Cocos2dx製アプリのOpenSSL問題対応
4/1に届いた「Google Play warning: You are using a vulnerable version of OpenSSL」メールの対応となります。
対応していないと2016/7/11から消されていくらしいので、早めの対応が必要なようです。
OpenSSLのバージョンを調べる
Googleからのメールにあるように、以下のコマンドで OpenSSL 1.02f/1.01r 以前のバージョンが使われていないか調べられます。
$ unzip -p YourApp.apk | strings | grep "OpenSSL" GmsCore_OpenSSL UI_OpenSSL OpenSSLDie DH_OpenSSL OpenSSL_add_all_ciphers OpenSSL_add_all_digests DSA_OpenSSL ECDSA_OpenSSL ECDH_OpenSSL could not parse PKCS12 file, check password, OpenSSL error %s OpenSSL/%lx.%lx.%lx%s OpenSSL 1.0.1j 15 Oct 2014 %s(%d): OpenSSL internal error, assertion failed: %s OpenSSL DH Method OpenSSL default user interface OpenSSL CMAC method OpenSSL HMAC method OpenSSL EC algorithm OpenSSL RSA method OpenSSL DSA method OpenSSL ECDSA method OpenSSL PKCS#3 DH method OpenSSL ECDH method You need to read the OpenSSL FAQ, http://www.openssl.org/support/faq.html OpenSSL default SSLv2 part of OpenSSL 1.0.1j 15 Oct 2014 SSLv3 part of OpenSSL 1.0.1j 15 Oct 2014 TLSv1 part of OpenSSL 1.0.1j 15 Oct 2014 DTLSv1 part of OpenSSL 1.0.1j 15 Oct 2014 MD4 part of OpenSSL 1.0.1j 15 Oct 2014 MD5 part of OpenSSL 1.0.1j 15 Oct 2014 SHA1 part of OpenSSL 1.0.1j 15 Oct 2014 SHA-256 part of OpenSSL 1.0.1j 15 Oct 2014 DlSHA-512 part of OpenSSL 1.0.1j 15 Oct 2014 DES part of OpenSSL 1.0.1j 15 Oct 2014 libdes part of OpenSSL 1.0.1j 15 Oct 2014 Big Number part of OpenSSL 1.0.1j 15 Oct 2014 (1RSA part of OpenSSL 1.0.1j 15 Oct 2014 Diffie-Hellman part of OpenSSL 1.0.1j 15 Oct 2014 Stack part of OpenSSL 1.0.1j 15 Oct 2014 lhash part of OpenSSL 1.0.1j 15 Oct 2014 EVP part of OpenSSL 1.0.1j 15 Oct 2014 ASN.1 part of OpenSSL 1.0.1j 15 Oct 2014 PEM part of OpenSSL 1.0.1j 15 Oct 2014 X.509 part of OpenSSL 1.0.1j 15 Oct 2014 AES part of OpenSSL 1.0.1j 15 Oct 2014 cU! }RC2 part of OpenSSL 1.0.1j 15 Oct 2014 IDEA part of OpenSSL 1.0.1j 15 Oct 2014 CAMELLIA part of OpenSSL 1.0.1j 15 Oct 2014 EDSA part of OpenSSL 1.0.1j 15 Oct 2014 ECDSA part of OpenSSL 1.0.1j 15 Oct 2014 ECDH part of OpenSSL 1.0.1j 15 Oct 2014 RAND part of OpenSSL 1.0.1j 15 Oct 2014 CONF part of OpenSSL 1.0.1j 15 Oct 2014 CONF_def part of OpenSSL 1.0.1j 15 Oct 2014 TXT_DB part of OpenSSL 1.0.1j 15 Oct 2014 +SHA part of OpenSSL 1.0.1j 15 Oct 2014 RIPE-MD160 part of OpenSSL 1.0.1j 15 Oct 2014 RC4 part of OpenSSL 1.0.1j 15 Oct 2014 :Blowfish part of OpenSSL 1.0.1j 15 Oct 2014 \CAST part of OpenSSL 1.0.1j 15 Oct 2014
OpenSSLを更新
project/cocos2d/external/curl 以下のOpenSSLライブラリを更新する必要があります。
公式フォーラムでパッチ公開されている方がいらっしゃったので、以下サイトからパッチをDLして差し替える楽ちん対応で解決出来ます。ありがたい!
http://www.bengigi.com/cocos2d-x-fix-for-openssl-problem/
確認
OpenSSLが 1.02f/1.01r 以上に更新されている事を確認し、更新を行ってください。変わっていない場合はcocos2dxライブラリをビルドし忘れていないか確認ください。
$ unzip -p YourApp.apk | strings | grep "OpenSSL" GmsCore_OpenSSL UI_OpenSSL OpenSSLDie DH_OpenSSL OpenSSL_add_all_ciphers OpenSSL_add_all_digests DSA_OpenSSL ECDSA_OpenSSL ECDH_OpenSSL could not load PEM client certificate, OpenSSL error %s, (no key found, wrong pass phrase, or wrong file format?) could not load ASN1 client certificate, OpenSSL error %s, (no key found, wrong pass phrase, or wrong file format?) could not parse PKCS12 file, check password, OpenSSL error %s could not load PKCS12 client certificate, OpenSSL error %s unable do create OpenSSL user-interface method OpenSSL SSL read: %s, errno %d OpenSSL OpenSSL 1.0.1r 28 Jan 2016 %s(%d): OpenSSL internal error, assertion failed: %s OpenSSL DH Method OpenSSL default user interface OpenSSL CMAC method OpenSSL HMAC method OpenSSL EC algorithm OpenSSL RSA method OpenSSL DSA method OpenSSL ECDSA method OpenSSL PKCS#3 DH method OpenSSL ECDH method You need to read the OpenSSL FAQ, http://www.openssl.org/support/faq.html OpenSSL default SSLv2 part of OpenSSL 1.0.1r 28 Jan 2016 SSLv3 part of OpenSSL 1.0.1r 28 Jan 2016 TLSv1 part of OpenSSL 1.0.1r 28 Jan 2016 DTLSv1 part of OpenSSL 1.0.1r 28 Jan 2016 MD4 part of OpenSSL 1.0.1r 28 Jan 2016 MD5 part of OpenSSL 1.0.1r 28 Jan 2016 SHA1 part of OpenSSL 1.0.1r 28 Jan 2016 SHA-256 part of OpenSSL 1.0.1r 28 Jan 2016 DlSHA-512 part of OpenSSL 1.0.1r 28 Jan 2016 DES part of OpenSSL 1.0.1r 28 Jan 2016 libdes part of OpenSSL 1.0.1r 28 Jan 2016 Big Number part of OpenSSL 1.0.1r 28 Jan 2016 EC part of OpenSSL 1.0.1r 28 Jan 2016 (1RSA part of OpenSSL 1.0.1r 28 Jan 2016 Diffie-Hellman part of OpenSSL 1.0.1r 28 Jan 2016 Stack part of OpenSSL 1.0.1r 28 Jan 2016 lhash part of OpenSSL 1.0.1r 28 Jan 2016 EVP part of OpenSSL 1.0.1r 28 Jan 2016 ASN.1 part of OpenSSL 1.0.1r 28 Jan 2016 PEM part of OpenSSL 1.0.1r 28 Jan 2016 X.509 part of OpenSSL 1.0.1r 28 Jan 2016 AES part of OpenSSL 1.0.1r 28 Jan 2016 cU! }RC2 part of OpenSSL 1.0.1r 28 Jan 2016 IDEA part of OpenSSL 1.0.1r 28 Jan 2016 CAMELLIA part of OpenSSL 1.0.1r 28 Jan 2016 EDSA part of OpenSSL 1.0.1r 28 Jan 2016 ECDSA part of OpenSSL 1.0.1r 28 Jan 2016 ECDH part of OpenSSL 1.0.1r 28 Jan 2016 RAND part of OpenSSL 1.0.1r 28 Jan 2016 CONF part of OpenSSL 1.0.1r 28 Jan 2016 CONF_def part of OpenSSL 1.0.1r 28 Jan 2016 TXT_DB part of OpenSSL 1.0.1r 28 Jan 2016 +SHA part of OpenSSL 1.0.1r 28 Jan 2016 RIPE-MD160 part of OpenSSL 1.0.1r 28 Jan 2016 RC4 part of OpenSSL 1.0.1r 28 Jan 2016 :Blowfish part of OpenSSL 1.0.1r 28 Jan 2016 \CAST part of OpenSSL 1.0.1r 28 Jan 2016