search

IndySockets / Indy

Indy - Internet Direct
https://www.indyproject.org
448 stars 153 forks source link

Support BoringSSL on Android 6 #166

Open rlebeau opened 7 years ago

rlebeau commented 7 years ago

In Android 6, Google replaced OpenSSL with BoringSSL, and as such Indy's SSL support no longer works on Android (error "Unable to load SSL").

Considering that BoringSSL is just a fork of OpenSSL to make it "a much lighter-weight version of OpenSSL that strips out many of the application programing interfaces (APIs) and application binary interfaces (ABIs) found in the latter", and for Google to apply their own internal patches to without applying them to OpenSSL, I wonder how much work it would be to make Indy compatible with BoringSSL. As long as the remaining APIs are the same, maybe it is just a matter of having Indy load different library filenames at runtime. I hope it does not mean having to write a completely new IOHandler for BoringSSL, that could be a lot of work.

rlebeau commented 7 years ago

Attaching screenshotshowing missing "critical" functions when loading BoringSSL.

image

rlebeau commented 7 years ago

Some changes have been made to the IdSSLOpenSSLHeaders unit to account for the missing OpenSSL functions in the BoringSSL library, but this has not been tested or finalized at this time.

According to a QT bug report:

https://bugreports.qt.io/browse/QTBUG-38291

The OpenSSL libraries are preloaded by Android. Attempting to reload the libraries are therefore not possible (in a safe way) and is a limitation/feature in Android that affects all applications.

BoringSSL uses the same library filenames as OpenSSL, but makes big interface changes to OpenSSL's API interface. If BoringSSL is pre-loaded with those filenames, users will likely not be able to bundle Indy-compatible OpenSSL lib files with their Android apps.