How to update OpenSSL version in CSipSimple?

Question

I am using CSipSimple code for my application. But unfortunately, Google Playstore has raised a warning: You are using a vulnerable version of OpenSSL

I want to update the OpenSSL version from existing code.

Here is some reference which I have followed. CSipSimple-OpenSSL But I am stuck at step 5 there are no such command

m: command not found

Am I following incorrect steps? If any one have already done with this, then please help me or provide some steps/link.

Any help would be really appreciated

Answer 1

In case someone encounters the problem of using vulnerable version of OpenSSL in one of the native libraries, I add some more details and instructions for the @Nonos solution. This tutorial is for CSipSimple but building OpenSSL static libraries is a more generic solution.

I recommend the second solution as adding a static OpenSSL library is more simple solution.

Preconditions: Android NDK need to be configured first.

1. First of all, download the OpenSSL compatible version (> 1.0.2f/1.0.1r).
2. Download two scripts from this link. In case someone wonders what they do: They build the OpenSSL library for every android build (armeabi, x86, mips, etc...)
3. Modify setenv-android-mod.sh -> line 18 with the ndk version
4. Modify setenv-android-mod.sh -> line 40 with the Android API version
5. Modify build-all-arch.sh -> line 7 with the folder name of the OpenSSL library (in my case it was openssl-1.0.1t)
6. After successful build, inside the folder dist the libraries will be present
7. Put those folders inside csipsimple/CSipSimple-trunk/CSipSimple/jni/openssl/lib
8. Put header files from openssl-1.0.1{version}/include to csipsimple/CSipSimple-trunk/CSipSimple/jni/openssl/include. Be aware, that some of the header files are symlinks to other files.
9. Compile CSipSimple. Be aware, that OpenSSL and CSipSimple must be compiled with the same Android API version.

Should build successfully after making steps.