Re: TLS1.2 and N9 (polishing brass on a sinking ship)
 

The (available) Source code for n9 is here , as ISO image http://maemo.cloud-7.de/HARM/N9/1.3/

Re: TLS1.2 and N9 (polishing brass on a sinking ship)
 

Great! Thank you!

Re: TLS1.2 and N9 (polishing brass on a sinking ship)
 

It's missing a lot... no grob, libqt4-network and other packages... :(

Re: TLS1.2 and N9 (polishing brass on a sinking ship)
 

Sorry it's been so long since I've replied to anything here. I haven't really done any other work on my N9 since - I started this thread mainly to share the info before I had to quit using the N9 daily, due to the 2G/3G sunset here in the USA. Also a lot of major life changes moved my focus.

Qt4 builds to many different binary packages (libqt4-network being one of them), but there's only one source package. I think it's qt4-x11.

Grob is closed source - there is no source package. If I had access to the grob source, I'd have fixed some bugs and also rebuilt it against a newer WebKit. The worst part is that the particular WebKit lib that grob uses is not in the source distribution (it's a different lib than libqt4-webkit).

I believe I used the ISO that nieldk linked to for source packages.

Re: TLS1.2 and N9 (polishing brass on a sinking ship)
 

God! Thanks. Everything is clear now.

Re: TLS1.2 and N9 (polishing brass on a sinking ship)
 

https://i.imgur.com/w4tf6Ld.png
Do you know how to fix it perhaps? I have OpenSSL 1.0.1t compiled and installed, while all other OpenSSL are "removed" to ensure only latest one is used. Everything built successfully, even Qt4 uses new SSL now - but not qca2-plugin-ossl, ends with error like on screen. Any ideas?

Re: TLS1.2 and N9 (polishing brass on a sinking ship)
 

Is somewhere in qca-ossl source code the evp.h file included or openssl/evp.h file? You need to add the directory to the include directories.

Re: TLS1.2 and N9 (polishing brass on a sinking ship)
 

evp.h exists in /usr/include/openssl, and the cpp file in qca2-plugin-ossl does #include <openssl/evp.h>...

Re: TLS1.2 and N9 (polishing brass on a sinking ship)
 

You can add configure options for your openssl path to the debian/rules file.

configure options:

I hope this helps.

Re: TLS1.2 and N9 (polishing brass on a sinking ship)
 

I managed to repeat the things done by @n9erator and TLS 1.2 in default browser of my N9 is working!!!

Sadly not certificates thing. I mean - TLS 1.2 in browser itself works. But every site complains about certificates. "Security certificate is not trusted" I know that to fix this aegis-certman-common-ca changes were needed. But.

1. Applying the postinst patch worked
2. In etc/ssl/certs/common-ca I removed all files and inserted crt files from ca-certificates of Ubuntu, moved to *.pem as they were text ones
3. Patch on certman_main.cpp didn't work, something got rejected. I applied changes manually then.

Building worked fine, installing not, though. Error during postinst part:

Checking /etc/ssl/certs, it's the first cert. I can't remove them, because they are owned by weird aegis users and chowning to root has no effect. I understand that patched postinst causes that, but what's wrong then?

Tried different way, usually working - injecting PEM files into /usr/local/ssl/certs (my OpenSSL 1.0.1t is in /usr/local + /usr/local/ssl), doing c_rehash then (had to use custom perl), it worked but still browser always complains.

What certs did you use and how did you put them to aegis-certman source? But don't think that's the cause, because only applying patch to postinst causes error on installing as well (keeping default certs from source).

Thanks in advance