It should be returning 1.0.2h for OpenSSL.
Are you on a Mac or Windows?
I’m on windows 10
Can you open up a cmd.exe shell and do a:
cd %USERPROFILE%\AppData\Roaming\Corona Labs\Corona Simulator\Plugins
and do a “dir” command and look for plugin_openssl.dll and let me know what it says. Also if it’s older than 02/11/2016 try deleting the file:
del plugin_openssl.dll
and then try building and see what numbers you get.
Rob
Before you delete the plugin, download, build and run this sample:
https://github.com/coronalabs/plugins-sample-openssl
It will print the right number. Apparently the .version() API was printing a different value.
Rob
I have this displaying this now in the Corona simulator output which i presume should be right.
lua-openssl version: 0.0.6 Lua 5.1 OpenSSL 1.0.2h 3 May 2016
I’ll try build my app again and try to upload it, annoyingly it will be a couple of hours before i’ll know if it has worked.
Thanks for the help so far
App was rejected again, No more information was given apart from the same security alert as before. Any other suggestions?
Can you show a current screen shot showing the message saying it was rejected with your latest submission?
Rob
it doesn’t give a huge amount of information.
since the first APK uploaded, it hasn’t given another alert so i presume it doesn’t give multiple alerts for the same rejection reason.
Update: int the pre-launch report i found this for the same APK
SECURITY SCAN COMPLETE
No known vulnerabilities were detected for APK 35.
I have tried moving the apk to beta where there was another rejected apk in the hopes that Google checks both builds and gives an overall result. Since the pre-launch says that this APK is safe I can only assume for now that it is a problem with how Google tests the builds.
Okay, Thank you for all of your help, The problem is now fixed. There were a few things going on that caused the problem that I list for anyone who manages to do this in the future.
- The main cause of the problem is that I managed to build an APK on a new machine that had an older build of Corona on it (a release build from Februrary 2016). This build used an old version of OpenSSL that Google does not allow due to major insecurities.
- I uploaded this APK to Beta as it was only meant to be a small bug fix. This APK was rejected.
- To debug the error I tried changing some things not related to SSL (as i was not aware of the alert section at the time) and uploaded these test builds to alpha.
- I found the SSL problem, updated Corona, and uploaded a new APK to alpha.
- I got a notification for this saying it had been rejected.
- I then posted this plea for help on the Corona forums from which i confirmed that my SSL version was correct.
- My colleague suggested that it could be that there was a broken version still in beta and he was correct!
- Promoting the APK to beta (therefor having no insecure versions live) fixed the problem
TLDR: Make sure that you publish any updated APKs in the same alpha/beta/production channel as a rejected APK as google seems to check all channels when any new APK is tested.
Glad you got it solved.
Rob