N900 ssl connection problem qt and wget no match hostname
 

I am writing a qt application which should download a file over ssl connection. Sadly it is not working with the following error message*. The protocol is fixed to TLSv1. I am using cssu-testing with openssl 0.9.8zh-1+maemo1+0m5+0cssu0 and maemosec. version 0.2.10.

*To investigate the problem I am using wget and also getting same error message like:

will redirect to basemap.nationalmap.gov

Both downloads not working.

Maybe it has something to do with redirection.

I have also installed needed certificates with the certificate manager and created /etc/osso-af-init/ssl.defs file which get loaded during boot time. I guess this was not needed.

When I check with:

or
I will get a successful ssl handshake.
Maybe someone has a clue about this or has maybe some hint.

Could it be possible to make a certificate with a different hostname?

Please help me I am happy to hear any suggestions.

Re: N900 ssl connection problem qt and wget no match hostname
 

Maybe it is silly suggestion as I'm not an expert, but what is the result when you add "--no-check-certificate" flag to the wget command...?

Re: N900 ssl connection problem qt and wget no match hostname
 

I guess it will work but not solving the root of the problem:)

Re: N900 ssl connection problem qt and wget no match hostname
 

Yes, it does not solve the root of the problem, and iit does not work either...

But: I typed that command on my chrooted kali linux and the error was the following: "Resolving basemap.nationalmap.gov (basemap.nationalmap.gov)... failed: Name or service not known.
wget: unable to resolve host address `basemap.nationalmap.gov'" so it did not produce the error from above...
On the internet I found that it could be even wget that causing the issue. On Maemo5 I have 1.10, on kali 1.13.

Re: N900 ssl connection problem qt and wget no match hostname
 

looks like a dns issue maybe only related to the terminal. I tried it on some Ubuntu and was getting a file not found. This is reasonable because a German tile from an US map server is not possible. So here an us-tile-png:

The problem with maemo still exists. It seems we need maybe a new openssl and wget. A new openssl means also patching qt.
As far as I know to many things (also closed ones) depending on the old openssl, so we need to wait for maemo leste.
So atm the only way is to ignore the ssl error which is unsecure due to possible man in the middle attack.
Openssl api changes from 0.9.8 to 1.x.x.

There is another map server from which it is impossible to download because I guess the server does not support all TSLv1 crypting methods. With Ubuntu it works.

Re: N900 ssl connection problem qt and wget no match hostname
 

I did compile OpenSSL 1.0.1g for n900 some time ago.
I used without issues, so you could try it out

http://talk.maemo.org/showthread.php?t=91787

Re: N900 ssl connection problem qt and wget no match hostname
 

Ehmm I thought the backward compatibility is 72,2% from 0.9.8 to 1.0.x, for qt4-x11 it shouldn't be a problem but I thought for other packages it could be a problem if they use removed Symbols. For qt4-x11 you will only need a patch when you want to use openssl 1.1.x.

Hmm but maybe I am wrong I found something similar to your package:

https://github.com/agamez/maemo-openssl-1.0.2

I will try both.

But another thing, for qt4-x11 there is only a build dependencie with libssl-dev but no dependencie to libssl for installing. So I could rebuild qt4-x11 with other openssl and don't need to replace the maemo one?:confused:

Re: N900 ssl connection problem qt and wget no match hostname
 

Oh I missed this interesting tmo thread about openssl 1.0.2.

Re: N900 ssl connection problem qt and wget no match hostname
 

Or join efforts :)
I am sure you could make valuable contributions.

Re: N900 ssl connection problem qt and wget no match hostname
 

Yeah you are right we all should push maemo leste.
I hope I will be able to make some contributions.

Regarding my ssl problem:

• Rebuilding wget with cssu openssl - not fixing.
• Using openssl 1.0.1g - not fixing.
• Rebuilding qt4-x11 from cssu with gcc472 and openssl 1.0.1 ends in a compiler error.:confused:

@nieldk do you remember which configure parameters did you use for openssl 1.0.1.

Re: N900 ssl connection problem qt and wget no match hostname
 

As I recall it was pretty much straight forward.
But had to patch perlpath

diff -up openssl-1.0.1c/util/perlpath.pl.perlfind openssl-1.0.1c/util/perlpath.pl
--- openssl-1.0.1c/util/perlpath.pl.perlfind 2012-07-11 22:57:33.000000000 +0200
+++ openssl-1.0.1c/util/perlpath.pl 2012-07-12 00:31:12.102156275 +0200
@@ -4,10 +4,10 @@
# line in all scripts that rely on perl.
#

-require "find.pl";
+use File::Find;

$#ARGV == 0 || print STDERR "usage: perlpath newpath (eg /usr/bin)\n";
-&find(".");
+find(\&wanted, ".");

sub wanted
{

Re: N900 ssl connection problem qt and wget no match hostname
 

Compiling a newer wget 1.16 is fixing the problem for wget.
For qt using the new version in cssu-devel with sni patch from jonwil is also fixing the problem.

Re: N900 ssl connection problem qt and wget no match hostname
 

Here my wget version and libssl1.0.2 for use with older openssl versions < 1.1.0h

libssl1.0.2_1.0.2l-2maemo1_armel.deb
wget_1.16-1maemo1_armel.deb

It could be that you need to set environment variables for the ca certificates. Look here.

When you use openssl >=1.1.0h you should use the version from openrepos.