I published my app using Adobe Air 21.0.0.198 / 22 .x.x.x but google still reports the vulnerability. I used the command: unzip -p xxxx.apk | strings | grep "OpenSSL" and it results in: N16OpenSSLCryptImpl12EVP_PKEY_OBJE N8pkASUtil5PImplI23OpenSSLCryptoEngineImplEE N16OpenSSLCryptImpl22OpenSSLDigestOperationE N16OpenSSLCryptImpl22OpenSSLSymKeyOperationE N16OpenSSLCryptImpl13OpenSSLSymKeyE N16OpenSSLCryptImpl29OpenSSLRSAVerificationContextE N16OpenSSLCryptImpl16OpenSSLPublicKey11DecodedInfoE N8pkASUtil10CHolderPtrIN16OpenSSLCryptImpl16OpenSSLPublicKey11DecodedInfoEEE N16OpenSSLCryptImpl16OpenSSLPublicKeyE N16OpenSSLCryptImpl18PrivKeyDecodedInfoE N8pkASUtil10CHolderPtrIN16OpenSSLCryptImpl18PrivKeyDecodedInfoEEE N16OpenSSLCryptImpl17OpenSSLPrivateKeyE 23OpenSSLCryptoEngineImpl 19OpenSSLCryptoEngine /Users/labuser/builds/001f5b3931bc/ssl+sage.corp.adobe.com+21920/drm/drm_5_3_rankin/client/components/ascrypt/source/OpenSSL/OpenSSL_CryptImpl.cpp OpenSSL could not load PEM client certificate, OpenSSL error %s, (no key found, wrong pass phrase, or wrong file format?) could not load ASN1 client certificate, OpenSSL error %s, (no key found, wrong pass phrase, or wrong file format?) could not parse PKCS12 file, check password, OpenSSL error %s could not load PKCS12 client certificate, OpenSSL error %s TLSv1 part of OpenSSL 1.0.2f 28 Jan 2016 OpenSSL 1.0.2f 28 Jan 2016 %s(%d): OpenSSL internal error, assertion failed: %s SHA-256 part of OpenSSL 1.0.2f 28 Jan 2016 DlSHA-512 part of OpenSSL 1.0.2f 28 Jan 2016 Big Number part of OpenSSL 1.0.2f 28 Jan 2016 So the openssl version is right, I do not understand why. Help.
... View more