OpenSSL
OpenSSL is an open source library implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS) protocols as well as a full-strength general purpose cryptography library. It can be found at https://www.openssl.org.
Here, we will build the OpenSSL Version 1.0.1j, which contains a fix for the Heartbleed Bug(http://heartbleed.com).
The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information that is protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet.
If you try to statically link your application against an old version of OpenSSL and then publish it on Google Play, you may see the following security alert:
It is possible that by the time this book is published, even the version 1.0.0j of OpenSSL will be outdated. Hence, it would be a great exercise for you to download the most recent source code and update NDK Makefiles accordingly. Here is a brief glimpse of how you can do it.
OpenSSL is compiled as two interoperating static libraries: libssl and libcrypto. Check out the source code bundle and look into the folders 2_OpenSSL/lib/crypto/jni and 2_OpenSSL/ssl/jni. Both libraries should be linked against your application which uses SSL-enabled version of libcurl.
Typical Android.mk for this can start as in the following listing:
include $(CLEAR_VARS) LOCAL_MODULE := libCurl LOCAL_SRC_FILES := ../../../Libs.Android/libcurl.$(TARGET_ARCH_ABI).a include $(PREBUILT_STATIC_LIBRARY) include $(CLEAR_VARS) LOCAL_MODULE := libCrypto LOCAL_SRC_FILES := ../../../Libs.Android/libCrypto.$(TARGET_ARCH_ABI).a include $(PREBUILT_STATIC_LIBRARY) include $(CLEAR_VARS) LOCAL_MODULE := libSSL LOCAL_SRC_FILES := ../../../Libs.Android/libSSL.$(TARGET_ARCH_ABI).a include $(PREBUILT_STATIC_LIBRARY)
At the end of this file, just link all the libraries:
LOCAL_STATIC_LIBRARIES += libCurl LOCAL_STATIC_LIBRARIES += libSSL LOCAL_STATIC_LIBRARIES += libCrypto
This is it, you can now deal with SSL connections.