maemo.org - Talk

maemo.org - Talk (https://talk.maemo.org/index.php)
-   Maemo 5 / Fremantle (https://talk.maemo.org/forumdisplay.php?f=40)
-   -   N900, CSSU and OpenSSL (https://talk.maemo.org/showthread.php?t=93296)

joerg_rw 2015-03-19 22:55

Re: N900, CSSU and OpenSSL
 
Quote:

Originally Posted by xes (Post 1464456)
Seriously, no one here is interested in testing an updated openssl package?

Of course we're interested :-)

peterleinchen 2015-03-20 05:51

Re: N900, CSSU and OpenSSL
 
Definitely we are (but on the road and left my cssu device at home)!

nokiabot 2015-03-20 06:08

Re: N900, CSSU and OpenSSL
 
do i install all the packages on the folder

chrischras 2015-03-20 07:20

Re: N900, CSSU and OpenSSL
 
Hi,

thx for compiling. Tested ssl-packet from post #36, no errors so far*. i'm using cssu (21.2011.38-1Tmaemo10.1)

regards, chris

* but https://blog.fefe.de is already not working in any maemo-browser :-/

reinob 2015-03-20 09:06

Re: N900, CSSU and OpenSSL
 
Quote:

Originally Posted by xes (Post 1464456)
Seriously, no one here is interested in testing an updated openssl package?

Yes. I have just dpkg -i libssl0.9.8_0.9.8ze-1+maemo1+0m5+0cssu0_armel.deb (replaced libssl0.9.8 version 0.9.8n-1-maemo4-0m5-0cssu1+thumb1) OK
and then dpkg -i openssl_0.9.8ze-1+maemo1+0m5+0cssu0_armel.deb (replaced 1.0.1e), meaning the package was downgraded - but OK :)

Initial testing (before rebooting) seems OK. Power off now (note: this is my "production" N900). Power on: booted OK to desktop.

mbsync? check. openvpn? check. on-line banking with microb? check. ssh? check. alpine? check.

This is just a quick test. Judging by the number of packages which depend, directly or indirectly, on libssl0.9.8 (like, huh, the whole of maemo) I'd be careful. On the other hand, it's just a library, and whatever fixes are in there are *supposed* to be ABI-compatible, so all should be OK (more(less secure but that's all).

For all I care, I give it my blessing :)

reinob 2015-03-20 09:14

Re: N900, CSSU and OpenSSL
 
Quote:

Originally Posted by chrischras (Post 1464477)
* but https://blog.fefe.de is already not working in any maemo-browser :-/

It also doesn't work on Firefox 37beta on Windows 7 (work). Nor on Internet Explorer 10 (I get "the proxy server isn't responding"). With links2 on debian/jessie 32-bit I get "verification failure: unable to get local issuer certificate".

(sorry for the weird tests, but this is all I have access to right now).

In short: that page has an invalid certificate. Your N900 is working just fine.

peterleinchen 2015-03-20 10:12

Re: N900, CSSU and OpenSSL
 
Quote:

Originally Posted by reinob (Post 1464487)
...
In short: that page has an invalid certificate. Your N900 is working just fine.

Exactly, as
http://blog.fefe.de/
works just fine on MicroB.

xes 2015-03-20 10:24

Re: N900, CSSU and OpenSSL
 
Since the openssl Nokia patches that freemangordon has forward-ported (thanks!) are required to meet the RFC 4279 specs for PSK-TLS and in the detail SUPL servers connection, please check also the applications using AGPS (with a valid supl server setting)
Syslog shoud report if something is going wrong.

Refs:
https://tools.ietf.org/html/rfc4279
http://rt.openssl.org/Ticket/Display...est&pass=guest

freemangordon 2015-03-20 11:23

Re: N900, CSSU and OpenSSL
 
I will (try to) upload 0.9.8zf (the one that got released yesterday) in cssu-devel by the end of the day, maybe wait a bit for further testing to not double the effort.

freemangordon 2015-03-21 16:48

Re: N900, CSSU and OpenSSL
 
Quote:

Originally Posted by freemangordon (Post 1464505)
I will (try to) upload 0.9.8zf (the one that got released yesterday) in cssu-devel by the end of the day, maybe wait a bit for further testing to not double the effort.

done:

http://talk.maemo.org/showpost.php?p...&postcount=439

Dongle Fongle 2015-03-22 12:09

Re: N900, CSSU and OpenSSL
 
Quote:

Originally Posted by xes (Post 1464497)
Since the openssl Nokia patches that freemangordon has forward-ported (thanks!) are required to meet the RFC 4279 specs for PSK-TLS and in the detail SUPL servers connection, please check also the applications using AGPS (with a valid supl server setting)
Syslog shoud report if something is going wrong.

Refs:
https://tools.ietf.org/html/rfc4279
http://rt.openssl.org/Ticket/Display...est&pass=guest


Thank you freemangordon! Succesfully installed. You make dreams come true. No errors in MicroB when connecting to my bank. However, I get no connection lock on N900 with A-GPS in Marble and Tablet Mode.
External GPS Device does have position lock.
Any idea how to solve that?

I saw in dependencies that 'ca-certificates' was recommended.

In any case, thank you :)

Edit: Got a GPS Lock, but after minutes, as opposed to seconds, which never happened before with my setup. Is openssl the culprit?
Edit2: After a reboot, I get a lock after 30 seconds. All is fine. Thank you. :)

freemangordon 2015-03-22 12:15

Re: N900, CSSU and OpenSSL
 
Quote:

Originally Posted by Dongle Fongle (Post 1464637)
Thank you freemangordon! Succesfully installed. You make dreams come true. No errors in MicroB when connecting to my bank. However, I get no connection lock on N900 with A-GPS in Marble and Tablet Mode.
External GPS Device does have position lock.
Any idea how to solve that?

I saw in dependencies that 'ca-certificates' was recommended.

In any case, thank you :)

Edit: Got a GPS Lock, but after minutes, as opposed to seconds, which never happened before with my setup. Is openssl the culprit?

shouldn't be, I tried it here and got lock in 7 seconds. also. in syslog I see a successful connection to supl.nokia.com.

Dongle Fongle 2015-03-22 12:18

Re: N900, CSSU and OpenSSL
 
You're right, it was not related, after reboot I got a quick lock.

I've been dreaming about this day for months, thank you.

xes 2015-03-22 12:32

Re: N900, CSSU and OpenSSL
 
Quote:

Originally Posted by Dongle Fongle (Post 1464640)
You're right, it was not related, after reboot I got a quick lock.

Probably location-proxy was already loaded using previous openssl version.

freemangordon 2015-03-22 15:26

Re: N900, CSSU and OpenSSL
 
Quote:

Originally Posted by xes (Post 1464643)
Probably location-proxy was already loaded using previous openssl version.

That should not matter, the old openssl (n) doesn't have issues with supl servers either

Dongle Fongle 2015-06-29 13:48

Re: N900, CSSU and OpenSSL
 
How to add tls 1.2 to maemo and pass ssllabs.com browser test on microb?


All times are GMT. The time now is 04:57.

vBulletin® Version 3.8.8