Recipe):

    name = 'curl'

    version = '7.56.1'

    licenses = [License.BSD_like]

    stype = SourceType.TARBALL

    url = 'https://curl.haxx.se/download/curl-{0}.tar.gz'.format(version)

    deps = ['openssl']

    configure_options = '--enable-http --enable-shared --disable-ftp \

                      --enable-file --disable-ldap --disable-ldaps \

                      --disable-rtsp --disable-proxy --disable-dict \

                      --disable-telnet --disable-tftp --disable-pop3 \

                      --disable-imap --disable-smtp --disable-gopher \

                      --without-librtmp --without-libidn --without-zlib \

                      --enable-threaded-resolver --disable-manual \

                      --disable-smb'

    configure_tpl = "%(config-sh)s --prefix=%(prefix)s --libdir=%(libdir)s --with-ssl=%(prefix)s " + configure_options

    files_libs = ['libcurl']

    files_bins = ['curl', 'curl-config']

    files_devel = ['lib/pkgconfig/libcurl.pc', 'include/curl']

 

[Michael Schuster]

Hi Andreas,

I have no experience to let curl use Android's system SSL stack but if
you're going to use curl with NDK, I can definately recommend to take at
look at mbedTLS.

https://tls.mbed.org/

curl has a backend for it and you can make both work together. Just
(cross) compile them with the NDK and tweak a few parameters.
mbedTLS also has a config header file to let you (un)define which parts
of the library you want to use. It's a great way to decrease the binary
size.

I stumbled upon it last summer and reduced the static library size for
ARM v7 as follows:

libcurl.a    439K (custom version, not the one from the NDK)

libmbedcrypto.a    361K
libmbedtls.a    82K

libmbedx509.a    41K (only required if you use x509 certificates)

It's also interesting for licensing reasons.

Hope, this helps. ;-)

Best regards,
Michael Schuster

[Alex Cohn]

The short answer is 'NO'.

The longer answer: since Android Marshmallow, private system libraries are not available for user app. BoringSSL is one of the libraries that your app cannot rely upon.

BR,

Alex