aws-amplify
libconscrypt_jni.so is not 16kb aligned for Android
Which AWS Services is the feature request for? to get libconscrypt_jni.so to be 16kb aligned
Is your feature request related to a problem? Please describe. Android has released to check if the libraries used are 16kb aligned https://developer.android.com/guide/practices/page-sizes#:~:text=Beginning%20with%20Android%2015%2C%20Android,on%20these%2016%20KB%20devices and we noticed libconscrypt_jni.so comign from aws sdk is not aligned
/tmp/my_apk_out9/tmp/my_apk_out8/lib/arm64-v8a/libconscrypt_jni.so: \e[31mUNALIGNED\e[0m (2**12)
Conscript is a library from Google. We will be reliant on that library adding 16kb page size support: https://github.com/google/conscrypt
Please also consider AWS newer IoT library that builds in additional support for mqttv5: https://github.com/aws/aws-iot-device-sdk-java-v2
Hey, can you confirm where you get the conscrypt library from? Built from source or from somewhere else?
@smore-lore It's a library Google publishes.
Here is the import: https://github.com/aws-amplify/aws-sdk-android/blob/093c524271981946f684744e41ec866c99c72478/aws-android-sdk-iot/build.gradle#L17
Their repo is open source here: https://github.com/google/conscrypt
Should be fixed in org.conscrypt:conscrypt-android:2.5.3, currently going through the publishing pipeline.
@fxsweety I see org.conscrypt:conscrypt-android:2.5.3 is available. We will pull this in shortly.
@fxsweety I see
org.conscrypt:conscrypt-android:2.5.3is available. We will pull this in shortly.
Thank you.. once its updated we will verify from our client side, if its 16kb aligned
@prbprbprb Verified that 2.5.3 works on 16KB page size devices.
@fxsweety Support will go in our next release of the AWS Android SDK. However, if you are not calling mqttManager.connectUsingALPN, you should not be concerned. Conscrypt is only used when the port is set to 443, which is not used on the standard connect call.
Complete aside, I'm just curious why you use unbundled Conscrypt for TLS for that one sub-project?
If it's because it supports a lower minSdk than the Google Play ProviderInstaller API then just a head-up that the next major release will be changing to minSdk 21 which is about the same as Play.
Thanks for the heads up.
I don't have much historical context into the reasoning. It was most likely used for versions 4.x versions of Android with limited TLS 1.2 capabilities, though I'm not sure why we use Conscrypt for all versions here. It could be to support non Google Play devices as IoT has unique use cases.
This is a legacy library for IoT, with a direct replacement available (minSdk 24), which is likely the reason there is some activity still on this library. This conscrypt update should get us through for the remainder of the product life. Thank you for your support.
Cool. I'd suggest that unless you need to run on esoteric devices then ProviderInstaller is probably your best bet (and also 16K aligned nowadays)
@prbprbprb Verified that 2.5.3 works on 16KB page size devices.
@fxsweety Support will go in our next release of the AWS Android SDK. However, if you are not calling
mqttManager.connectUsingALPN, you should not be concerned. Conscrypt is only used when the port is set to 443, which is not used on the standardconnectcall.
Do we know when is the next release. thanks.
We do not make release commitments but we do try to release weekly when we have an update to ship. I'll update the thread here when this code is released.
Hi @fxsweety, looks like we missed updating this Issue but v 2.77.0 of the SDK has the update to Conscrypt! Closing this issue is resolved.
This issue is now closed. Comments on closed issues are hard for our team to see. If you need more assistance, please open a new issue that references this one.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}