Active Topics

 


Reply
Thread Tools
Posts: 3 | Thanked: 8 times | Joined on Feb 2017
#1
So I decided to dust off and fire up my n810, but quickly encountered an issue when trying to browse almost every site: SSL certificate prompts out the wazoo. Is there some (easy) way to update the system's certificate store (e.g. using Mozilla's trusted CA list) so I don't have to tap "Continue" ~30 times when browsing a site?

I tried looking for the usual directories in /etc but did not find any after a brief search...
 

The Following 3 Users Say Thank You to mscdexdotexe For This Useful Post:
Posts: 875 | Thanked: 918 times | Joined on Sep 2010
#2
Are you using tear or another browser? I have a local SSL site with a self-signed cert and didn't need to add my local CA cert to use the site with tear. Tear is probably just blindly trusting all certs, but it works for all sites.

And it looks like the adding cert problem was "fixed in fremantle", like all other problems.

https://bugs.maemo.org/show_bug.cgi?id=1528
https://bugs.maemo.org/show_bug.cgi?id=3792
 

The Following 2 Users Say Thank You to auouymous For This Useful Post:
Posts: 3 | Thanked: 8 times | Joined on Feb 2017
#3
Originally Posted by auouymous View Post
Are you using tear or another browser?
I used both MicroB and Opera Mobile. If "tear" is blindly accepting all certificates, that would be pretty bad... It could be that that browser (which I haven't heard of before) uses its own list of trusted CAs, instead of using the global/system copy.
 

The Following 2 Users Say Thank You to mscdexdotexe For This Useful Post:
Posts: 875 | Thanked: 918 times | Joined on Sep 2010
#4
If "tear" is blindly accepting all certificates, that would be pretty bad...
Do you know how many CVEs are released every year for browsers? And n8x0 browsers are about 8-9 years old...


It could be that that browser uses its own list of trusted CAs
Like I said, I made my own CA that no browser would know about, and it works fine with tear. Tear was in the repositories if they still exist somewhere.

You could also install a proxy server on a desktop machine and have your n8x0 browser use it. I recently did that to access sites using SNI, since tear doesn't support it.
 

The Following 2 Users Say Thank You to auouymous For This Useful Post:
Posts: 3 | Thanked: 8 times | Joined on Feb 2017
#5
Originally Posted by auouymous View Post
Do you know how many CVEs are released every year for browsers? And n8x0 browsers are about 8-9 years old...
... and maintaining/updating a trusted CA list is trivial in almost all other environments. There is no recompilation involved or reliance on developers needed or anything, just update the global trust list, restart the browser, and you're done. This is very different than saying/asking "hey, there's a vulnerability in the browser when you execute this javascript code, it needs to be fixed ASAP!" Trusted CA lists are equally important and can be (again, in most normal cases) easily managed by end users.



Originally Posted by auouymous View Post
You could also install a proxy server on a desktop machine and have your n8x0 browser use it. I recently did that to access sites using SNI, since tear doesn't support it.
That's too much work just for a device I don't use regularly. I was just hoping to get something that would work anywhere (not just on my local network) while not being subjected to possible MITM attacks.
 

The Following 3 Users Say Thank You to mscdexdotexe For This Useful Post:
Reply

Tags
certificate, diablo


 
Forum Jump


All times are GMT. The time now is 23:07.