This problem and many others like it caused me a week or so of mucking about, but I finally cracked it so I thought I'd share my solution. OpenSSL can be compiled for 21+ and work on Android 4.03 devices if you are willing to hack the code. We use libcurl, so wanted to be up to date. The steps are a bit complex:
First up ensure you have a buildable version of libcurl. I recommend as a good starting point https://github.com/cocos2d/cocos2d-x-3rd-party-libs-src
They keep up to date build scripts.
Firstly hack the android.ini in "build" to version 21
Next up I had to add the following stub functions to the jni project somewhere:
// SPECIAL API 21+ functions required for android to build on newer platform targets.
float strtof (const char* str, char** endptr)
{
return (float)strtod(str, endptr);
}
int __isnanf(float x)
{
return (x != x);
}
double atof (const char* s)
{
double rez = 0, fact = 1;
if (*s == '-'){
s++;
fact = -1;
};
for (int point_seen = 0; *s; s++){
if (*s == '.'){
point_seen = 1;
continue;
};
int d = *s - '0';
if (d >= 0 && d <= 9){
if (point_seen) fact /= 10.0f;
rez = rez * 10.0f + (float)d;
};
};
return rez * fact;
}
void srandom(unsigned int seed)
{
std::srand(seed);
}
static unsigned long _next = 1;
void srand(unsigned int seed)
{
_next = seed;
}
long random()
{
return rand();
}
int rand()
{
_next = _next * 1103515245 + 12345;
return (unsigned int)(_next/65536) % 32768;
}
/* the default is bsd */
__sighandler_t signal(int s, __sighandler_t f)
{
return 0;
}
Note the signal function could be better, but for us it isn't important. This stops the dreaded "cannot locate symbol" errors on 4.03 devices caused by changes to the headers in 5+ (https://groups.google.com/forum/#!topic/android-ndk/RjO9WmG9pfE).
Next up download the tar.gz for the version of openssl you want to build and unpack it somewhere. Edit crypto/ui/ui_openssl.c and crypto/des/read_pwd.c and ensure that the #defines for tcsetattr are not used. I used a brute force #if 0 and #if 1 - note this should be possible by twiddling the preprocessor, but I gave up at this point. If anyone feels like sharing the correct magic please do!
Now you need to re-tar up the file into the tarballs file (making sure you get it root folder in there:
and run (in my case)
shasum -a 512 curl-7.50.0.tar.gz > ../src/curl/SHA512SUMS
This will allow the cocos2d ./build.sh to run. Something like:
./build.sh -p=android --libs=openssl,curl --arch=armv7 --mode=release
Finally - and this caught me out in terms of making a universal .a file, but is not directly part of the question, ensure you use a version that doesn't use NEON instructions. Tegra 2 devices apparently have FPU but no NEON. I think this can be done using -mfpu=vfp as a compiler flag, but I chose to just use the armv5 build instead, as performance is not really important to me in this area (and I have had enough nasty real world surprises from this already).
In the end you should get a nice .a that works everywhere, and can be used in projects targeting the latest and greatest Android. Now if only someone from the OpenSSL project can read this and fix the project so it understands android stuff released 2 years ago!
Good luck!