Open dilipbirajadar opened 5 years ago
If the build fails, you have a bad OpenSSL version in your app. You should see a message like this if that is the case:
:app:checkDebugOpenSsl FAILED
FAILURE: Build failed with an exception.
* What went wrong:
Execution failed for task ':app:checkDebugOpenSSL'.
> OpenSSL 1.0.0m detected and contains known vulnerabilities
If the build succeeds, then you likely do not have a vulnerable OpenSSL version in your project.
You mean after adding all dependencies in app level gradle and root level gradle then I need to run app if build success then we don't have openssl in project or do not have a vulnerable OpenSSL version in your project.
After you add the dependency in your build.gradle (I recommend doing it at the app level, but you can also apply it at the root level), then you need to specifically run the checkDebugOpenSsl
task. It does not run on all builds by default.
Unfortunately I cannot provide live 1:1 support.
Then run ./gradlew check[variantName]OpenSSL. For example, ./gradlew checkDebugOpenSsl. This task will fail if a vulnerable version is found.
I have tried below command also. MacBook-Pro:Desktop dilipbirajadar$ unzip -p FNMA_Debug.apk | strings | grep "OpenSSL"
getting below output for me is this correct Do i need to update openssl. But haven't add any openss in my android code.
GMSCore_OpenSSL GmsCore_OpenSSL