|
Re: Nokia N900 A-GPS Not Working Anymore
I believe he inserted/refreshed a cert in our store and then the cmcli also succeeded, which failed previously (and if I interprete it right, he succeeded in getting supl data from Nokia?). As I played also with a lot of certs/adding/deleting from common-ca and did not succeed at all, I am waiting eagerly for more details ...
|
Re: Nokia N900 A-GPS Not Working Anymore
Well I actually removed one :)
The certificate in question is 00d85a4c25c122e58b31ef6dbaf3cc5f29f10d61-1. Not that there is something wrong with that certificate, but it seems maemo certman has a bug. There are 2 verisign root certificates with the same public key: 00d85a4c25c122e58b31ef6dbaf3cc5f29f10d61 and 00d85a4c25c122e58b31ef6dbaf3cc5f29f10d61-1. certificate chain of supl.nokia.com cert ends up with 00d85a4c25c122e58b31ef6dbaf3cc5f29f10d61, but it seems certman tries to use 00d85a4c25c122e58b31ef6dbaf3cc5f29f10d61-1 instead. So the verification fails. I didn't debug it, so the actual thing that happens could be a slightly different, however, removing both 00d85a4c25c122e58b31ef6dbaf3cc5f29f10d61 and 00d85a4c25c122e58b31ef6dbaf3cc5f29f10d61-1 and reimporting 00d85a4c25c122e58b31ef6dbaf3cc5f29f10d61 workarounds the problem. seems https://gitorious.org/community-ssu/...c074bfeef6a622 is not enough for multiple-keys-same-public to work on Fremantle. I'll debug the whole mess when I have some free time. Wouldn't try to stop anyone to do the same ofc :) |
Re: Nokia N900 A-GPS Not Working Anymore
1 Attachment(s)
Hmm, I have created a PEM certificate file of the root certificate indicated when connecting to supl.nokia com, also in the zip, is the original crt file.
Code:
root@bt:~# openssl s_client -connect supl.nokia.com:7275 CONNECTED(00000003) |
Re: Nokia N900 A-GPS Not Working Anymore
@nieldk: there is one more certificate on top of the one you bolded, do:
cmcli -s -T common-ca -v supl.nokia.com:7275 (this will save the whole certificate chain as .pem files) and you'll see there are 4 .pems saved, not 3. EDIT: nevermind, seems I misread your post |
Re: Nokia N900 A-GPS Not Working Anymore
YEP!
A THOUSAND THANKS !!! One mistake above: it iks the second one (with the "-1") that needs to be readded. And I needed a reboot to make location library aware. I never thought of removing that one (verisign), actually both and reinstalling only the second one. I fiddled with exactly that cert, but failed miserable due to missing cert experience. Will do now a second reboot for verification. |
Re: Nokia N900 A-GPS Not Working Anymore
@peterleinchen: "the mistake" could be related to the order of the hashes.
EDIT: don't forget to "perl /usr/bin/c_rehash /etc/certs/common-ca" after every change to the certificate store |
Re: Nokia N900 A-GPS Not Working Anymore
Quote:
Nevertheless: after the second clearing cache (gconftool/reboot), I got a fix within 5-10 seconds from supl.nokia.com. We ARE back, Nokia! Thank you freemangordon Quote:
WHAT? Never knew/did that. What is this about? It worked for without that rehashing (some kind of aegis here? ;)) --edit Another edit aimed to nieldk What PR version do you have? Is it possibly "only" PR1.3 and not PR1.3.1 (with some cert updates/revocations)? Idk when this problem arised, but could it be due to that one? |
Re: Nokia N900 A-GPS Not Working Anymore
Quote:
|
Re: Nokia N900 A-GPS Not Working Anymore
Quote:
With, KP52 as kernel. |
Re: Nokia N900 A-GPS Not Working Anymore
Wow, I almost can't believe it: Nokia N900 can use supl.nokia.com again!!!
Anyway, I didn't have a file/cert 00d85a4c25c122e58b31ef6dbaf3cc5f29f10d61-1.pem , just the one without the -1 . What was workin for me was (as root): Code:
mkdir /tmp/supl/ ; cd /tmp/supl/ ; cmcli -s -T common-ca -v supl.nokia.com:7275 ; for CERT in `ls -1 *.pem` ; do cmcli -c common-ca -r ${CERT%%.*} ; cmcli -c common-ca -r ${CERT%%.*}-1 ; cmcli -c common-ca -a ${CERT} ; doneCode:
cmcli -T common-ca -v supl.nokia.com:7275Setting location server to supl.nokia.com then gave me the nearby fix within 5 secs. Yey! @freemangordon: Where did you find the -s flag for cmcli ? It is not shown as an option when called without any param. Edit: typo ... |
Re: Nokia N900 A-GPS Not Working Anymore
@Ulle - in cmcli source code
|
Re: Nokia N900 A-GPS Not Working Anymore
So can/will this be fixed in upcoming CSSU versions?
|
Re: Nokia N900 A-GPS Not Working Anymore
This is CSSU material, that's for sure. But we need to find the bug first:). Anyway, I'll look at it when I find some spare time
|
Re: Nokia N900 A-GPS Not Working Anymore
Quote:
Thanks again. :) |
Re: Nokia N900 A-GPS Not Working Anymore
Hey freemangordon,
besides 00d85a4c25c122e58b31ef6dbaf3cc5f29f10d61 I have another one with a "-1 extension", named f3a27298eeb81b82801c4db69a3027990a2f72e2 And this one I do not get named, when printing cmcli -T common-ca -L My guess is really that this was introduced via a OTA update from PR1.3 to 1.3.1 To verify: @nieldk and Ulle Please give us your current PR (1.3 or 1.3.1) number and how you got there (direct flash, OTA or CSSU). CSSU is important to know, as that latest update is already integrated. @freemangordon, just a wild guess. But maybe worth to check... Quote:
|
Re: Nokia N900 A-GPS Not Working Anymore
Quote:
As supl.nokia.com has stopped working years ago (was it 2011?), I think the cert store was already wrong before CSSU. Quote:
Version: 21.2011.38-1Smaemo6.1 (Flavor: Stable) Haven't looked for that for ages. Can't say exactly how I came to this. Probably Flashing Nokia stuff than CSSU OTA. From wiki http://wiki.maemo.org/Community_SSU/ChangelogStable : 21.2011.38-1 is the latest official Nokia version. The number after it indicates the Community SSU release version. And I played quite much with the VeriSign certs in the last days. Hard to say how their state was before that. |
Re: Nokia N900 A-GPS Not Working Anymore
My firmware is flashed using maemo_flasher-3.5_2.5.2.2_i386.deb from tablets-dev.nokia.com
Flashing the images: RX-51_2009SE_10.2010.13-2.VANILLA_PR_EMMC_MR0_ARM.bin RX-51_2009SE_20.2010.36-2_PR_COMBINED_MR0_ARM.bin from http://skeiron.org/tablets-dev/nokia_N900/ |
Re: Nokia N900 A-GPS Not Working Anymore
Now that supl.nokia.com issues are teared down to TLS / certificates flaws inside N900, what about supl.google.com?
My tests with supl-proxy where showing that during (s)UPL sessions with google and sonyericsson much more data was exchanged (compared to nokia and vodafone). With no success at the end. See my attached log files in post #101 http://talk.maemo.org/showpost.php?p=1369745 Why can't N900 use the data coming from supl.google.com for A-GPS / ACWP? |
Re: Nokia N900 A-GPS Not Working Anymore
Quote:
Nokias, didnt work - until now. I know nokiabot also at least seem to have a working google supl. Perhaps its related to firmware releases ? |
Re: Nokia N900 A-GPS Not Working Anymore
Any suggestions, what i am doing wrong???
Removing the certificates does not work, adding fails because the files exist... Code:
Nokia-N900:/tmp/supl# cmcli -c common-ca -r 00d85a4c25c122e58b31ef6dbaf3cc5f29f10d61-1.pem Code:
Nokia-N900:/tmp/supl# apt-cache policy mp-fremantle-community-pr |
Re: Nokia N900 A-GPS Not Working Anymore
Quote:
|
Re: Nokia N900 A-GPS Not Working Anymore
Quote:
|
Re: Nokia N900 A-GPS Not Working Anymore
Quote:
|
Re: Nokia N900 A-GPS Not Working Anymore
Quote:
here you refer to the google problem, or? As I see the Nokia problem solved due to mixed up certs!? I noticed that I can only get ACWP data, but not AGNSS data from Nokia server (also Vodafone). Should nokia provide that info also? If yes, there is still above mentioned code chunk to be found (either for Google or Nokia). Only thing I may think of causing this is some change in Google supl data still in the specification, but not correctly handled in N900 (like it was for tinymail). Do you have another idea? --edit Okay, just reread. And of course you refer with your code chunk to some problem in libmaemosec not handling the presence of two certificates with same fingerprint, right? Nevertheless above problem with Google is still present, but not that urgent anymore (still I'd like to know/solve ...) --editedit Or, another thought: could it be that Google changed their supl server to deliver only AGNSS data and no ACWP data anymore. And our N900 is only able to collect/use ACWP? This would explain the SSL-trusty successful (and bigger) data exchange with Google and Sirf supl servers. |
Re: Nokia N900 A-GPS Not Working Anymore
Quote:
So following this: ACWP is returned from nokia, vodafone and sirf with just a pair of long/lat data (or kind of), AGNSS ist returned from google and sonyericsson (not sirf) with quite some PDU/RLP and ephemeris data. Both in XML-like style. |
Re: Nokia N900 A-GPS Not Working Anymore
wireshark is your friend ;-)
|
Re: Nokia N900 A-GPS Not Working Anymore
If someone wants to test supl.sonyericsson.com with N900 there is still the first show stopper to solve: Certificate verification fails due to missing issuer cert.
I found this http://pastebin.com/2dNbJ79L , which was mentioned in an android gps discussion somewhere, and copied line 8. to 28. (the content of cacert.txt) into a file on my N900 . Then after Code:
cmcli -c common-ca -a /path/to/that/fileCode:
cmcli -T common-ca -v supl.sonyericsson.com:7275Edit: I couldn't find the root/issuer cert for sls1.sirf.com and sls2.sirf.com . I sent an email to slssupport@sirf.com (does not exist anymore) and webmaster@csr.com, asking for that. No answer so far ... |
Re: Nokia N900 A-GPS Not Working Anymore
Quote:
|
Re: Nokia N900 A-GPS Not Working Anymore
Quote:
|
Re: Nokia N900 A-GPS Not Working Anymore
Quote:
The tool is just exellent. Deploying MITM a big waste of time (for that). |
Re: Nokia N900 A-GPS Not Working Anymore
ok, strace then? ;-)
|
Re: Nokia N900 A-GPS Not Working Anymore
Quote:
Code:
~ root# openssl s_client -connect sls2.sirf.com:7275 |
Re: Nokia N900 A-GPS Not Working Anymore
A fix is on it's way to CSSU, please test: http://talk.maemo.org/showpost.php?p...&postcount=222
Those of you that have changed their certificates, make sure to revert to "stock" state, otherwise installation may fail/be incomplete, the files in /etc are treated by apt/dpkg as config files and are not auto overwritten on a new package version installed. |
Re: Nokia N900 A-GPS Not Working Anymore
@peterleinchen - followup to http://talk.maemo.org/showpost.php?p...&postcount=225
Not sure what you mean by "stock" but if it is PR1.3.1 I guess it makes sense to install everything *certman* , there are a couple of certificate fixes in CSSU not present in PR1.3.1. Not to say I strongly recommend to install CSSU, be it -stabe, -testing or -thumb ;) |
Re: Nokia N900 A-GPS Not Working Anymore
Quote:
I checked packages and yeah they seem to be installable to non-CSSU devices (I know I know). Furthermore I have seen you exchanged the certs, so content of one into the other file (seen by sha1sum). It is a bit late now, but I began to play with order also and I found that the c_rehash is the one to "blame" :( (not that I am good in reading/understanding perl) It fetches all pem/crt from directory, but not in any order. That is the reason why the link 7651b327.0 points to the newer cert, while 7651b327.1 should do so. (That is also reason why f3a27298eeb81b82801c4db69a3027990a2f72e2-1.pem works, as the symlink *.1 points to newer cert. I checked it by just re-symlinking *.0 to older and *.1 to newer cert. And it worked. --EDIT Checked once more. And it is really weird/confusing/erroneous ! :rolleyes: Now I added certs again. First old one, then new one (as before). And guess what? It worked without changing anything! When checking the symlinks they showed to the correct locations *.0 to *-1.pem (without manually re-symlinking). Conclusio? IDK. Seems like it could work on some devices and on some not. Just regarding the order of $flist... --editedit Okay, now I am confused. Strike above. It seems after 'c_rehash /etc/certs/common-ca' everything is fine. I removed, inserted (in different orders) and more. But it is working always. So easiest is to make a backup of 00d85*.pem and 00d85*-1.pem remove 0085*, cmcli -c common-ca -r 00d85* remove 7651*.*, rm 7651* reinsert 00d85* (and 00d85*-1) in exactly this order cmcli -c common-ca -a backup_of_00d85*.pem cmcli -c common-ca -a backup_of_00d85*-1.pem this should be enough. If it is not working for you, then do a c_rehash /etc/certs/common-ca If still not working, then start all over, but readd in reversed order (first 00d85*-1.pem and then 00d85*.pem) Or just use fmg's patch (before messing around!). Quote:
|
Re: Nokia N900 A-GPS Not Working Anymore
My GPS is not working for about a month. I use supl.google.com and tried a few others.
Ran this command to reset cache : gconftool --recursive-unset /system/nokia/location Reflash done(emmc+rootfs), still no help. It's keep on searching and never locks in. Please let me know how to fix this. Could this be a possible hardware issue? Thanks |
Re: Nokia N900 A-GPS Not Working Anymore
Quote:
|
Re: Nokia N900 A-GPS Not Working Anymore
Quote:
(Edit: thanks pichlo for the heads up. Never use Nokia Maps so who would know.....) |
Re: Nokia N900 A-GPS Not Working Anymore
The problem is that the built-in Nokia Maps application times out after just 10 minutes - even though the time it takes to receive the full almanac under ideal conditions with no retries is 12.5 minutes - which means it will never acquire a lock without help.
This has been discussed countless times, just do a search. Nokia was aware of that and they marked it as "won't fix" ("10 minutes ought to be enough for everybody!"). Get a third-party GPS application such as Location Test discussed in this thread to help Nokia Maps with the lock. It will not make it any faster - for that you need the patch that sixwheeledbeast mentioned - but it will not time out and hence get the lock eventually without the supl server assistance. |
Re: Nokia N900 A-GPS Not Working Anymore
Thanks a lot sixwheeledbeast, handaxe and pichlo. I read about that fix(I think maemo-security-certman ??), but i believe it's a fix with CSSU. I don't use CSSU for some reasons. I would like to know whether it's possible to use that fix without CSSU installed. I don't use Nokia maps, i'm happy using the Marble maps which was so convenient for me.
Thank you |
| All times are GMT. The time now is 04:19. |
vBulletin® Version 3.8.8