It would be great if we had openssl support compiled in PHP for Android - then we could e.g. verify that the code downloaded over-the-wire is in fact ours and not attacker's.

I'm preparing the project that allows for remote downloading signed code distibuted in Phar archives and verifies the signature using locally contained public key. I think this could be a great model for securely distributing the code for an application components (apart from APK, application itself could download updated code from remote location and be sure that the code has not been tampered with).

The only missing pieces are phar and openssl support in PHP for Android.

I'm working on a personal application to help manage my virtual private servers. My service providers have SolusVM, which has an API that I can interface with to boot, reboot, and shutdown my virtual servers at any time. The problem is that I must access the api via https, which is currently not supported. Openssl is definitely a must have.

I've been working in adding openssl support. SL4A_r3 is rolling a PFA 0.3 prerelease which includes the latest binary (still alpha). This new binary has openssl support. Unfortunately RSA certificates support is disabled by now.

This new binary is about 0.2 MB bigger but I think that its [partial] openssl support can be interesting. Testing and suggestions are welcome.

The following test code sould work :

$fp = fsockopen("ssl://www.eff.org", 443, $errno, $errstr, 30); if (!$fp) { echo "ERROR"; } else { $out = "GET / HTTP/1.1\r\n"; $out .= "Host: www.eff.org\r\n"; $out .= "Connection: Close\r\n\r\n"; fwrite($fp, $out); while(!feof($fp)) { echo fgets($fp, 128); } fclose($fp); }

In the future, once We get succeed with phpize crosscompilation We might remove openssl support again in the binary.