Thomas wrote:
I am using Indy with OpenSLL (Win, Mac, iOS and Android). It seems
that Google has replaced OpenSSL with BoringSSL in Android 6.
For the record, here is what Google says about it:
http://developer.android.com/about/versions/marshmallow/android-6.0-changes.html#boringSSL
Android is moving away from OpenSSL to the BoringSSL library. If you’re using
the Android NDK in your app [which Delphi does], don't link against cryptographic
libraries that are not a part of the NDK API, such as libcrypto.so and libssl.so
[which Indy does]. These libraries are not public APIs, and may change or
break without notice across releases and devices. In addition, you may expose
yourself to security vulnerabilities. Instead, modify your native code to
call the Java cryptography APIs via JNI or to statically link against a cryptography
library of your choice.
Considering that BoringSSL is just a fork of OpenSSL to make it "a much lighter-weight
version of OpenSSL that strips out many of the application programing interfaces
(APIs) and application binary interfaces (ABIs) found in the latter", and
for Google to apply their own internal patches to without applying them to
OpenSSL, I wonder how much work it would be to make Indy compatible with
BoringSSL. As long as the remaining APIs are the same, maybe it is just
a matter of making Indy look for different library filenames at runtime.
I hope it does not mean having to write a completely new IOHandler for BoringSSL,
that could be a lot of work.
So SSL is no longer working (Message: Unable to load SSL.).
What does Indy's WhichFailedToLoad() function return when that happens?
Is it failing to load the library files themselves? Or is it failing to find
particular SSL functions?
Is there a way to uses OpenSSL with Android 6.
You would have to distribute the OpenSSL binaries (libssl.so and libcrypto.so)
with your Android app and then call the IdOpenSSLSetLibPath() function at
app startup to tell Indy where to find them.
For iOS I placed "libcrypto.a" and "libssl.a" in the project folder.
It works fine.
For iOS, Indy statically links to OpenSSL at compile time, it does not dynamically
load OpenSSL at runtime (due to Apple restrictions at the time, which may
have since been lifted in recent iOS versions, but Indy has not been updated
to support that yet).
Are libraries/files available for Android?
Not from Indy, no. You will have to find third-party .so files, or compile
OpenSSL yourself.
--
Remy Lebeau (TeamB)
Connect with Us