注意该问题已得到开发者解决,请看 http://www.cocos2d-x.org/news/286
问题的起因是这样,今天收到google play的邮件,说是应用使用的openssl有安全漏洞,如下:
Security Alert: You are using a highly vulnerable version of OpenSSL
Hello,
One or more of your apps is running an outdated version of OpenSSL, which has multiple security vulnerabilities. You should update OpenSSL as soon as possible. For more information about the most recent security vulnerability in OpenSSL, please see http://www.openssl.org/news/secadv_20140605.txt
Please note, while it’s unclear whether these specific issues affect your application, applications with vulnerabilities that expose users to risk of compromise may be considered “dangerous products” and subject to removal from Google Play.
Regards,
Google Play Team
按照下面网上提供的方法检查了一下,果然是cocos2dx的问题(可能需要翻GFW),
http://www.mwebb.me.uk/2014/06/you-are-using-highly-vulnerable-version.html
我在自己的手机上测试,也是一样的结果,我想大概是libcurl或者libwebsocket库默认链接了openssl
如果没猜错,目前cocos2dx编译机上使用的openssl应该是1.0.0a版本,不符合要求,按照建议应该升级到刚发布1.0.0m版本
自己编译libcurl太费神了,请问大神们谁能统一弄一下,呵呵
