dusty
commented
9 years ago Script is from this page:
https://stackoverflow.com/questions/24197777/google-play-openssl-warning-message
Open dusty opened 9 years ago
dusty
commented
9 years ago Script is from this page:
https://stackoverflow.com/questions/24197777/google-play-openssl-warning-message
mark-veenstra
commented
9 years ago Should be fixed from version 2.4.1
I got an email from google play
"The vulnerabilities were addressed in OpenSSL versions beginning with 1.0.1h, 1.0.0m, and 0.9.8za. To confirm your OpenSSL version, you can do a grep via ("$ unzip -p YourApp.apk | strings | grep "OpenSSL""). For more information about the vulnerability, please consult http://www.openssl.org/news/secadv_20140605.txt."
I found a bash script from stackoverflow to help narrow down where the problem is. Running it on my project, I get the following output.
Found OpenSSL versions ssl_work_dir/lib/armeabi/libopentok.so:OpenSSL 1.0.1e 11 Feb 2013 ssl_work_dir/lib/x86/libopentok.so:OpenSSL 1.0.1e 11 Feb 2013
I installed the most recent version via git (com.tokbox.cordova.opentok 1.0.2)
Is there anyway to upgrade openssl that appears to be bundled into opentok? They didn't give me a timeline, so I don't believe this is urgent, but also not certain.