So I decided to dust off and fire up my n810, but quickly encountered an issue when trying to browse almost every site: SSL certificate prompts out the wazoo. Is there some (easy) way to update the system's certificate store (e.g. using Mozilla's trusted CA list) so I don't have to tap "Continue" ~30 times when browsing a site?

I tried looking for the usual directories in /etc but did not find any after a brief search...

Are you using tear or another browser? I have a local SSL site with a self-signed cert and didn't need to add my local CA cert to use the site with tear. Tear is probably just blindly trusting all certs, but it works for all sites.

And it looks like the adding cert problem was "fixed in fremantle", like all other problems.

https://bugs.maemo.org/show_bug.cgi?id=1528
https://bugs.maemo.org/show_bug.cgi?id=3792

I used both MicroB and Opera Mobile. If "tear" is blindly accepting all certificates, that would be pretty bad... It could be that that browser (which I haven't heard of before) uses its own list of trusted CAs, instead of using the global/system copy.

Do you know how many CVEs are released every year for browsers? And n8x0 browsers are about 8-9 years old...


Like I said, I made my own CA that no browser would know about, and it works fine with tear. Tear was in the repositories if they still exist somewhere.

You could also install a proxy server on a desktop machine and have your n8x0 browser use it. I recently did that to access sites using SNI, since tear doesn't support it.

... and maintaining/updating a trusted CA list is trivial in almost all other environments. There is no recompilation involved or reliance on developers needed or anything, just update the global trust list, restart the browser, and you're done. This is very different than saying/asking "hey, there's a vulnerability in the browser when you execute this javascript code, it needs to be fixed ASAP!" Trusted CA lists are equally important and can be (again, in most normal cases) easily managed by end users.



That's too much work just for a device I don't use regularly. I was just hoping to get something that would work anywhere (not just on my local network) while not being subjected to possible MITM attacks.