[strongSwan] Which version of openssl to use with strongswan

Peter Hsiang phsiang at nvidia.com
Tue Oct 23 20:05:18 CEST 2018


Hi Tobias,

Thanks.  With the newer boringssl included with Android P, the OPENSSL_malloc() and OPENSSL_free() are no longer compatible with the generic malloc() and free() used in Strongswan.  Objects allocated in Strongswan (often used in chunk_t) can be freed by boringssl functions that call their version of free().  
https://boringssl.googlesource.com/boringssl/+/HEAD/PORTING.md

Do we have porting guidelines for integrating strongswan with boringssl for Android P?

I see there is an older version of boringssl https://git.strongswan.org/?p=android-ndk-boringssl.git;a=log.  Would this work on Android P, and would it co-exist with the copy already in Android P (sharing the same libcrypto_static.a object files name space)?

Thanks,
Peter

-----Original Message-----
From: Tobias Brunner <tobias at strongswan.org> 
Sent: Tuesday, October 23, 2018 1:15 AM
To: Peter Hsiang <phsiang at nvidia.com>; users at lists.strongswan.org
Subject: Re: [strongSwan] Which version of openssl to use with strongswan

Hi Peter,

> I triedĀ using the strongswan version of openssl from strongswan.org:
> 
> https://git.strongswan.org/?p=android-ndk-openssl.git;a=summary
> 
> but it seems thisĀ version of openssl is old and does not have some 
> functions used by strongswan 5.6.1:

Yeah, that repository is not really maintained anymore (the version in it is too old anyway, Google would reject an app with it when uploading to Play).  We currently use BoringSSL (see [1]).  If you want to use OpenSSL you'd have to port a newer version yourself.

Regards,
Tobias

[1]
https://wiki.strongswan.org/projects/strongswan/wiki/AndroidVPNClientBuild#The-openssl-Directory

-----------------------------------------------------------------------------------
This email message is for the sole use of the intended recipient(s) and may contain
confidential information.  Any unauthorized review, use, disclosure or distribution
is prohibited.  If you are not the intended recipient, please contact the sender by
reply email and destroy all copies of the original message.
-----------------------------------------------------------------------------------


More information about the Users mailing list