Reputation: 909
How to check the version of OpenSSL in Crosswalk for Android on Windows
I'm developing an app with Android Crosswalk.
A few days ago, alert mail arrived from google play about a security issue of OpenSSL.
The method of verifying the version of OpenSSL was written to e-mail.
The vulnerabilities were addressed in OpenSSL versions beginning with 1.0.1h, 1.0.0m, and 0.9.8za. To confirm your OpenSSL version, you can do a grep via ("$ unzip -p YourApp.apk | strings | grep "OpenSSL""). For more information about the vulnerability, please consult http://www.openssl.org/news/secadv_20140605.txt.
But when unzip is run on Windows, an error is occurred("strings" is an invalid command).
Crosswalk's current version is 9.38.208.10. How can I verify OpenSSL is safe?
Upvotes: 1
Views: 1869
Answers (2)
Reputation: 176
Crosswalk is running an older version of OpenSSL. I work at Intel (on a different team) and we are aware of the issue and raising it with the Crosswalk team.
OpenSSL default user interface
OpenSSL 1.0.1e 11 Feb 2013
Upvotes: 3
Reputation: 55350
You should have the packages containing unzip, strings and grep installed in cygwin order for that command to work.
From the error message, looks like you're missing strings. Did you install the binutils package?
See http://cygwin.com/cgi-bin2/package-grep.cgi?grep=strings.exe
Upvotes: 0
Related Questions
- How to compile OpenSSL 1.1.1 for Android
- Compiling the latest OpenSSL for Android
- Compile OpenSSL 1.1.0 for Android
- How to check added crosswalk version?
- Update Android app to latest version of OpenSSL
- How to check OpenSSL library version of android application
- How to use OpenSSL with Android?
- Update openssl version in the guardianproject/openssl-android
- How to build Openssl for Android on Windows with ndk8?
- Compiling and using OpenSSL for Android, on windows using eclipse