OpenSSL version rejected by Play Store

Dave
Guest

OpenSSL version rejected by Play Store Nov 13, 2017 17:19:05 GMT

Quote

Post by Dave on Nov 13, 2017 17:19:05 GMT

I am using RhoStudio 6.0.12, and have an application that uses the openssl and openssl.so extensions. It all builds successfully, but after submitting to the Play Store, it is rejected because of the following:

Below is the list of issues and the corresponding APK versions that were detected in your recent submission. Please upgrade your app(s) as soon as possible and increment the version number of the upgraded APK.

OpenSSL

The vulnerabilities were fixed in OpenSSL versions beginning with 1.0.1h, 1.0.0m, and 0.9.8za. To confirm your OpenSSL version, you can do a grep via:

\$ unzip -p YourApp.apk | strings | grep "OpenSSL"

You can find more information and next steps in this Google Help Center article.

OpenSSL

The vulnerabilities were addressed in OpenSSL 1.02f/1.01r. To confirm your OpenSSL version, you can do a grep search for:

\$ unzip -p YourApp.apk | strings | grep "OpenSSL"

You can find more information and next steps in this Google Help Center article.

Which version of OpenSSL is Rhodes now targeting? I was under the impression it was 1.1.0h?

Thanks

Alex Epifanov
Global Moderator

Posts: 445

OpenSSL version rejected by Play Store Nov 13, 2017 17:57:26 GMT

Quote

Post by Alex Epifanov on Nov 13, 2017 17:57:26 GMT

Hi Dave,

current version of openSSL used in Rhodes is 1.0.1g
we know it is outdated and we are currently upgrading 3rd party libraries we use.
You have two options now:
- we provide openssl-edge and openssl.so-edge extensions in rho-tau-extensions package, you can download it here: tau-technologies.com/developers/downloads/. You should change your build.yml to use them. It uses openssl v1.1.0a, however it will only work for Android.
- upgrade work is going now in this branch: github.com/rhomobile/rhodes/tree/update_libs; openSSL from this branch is 1.0.2n and it is confirmed to work with Android. So you can switch to this branch temporaly, or just replace your openssl and openssl.so extensions with ones from this branch.

main RMS release stream will be updated soon enough with these changes.

Dave
Guest

OpenSSL version rejected by Play Store Nov 13, 2017 18:35:53 GMT

Quote

Post by Dave on Nov 13, 2017 18:35:53 GMT

Thanks for the reply Alex. I tired building using the edge variants of the extensions, and the build fails with a whole host of errors (I'm running on Windows 10 (x64), Android API 19, and Java JDK 9.0.1)

** Invoke C:/devel/RhomobileApp/bin/tmp/openssl-edge/arm/ossl_ns_spki.c.o (first_time)

rake aborted!

** Invoke ext/ossl_ns_spki.c (first_time, not_needed)

[31mCompilation failed: ext/openssl_missing.c [0m

** Execute C:/devel/RhomobileApp/bin/tmp/openssl-edge/arm/ossl_ns_spki.c.o

C:/RhoMobileSuite6.0.16/ruby/lib/ruby/gems/1.9.1/gems/rho-tau-extensions-6.0.16/libs/openssl-edge/ext/android/Rakefile:70:in `block in <top (required)>'

C:/RhoMobileSuite6.0.16/ruby/lib/ruby/gems/1.9.1/gems/rake-12.0.0/lib/rake/task.rb:250:in `call'

C:/RhoMobileSuite6.0.16/ruby/lib/ruby/gems/1.9.1/gems/rake-12.0.0/lib/rake/task.rb:250:in `block in execute'

C:/RhoMobileSuite6.0.16/ruby/lib/ruby/gems/1.9.1/gems/rake-12.0.0/lib/rake/task.rb:250:in `each'

C:/RhoMobileSuite6.0.16/ruby/lib/ruby/gems/1.9.1/gems/rake-12.0.0/lib/rake/task.rb:250:in `execute'

C:/RhoMobileSuite6.0.16/ruby/lib/ruby/gems/1.9.1/gems/rake-12.0.0/lib/rake/task.rb:194:in `block in invoke_with_call_chain'

C:/RhoMobileSuite6.0.16/ruby/lib/ruby/1.9.1/monitor.rb:211:in `mon_synchronize'

C:/RhoMobileSuite6.0.16/ruby/lib/ruby/gems/1.9.1/gems/rake-12.0.0/lib/rake/task.rb:187:in `invoke_with_call_chain'

C:/RhoMobileSuite6.0.16/ruby/lib/ruby/gems/1.9.1/gems/rake-12.0.0/lib/rake/task.rb:226:in `block (2 levels) in invoke_prerequisites_concurrently'

C:/** Invoke config:arm

RhoMobileSuite6.0.16/ruby/lib/ruby/gems/1.9.1/gems/rake-12.0.0/lib/rake/promise.rb:63:in `call'

C:/RhoMobileSuite6.0.16/ruby/lib/ruby/gems/1.9.1/gems/rake-12.0.0/lib/rake/promise.rb:63:in `chore'

C:/RhoMobileSuite6.0.16/ruby/lib/ruby/gems/1.9.1/gems/rake-12.0.0/lib/rake/promise.rb:45:in `work'

C:/RhoMobileSuite6.0.16/ruby/lib/ruby/gems/1.9.1/gems/rake-12.0.0/lib/rake/thread_pool.rb:103:in `process_queue_item'

C:/RhoMobileSuite6.0.16/ruby/lib/ruby/gems/1.9.1/gems/rake-12.0.0/lib/rake/thread_pool.rb:123:in `block (2 levels) in start_thread'

C:/RhoMobileSuite6.0.16/ruby/lib/ruby/1.9.1/win32ole.rb:13:in `call'

C:/RhoMobileSuite6.0.16/ruby/lib/ruby/1.9.1/win32ole.rb:13:in `block in initialize'

Tasks: TOP => arch:arm => C:/devel/RhomobileApp/bin/target/android/release/extensions/openssl-edge/armeabi/libopenssl.a => C:/devel/RhomobileApp/bin/tmp/openssl-edge/arm/openssl_missing.c.o

<built-in>: fatal error: when writing output to : Invalid argument

compilation terminated.

<built-in>: fatal error: when writing output to : Invalid argument

compilation terminated.

<built-in>: fatal error: when writing output to : Invalid argument

compilation terminated.

<built-in>: fatal error: when writing output to : Invalid argument

compilation terminated.

rake aborted!

Extension build failed: C:/RhoMobileSuite6.0.16/ruby/lib/ruby/gems/1.9.1/gems/rhodes-6.0.16/../rho-tau-extensions-6.0.16/libs/openssl-edge/ext/android

C:/RhoMobileSuite6.0.16/ruby/lib/ruby/gems/1.9.1/gems/rhodes-6.0.16/platform/android/build/android.rake:1154:in `block (5 levels) in <top (required)>'

C:/RhoMobileSuite6.0.16/ruby/lib/ruby/gems/1.9.1/gems/rhodes-6.0.16/platform/android/build/android.rake:1139:in `each'

C:/RhoMobileSuite6.0.16/ruby/lib/ruby/gems/1.9.1/gems/rhodes-6.0.16/platform/android/build/android.rake:1139:in `block (4 levels) in <top (required)>'

C:/RhoMobileSuite6.0.16/ruby/lib/ruby/gems/1.9.1/gems/rhodes-6.0.16/platform/android/build/android.rake:1109:in `each'

C:/RhoMobileSuite6.0.16/ruby/lib/ruby/gems/1.9.1/gems/rhodes-6.0.16/platform/android/build/android.rake:1109:in `block (3 levels) in <top (required)>'

C:/RhoMobileSuite6.0.16/ruby/lib/ruby/gems/1.9.1/gems/rake-12.0.0/lib/rake/task.rb:250:in `call'

C:/RhoMobileSuite6.0.16/ruby/lib/ruby/gems/1.9.1/gems/rake-12.0.0/lib/rake/task.rb:250:in `block in execute'

C:/RhoMobileSuite6.0.16/ruby/lib/ruby/gems/1.9.1/gems/rake-12.0.0/lib/rake/task.rb:250:in `each'

C:/RhoMobileSuite6.0.16/ruby/lib/ruby/gems/1.9.1/gems/rake-12.0.0/lib/rake/task.rb:250:in `execute'

C:/RhoMobileSuite6.0.16/ruby/lib/ruby/gems/1.9.1/gems/rhodes-6.0.16/Rakefile:111:in `execute'

C:/RhoMobileSuite6.0.16/ruby/lib/ruby/gems/1.9.1/gems/rake-12.0.0/lib/rake/task.rb:194:in `block in invoke_with_call_chain'

C:/RhoMobileSuite6.0.16/ruby/lib/ruby/1.9.1/monitor.rb:211:in `mon_synchronize'

C:/RhoMobileSuite6.0.16/ruby/lib/ruby/gems/1.9.1/gems/rake-12.0.0/lib/rake/task.rb:187:in `invoke_with_call_chain'

C:/RhoMobileSuite6.0.16/ruby/lib/ruby/gems/1.9.1/gems/rake-12.0.0/lib/rake/task.rb:180:in `invoke'

C:/RhoMobileSuite6.0.16/ruby/lib/ruby/gems/1.9.1/gems/rhodes-6.0.16/Rakefile:4523:in `invoke'

C:/RhoMobileSuite6.0.16/ruby/lib/ruby/gems/1.9.1/gems/rhodes-6.0.16/platform/android/build/android.rake:1060:in `block (3 levels) in <top (required)>'

C:/RhoMobileSuite6.0.16/ruby/lib/ruby/gems/1.9.1/gems/rake-12.0.0/lib/rake/task.rb:250:in `call'

C:/RhoMobileSuite6.0.16/ruby/lib/ruby/gems/1.9.1/gems/rake-12.0.0/lib/rake/task.rb:250:in `block in execute'

C:/RhoMobileSuite6.0.16/ruby/lib/ruby/gems/1.9.1/gems/rake-12.0.0/lib/rake/task.rb:250:in `each'

C:/RhoMobileSuite6.0.16/ruby/lib/ruby/gems/1.9.1/gems/rake-12.0.0/lib/rake/task.rb:250:in `execute'

C:/RhoMobileSuite6.0.16/ruby/lib/ruby/gems/1.9.1/gems/rhodes-6.0.16/Rakefile:111:in `execute'

C:/RhoMobileSuite6.0.16/ruby/lib/ruby/gems/1.9.1/gems/rake-12.0.0/lib/rake/task.rb:194:in `block in invoke_with_call_chain'

C:/RhoMobileSuite6.0.16/ruby/lib/ruby/1.9.1/monitor.rb:211:in `mon_synchronize'

C:/RhoMobileSuite6.0.16/ruby/lib/ruby/gems/1.9.1/gems/rake-12.0.0/lib/rake/task.rb:187:in `invoke_with_call_chain'

C:/RhoMobileSuite6.0.16/ruby/lib/ruby/gems/1.9.1/gems/rake-12.0.0/lib/rake/task.rb:216:in `block in invoke_prerequisites'

C:/RhoMobileSuite6.0.16/ruby/lib/ruby/gems/1.9.1/gems/rake-12.0.0/lib/rake/task.rb:214:in `each'

C:/RhoMobileSuite6.0.16/ruby/lib/ruby/gems/1.9.1/gems/rake-12.0.0/lib/rake/task.rb:214:in `invoke_prerequisites'

C:/RhoMobileSuite6.0.16/ruby/lib/ruby/gems/1.9.1/gems/rake-12.0.0/lib/rake/task.rb:193:in `block in invoke_with_call_chain'

C:/RhoMobileSuite6.0.16/ruby/lib/ruby/1.9.1/monitor.rb:211:in `mon_synchronize'

C:/RhoMobileSuite6.0.16/ruby/lib/ruby/gems/1.9.1/gems/rake-12.0.0/lib/rake/task.rb:187:in `invoke_with_call_chain'

C:/RhoMobileSuite6.0.16/ruby/lib/ruby/gems/1.9.1/gems/rake-12.0.0/lib/rake/task.rb:216:in `block in invoke_prerequisites'

C:/RhoMobileSuite6.0.16/ruby/lib/ruby/gems/1.9.1/gems/rake-12.0.0/lib/rake/task.rb:214:in `each'

C:/RhoMobileSuite6.0.16/ruby/lib/ruby/gems/1.9.1/gems/rake-12.0.0/lib/rake/task.rb:214:in `invoke_prerequisites'

C:/RhoMobileSuite6.0.16/ruby/lib/ruby/gems/1.9.1/gems/rake-12.0.0/lib/rake/task.rb:193:in `block in invoke_with_call_chain'

C:/RhoMobileSuite6.0.16/ruby/lib/ruby/1.9.1/monitor.rb:211:in `mon_synchronize'

C:/RhoMobileSuite6.0.16/ruby/lib/ruby/gems/1.9.1/gems/rake-12.0.0/lib/rake/task.rb:187:in `invoke_with_call_chain'

C:/RhoMobileSuite6.0.16/ruby/lib/ruby/gems/1.9.1/gems/rake-12.0.0/lib/rake/task.rb:216:in `block in invoke_prerequisites'

C:/RhoMobileSuite6.0.16/ruby/lib/ruby/gems/1.9.1/gems/rake-12.0.0/lib/rake/task.rb:214:in `each'

C:/RhoMobileSuite6.0.16/ruby/lib/ruby/gems/1.9.1/gems/rake-12.0.0/lib/rake/task.rb:214:in `invoke_prerequisites'

C:/RhoMobileSuite6.0.16/ruby/lib/ruby/gems/1.9.1/gems/rake-12.0.0/lib/rake/task.rb:193:in `block in invoke_with_call_chain'

C:/RhoMobileSuite6.0.16/ruby/lib/ruby/1.9.1/monitor.rb:211:in `mon_synchronize'

C:/RhoMobileSuite6.0.16/ruby/lib/ruby/gems/1.9.1/gems/rake-12.0.0/lib/rake/task.rb:187:in `invoke_with_call_chain'

C:/RhoMobileSuite6.0.16/ruby/lib/ruby/gems/1.9.1/gems/rake-12.0.0/lib/rake/task.rb:216:in `block in invoke_prerequisites'

C:/RhoMobileSuite6.0.16/ruby/lib/ruby/gems/1.9.1/gems/rake-12.0.0/lib/rake/task.rb:214:in `each'

C:/RhoMobileSuite6.0.16/ruby/lib/ruby/gems/1.9.1/gems/rake-12.0.0/lib/rake/task.rb:214:in `invoke_prerequisites'

C:/RhoMobileSuite6.0.16/ruby/lib/ruby/gems/1.9.1/gems/rake-12.0.0/lib/rake/task.rb:193:in `block in invoke_with_call_chain'

C:/RhoMobileSuite6.0.16/ruby/lib/ruby/1.9.1/monitor.rb:211:in `mon_synchronize'

C:/RhoMobileSuite6.0.16/ruby/lib/ruby/gems/1.9.1/gems/rake-12.0.0/lib/rake/task.rb:187:in `invoke_with_call_chain'

C:/RhoMobileSuite6.0.16/ruby/lib/ruby/gems/1.9.1/gems/rake-12.0.0/lib/rake/task.rb:216:in `block in invoke_prerequisites'

C:/RhoMobileSuite6.0.16/ruby/lib/ruby/gems/1.9.1/gems/rake-12.0.0/lib/rake/task.rb:214:in `each'

C:/RhoMobileSuite6.0.16/ruby/lib/ruby/gems/1.9.1/gems/rake-12.0.0/lib/rake/task.rb:214:in `invoke_prerequisites'

C:/RhoMobileSuite6.0.16/ruby/lib/ruby/gems/1.9.1/gems/rake-12.0.0/lib/rake/task.rb:193:in `block in invoke_with_call_chain'

C:/RhoMobileSuite6.0.16/ruby/lib/ruby/1.9.1/monitor.rb:211:in `mon_synchronize'

C:/RhoMobileSuite6.0.16/ruby/lib/ruby/gems/1.9.1/gems/rake-12.0.0/lib/rake/task.rb:187:in `invoke_with_call_chain'

C:/RhoMobileSuite6.0.16/ruby/lib/ruby/gems/1.9.1/gems/rake-12.0.0/lib/rake/task.rb:180:in `invoke'

C:/RhoMobileSuite6.0.16/ruby/lib/ruby/gems/1.9.1/gems/rhodes-6.0.16/Rakefile:4523:in `invoke'

C:/RhoMobileSuite6.0.16/ruby/lib/ruby/gems/1.9.1/gems/rake-12.0.0/lib/rake/application.rb:152:in `invoke_task'

C:/RhoMobileSuite6.0.16/ruby/lib/ruby/gems/1.9.1/gems/rake-12.0.0/lib/rake/application.rb:108:in `block (2 levels) in top_level'

C:/RhoMobileSuite6.0.16/ruby/lib/ruby/gems/1.9.1/gems/rake-12.0.0/lib/rake/application.rb:108:in `each'

C:/RhoMobileSuite6.0.16/ruby/lib/ruby/gems/1.9.1/gems/rake-12.0.0/lib/rake/application.rb:108:in `block in top_level'

C:/RhoMobileSuite6.0.16/ruby/lib/ruby/gems/1.9.1/gems/rake-12.0.0/lib/rake/application.rb:117:in `run_with_threads'

C:/RhoMobileSuite6.0.16/ruby/lib/ruby/gems/1.9.1/gems/rake-12.0.0/lib/rake/application.rb:102:in `top_level'

C:/RhoMobileSuite6.0.16/ruby/lib/ruby/gems/1.9.1/gems/rake-12.0.0/lib/rake/application.rb:80:in `block in run'

C:/RhoMobileSuite6.0.16/ruby/lib/ruby/gems/1.9.1/gems/rake-12.0.0/lib/rake/application.rb:178:in `standard_exception_handling'

C:/RhoMobileSuite6.0.16/ruby/lib/ruby/gems/1.9.1/gems/rake-12.0.0/lib/rake/application.rb:77:in `run'

C:/RhoMobileSuite6.0.16/ruby/lib/ruby/gems/1.9.1/gems/rake-12.0.0/exe/rake:27:in `<top (required)>'

C:/RhoMobileSuite6.0.16/ruby/bin/rake:23:in `load'

C:/RhoMobileSuite6.0.16/ruby/bin/rake:23:in `<main>'

Tasks: TOP => build:android:extensions

Dave Guest	OpenSSL version rejected by Play Store Nov 13, 2017 18:36:51 GMT Quote Select Post Deselect Post Link to Post Back to Top Post by Dave on Nov 13, 2017 18:36:51 GMT Oh, and Android NDK 15c

Alex Epifanov
Global Moderator

Posts: 445

OpenSSL version rejected by Play Store Nov 13, 2017 19:32:09 GMT

Quote

Post by Alex Epifanov on Nov 13, 2017 19:32:09 GMT

Hmm.. yes it seems edge won't work with 6.0, as it was introduced for 5.5 and old Ruby VM. We won't be updating/supporting it further as mainstream openssl update is underway.
So you may either rollback to 5-5 for a while and use edge version, or use updated libs from the branch.

Last Edit: Nov 13, 2017 19:32:23 GMT by Alex Epifanov

Dave
Guest

OpenSSL version rejected by Play Store Nov 13, 2017 19:42:56 GMT

Quote

Post by Dave on Nov 13, 2017 19:42:56 GMT

I managed to build using the updated libs from the branch you'd mentioned, end Google still rejects it. I ran grep on the apk, and it says it's using OpenSSL 1.0.2m, so I'm not sure why Google are still complaining? So I may have to roll back and use 5.5 for edge then?

Alex Epifanov Global Moderator Posts: 445	OpenSSL version rejected by Play Store Nov 13, 2017 19:47:39 GMT Quote Select Post Deselect Post Link to Post Back to Top Post by Alex Epifanov on Nov 13, 2017 19:47:39 GMT Does Google rejects for the same reason? 1.0.2m should work for them.

Dave
Guest

OpenSSL version rejected by Play Store Nov 13, 2017 19:54:49 GMT

Quote

Post by Dave on Nov 13, 2017 19:54:49 GMT

Yes. It's pretty strange. Their documentation says OpenSSL must be grater than 1.0.2f (which this should be), but they still rejected for OpenSSL. I could maybe try appealing it, but will just try compiling with the edge variants first, and see if that goes up OK.

Dave
Guest

OpenSSL version rejected by Play Store Nov 14, 2017 9:39:58 GMT

Quote

Post by Dave on Nov 14, 2017 9:39:58 GMT

Just as an update, I rebuild using the edge variants, and it passed validation. So it didn't seem to like the 1.0.2m version for some reason? Just thought I'd better let you know, as if this is the version you are planning on upgrading to, it may have submission issues.

Alex Epifanov Global Moderator Posts: 445	OpenSSL version rejected by Play Store Nov 14, 2017 14:12:54 GMT Quote Select Post Deselect Post Link to Post Back to Top Post by Alex Epifanov on Nov 14, 2017 14:12:54 GMT Thanks Dave, we'll try to submit a new one and see what Google says.

Dave_ Guest	OpenSSL version rejected by Play Store Feb 7, 2018 11:03:14 GMT Quote Select Post Deselect Post Link to Post Back to Top Post by Dave_ on Feb 7, 2018 11:03:14 GMT I've just seen on the 6.0.22 changelog that you've updated the OpenSSL library, but just to v1.0.0h? Is this correct, or should it be v1.1.0h?

Alex Epifanov Global Moderator Posts: 445	OpenSSL version rejected by Play Store Feb 7, 2018 11:45:43 GMT Quote Select Post Deselect Post Link to Post Back to Top Post by Alex Epifanov on Feb 7, 2018 11:45:43 GMT It's a mistake in changelog, thank you Dave. OpenSSL version is 1.1.0h. Changelog.txt is updated

OpenSSL version rejected by Play Store

Post by Dave on Nov 13, 2017 17:19:05 GMT

Post by Alex Epifanov on Nov 13, 2017 17:57:26 GMT

Post by Dave on Nov 13, 2017 18:35:53 GMT

Post by Dave on Nov 13, 2017 18:36:51 GMT

Post by Alex Epifanov on Nov 13, 2017 19:32:09 GMT

Post by Dave on Nov 13, 2017 19:42:56 GMT

Post by Alex Epifanov on Nov 13, 2017 19:47:39 GMT

Post by Dave on Nov 13, 2017 19:54:49 GMT

Post by Dave on Nov 14, 2017 9:39:58 GMT

Post by Alex Epifanov on Nov 14, 2017 14:12:54 GMT

Post by Dave_ on Feb 7, 2018 11:03:14 GMT

Post by Alex Epifanov on Feb 7, 2018 11:45:43 GMT

Quick Reply