Active Topics
-
Sailfish OS for the Motorola Moto G7 Power (XT1955-5) - (ocean) (4)
to SailfishOS by Maemish - 15 hrs, 37 mins ago -
The N900 is now 15 years old! (6)
to Nokia N900 by Macros - 2 days, 11 hrs ago -
F(x)tec Pro1x (QWERTY) for sale (0)
to Buy & Sell by aln00000 - 3 days ago -
n770 youtube video (0)
to General by nmdv - 6 days, 23 hrs ago - more...
| The Following 15 Users Say Thank You to Ulle For This Useful Post: | ||
|
2013-08-27
, 20:53
|
|
Posts: 1,378 |
Thanked: 1,604 times |
Joined on Jun 2010
@ Göteborg, Sweden
|
#102
|
Superb research Ulle!
Could and should maemo.org run supl-proxy for us?
Was it easy to build? (for linux?).
How much traffic (kb/mb) in an exchange?
Could and should maemo.org run supl-proxy for us?
Was it easy to build? (for linux?).
How much traffic (kb/mb) in an exchange?
|
|
2013-08-27
, 23:48
|
|
Posts: 3 |
Thanked: 10 times |
Joined on Feb 2011
|
#103
|
If you're going the (local or remote) supl-proxy route, which I intended to try as soon as I can get a Maemo dev environment set up, I strongly suggest you have a look at the open databases of cell IDs and wireless APs at http://openbmap.org/ and http://www.opencellid.org/ - I think prehaps with ephemeris data added, these could make a much better, more accurate, and open, SUPL server than we can currently get.
I think the Maemo app CellNet-info uses one of those sites to provide lat/long info for a cell, but I'm not entirely sure at the moment.
An open SUPL server would benefit not only the N900, but virtually any modern phone.
I think the Maemo app CellNet-info uses one of those sites to provide lat/long info for a cell, but I'm not entirely sure at the moment.
An open SUPL server would benefit not only the N900, but virtually any modern phone.
| The Following User Says Thank You to LjL For This Useful Post: | ||
|
|
2013-08-28
, 07:05
|
|
Posts: 3,074 |
Thanked: 12,960 times |
Joined on Mar 2010
@ Sofia,Bulgaria
|
#104
|
Code:
openssl s_client -connect supl.nokia.com:7275 -CApath /etc/certs/common-ca/
.
.
.
New, TLSv1/SSLv3, Cipher is RC4-MD5
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : RC4-MD5
Session-ID: ..................
Session-ID-ctx:
Master-Key: ...................
Key-Arg : None
PSK identity: None
PSK identity hint: None
Start Time: 1377673374
Timeout : 300 (sec)
Verify return code: 0 (ok)
__________________
Never fear. I is here.
720p video support on N900,SmartReflex on N900,Keyboard and mouse support on N900
Nothing is impossible - Stable thumb2 on n900
Community SSU developer
kernel-power developer and maintainer
Never fear. I is here.
720p video support on N900,SmartReflex on N900,Keyboard and mouse support on N900
Nothing is impossible - Stable thumb2 on n900
Community SSU developer
kernel-power developer and maintainer
| The Following 4 Users Say Thank You to freemangordon For This Useful Post: | ||
 |
|
2013-08-28
, 07:10
|
|
Posts: 4,118 |
Thanked: 8,901 times |
Joined on Aug 2010
@ Ruhrgebiet, Germany
|
#105
|
I know that (and openssl returns also error when not pointed to /etc/certs/common-ca).
But why on earth does cmcli return an error even when pointed explicitly to common-ca???
That made me thinking of hard-coded certs in GPS blob.
And why supl.nokia.com returns result for N900 when using proxy?
Last edited by peterleinchen; 2013-08-28 at 07:12.
But why on earth does cmcli return an error even when pointed explicitly to common-ca???
That made me thinking of hard-coded certs in GPS blob.
And why supl.nokia.com returns result for N900 when using proxy?
__________________
SIM-Switcher, automated SIM switching with a Double (Dual) SIM adapter
--
Thank you all for voting me into the Community Council 2014-2016!
Please consider your membership / supporting Maemo e.V. and help to spread this by following/copying this link to your TMO signature:
[MC eV] Maemo Community eV membership application, http://talk.maemo.org/showthread.php?t=94257
editsignature, http://talk.maemo.org/profile.php?do=editsignature
SIM-Switcher, automated SIM switching with a Double (Dual) SIM adapter
--
Thank you all for voting me into the Community Council 2014-2016!
Please consider your membership / supporting Maemo e.V. and help to spread this by following/copying this link to your TMO signature:
[MC eV] Maemo Community eV membership application, http://talk.maemo.org/showthread.php?t=94257
editsignature, http://talk.maemo.org/profile.php?do=editsignature
Last edited by peterleinchen; 2013-08-28 at 07:12.
|
|
2013-08-28
, 07:19
|
|
Posts: 3,074 |
Thanked: 12,960 times |
Joined on Mar 2010
@ Sofia,Bulgaria
|
#106
|
Originally Posted by peterleinchen
hmm, seems you have misread my post, if given
I know that (and openssl returns also error when not pointed to /etc/certs/common-ca).
But why on earth does cmcli return an error even when pointed explicitly to common-ca???
That made me thinking of hard-coded certs in GPS blob.
And why supl.nokia.com returns result for N900 when using proxy?
"-CApath /etc/certs/common-ca/", it does not fail
__________________
Never fear. I is here.
720p video support on N900,SmartReflex on N900,Keyboard and mouse support on N900
Nothing is impossible - Stable thumb2 on n900
Community SSU developer
kernel-power developer and maintainer
Never fear. I is here.
720p video support on N900,SmartReflex on N900,Keyboard and mouse support on N900
Nothing is impossible - Stable thumb2 on n900
Community SSU developer
kernel-power developer and maintainer
|
|
2013-08-28
, 07:34
|
|
Posts: 4,118 |
Thanked: 8,901 times |
Joined on Aug 2010
@ Ruhrgebiet, Germany
|
#107
|
No no, I read and understood correctly.
As I made same experience.
openssl fails when not pointed to common-ca
openssl succeeds when pointed to common-ca
cmcli fails when not pointed to common-ca
cmcli fails also even when pointed to common-ca
So that means we have all needed certs aboard, but mabe they are not used or ... ?
At least Nokia and Google changed their cert paths in the past.
And the proxy acts as a proxy? Or initiates a completely new connection to supl? In first case it would not work afaik as ssl/cert communication is just forwarded?
Last edited by peterleinchen; 2013-08-28 at 07:37.
As I made same experience.
openssl fails when not pointed to common-ca
openssl succeeds when pointed to common-ca
cmcli fails when not pointed to common-ca
cmcli fails also even when pointed to common-ca
So that means we have all needed certs aboard, but mabe they are not used or ... ?
At least Nokia and Google changed their cert paths in the past.
And the proxy acts as a proxy? Or initiates a completely new connection to supl? In first case it would not work afaik as ssl/cert communication is just forwarded?
__________________
SIM-Switcher, automated SIM switching with a Double (Dual) SIM adapter
--
Thank you all for voting me into the Community Council 2014-2016!
Please consider your membership / supporting Maemo e.V. and help to spread this by following/copying this link to your TMO signature:
[MC eV] Maemo Community eV membership application, http://talk.maemo.org/showthread.php?t=94257
editsignature, http://talk.maemo.org/profile.php?do=editsignature
SIM-Switcher, automated SIM switching with a Double (Dual) SIM adapter
--
Thank you all for voting me into the Community Council 2014-2016!
Please consider your membership / supporting Maemo e.V. and help to spread this by following/copying this link to your TMO signature:
[MC eV] Maemo Community eV membership application, http://talk.maemo.org/showthread.php?t=94257
editsignature, http://talk.maemo.org/profile.php?do=editsignature
Last edited by peterleinchen; 2013-08-28 at 07:37.
| The Following 2 Users Say Thank You to peterleinchen For This Useful Post: | ||
|
|
2013-08-28
, 07:40
|
|
Posts: 3,074 |
Thanked: 12,960 times |
Joined on Mar 2010
@ Sofia,Bulgaria
|
#108
|
Originally Posted by peterleinchen
...we have a bug in /usr/bin/location-proxy
...
So that means we have all needed certs aboard, but mabe they are not used or ... ?
I am thinking to RE that, it is not that big, but before I start, could someone try to confirm(somehow?) this is the binary to blame
EDIT: seems like it is libmaemosec.so to blame
EDIT2: microb doesn't have any problem connecting to supl.nokia.com:7275
__________________
Never fear. I is here.
720p video support on N900,SmartReflex on N900,Keyboard and mouse support on N900
Nothing is impossible - Stable thumb2 on n900
Community SSU developer
kernel-power developer and maintainer
Never fear. I is here.
720p video support on N900,SmartReflex on N900,Keyboard and mouse support on N900
Nothing is impossible - Stable thumb2 on n900
Community SSU developer
kernel-power developer and maintainer
Last edited by freemangordon; 2013-08-28 at 07:48.
|
|
2013-08-28
, 07:54
|
|
Posts: 4,118 |
Thanked: 8,901 times |
Joined on Aug 2010
@ Ruhrgebiet, Germany
|
#109
|
Oh man you are the man!
Why we did not contact you directly? Maybe because I did not want to put everything on your shoulder.
Eagerly waiting for a result. Be it positive or negative.
BIG thanks in advance.
How to do you a favour (already declined donations)?
Why we did not contact you directly? Maybe because I did not want to put everything on your shoulder.
Eagerly waiting for a result. Be it positive or negative.
BIG thanks in advance.
How to do you a favour (already declined donations)?
__________________
SIM-Switcher, automated SIM switching with a Double (Dual) SIM adapter
--
Thank you all for voting me into the Community Council 2014-2016!
Please consider your membership / supporting Maemo e.V. and help to spread this by following/copying this link to your TMO signature:
[MC eV] Maemo Community eV membership application, http://talk.maemo.org/showthread.php?t=94257
editsignature, http://talk.maemo.org/profile.php?do=editsignature
SIM-Switcher, automated SIM switching with a Double (Dual) SIM adapter
--
Thank you all for voting me into the Community Council 2014-2016!
Please consider your membership / supporting Maemo e.V. and help to spread this by following/copying this link to your TMO signature:
[MC eV] Maemo Community eV membership application, http://talk.maemo.org/showthread.php?t=94257
editsignature, http://talk.maemo.org/profile.php?do=editsignature
|
|
2013-08-28
, 08:03
|
|
Posts: 3,074 |
Thanked: 12,960 times |
Joined on Mar 2010
@ Sofia,Bulgaria
|
#110
|
Originally Posted by peterleinchen
Find why "cmcli fails also even when pointed to common-ca"
How to do you a favour (already declined donations)?
__________________
Never fear. I is here.
720p video support on N900,SmartReflex on N900,Keyboard and mouse support on N900
Nothing is impossible - Stable thumb2 on n900
Community SSU developer
kernel-power developer and maintainer
Never fear. I is here.
720p video support on N900,SmartReflex on N900,Keyboard and mouse support on N900
Nothing is impossible - Stable thumb2 on n900
Community SSU developer
kernel-power developer and maintainer
I checked against all working supl-server I know of:
sls1.sirf.com
supl.google.com
supl.nokia.com
supl.sonyericsson.com
supl.vodafone.com
Everytime with preceeding steps in N900:
- gconftool --recursive-unset /system/nokia/location
- reboot
- setting location server to my server with running supl-proxy (pointed to the next supl server from the five mentioned above)
- running location test tool with method ACWP (with OK to supl usage terms)
To my surprise I got a quick (less than 10sec) location result within some hundred meters around with three of the five servers:
sls1.sirf.com
supl.nokia.com
supl.vodafone.com
With the others I got quite more data exchanged, but didn't get a location result.
If anyone is interested, see my proxy logfiles attached.
Without supl-proxy , just pointing my N900 to the five servers directly (with all the preceeding steps), the only server working for me is supl.vodafone.com .
I set up supl-proxy on my own network gateway and when I was rechecking without proxy my N900 was on wifi in my own network. So all request from same IP to the supl servers.
Okay, this could mean that N900 has probs with the data coming from google and sonyericsson, but for sirf and nokia(!) the only cause for failing - left to see to me - is certificate issues.
peterleinchen, seems you where quite right with your assumptions ...
I verified certificate chain on N900 (should have done earlier):
Checking the chain:
One can find all VeriSign root certs at http://www.symantec.com/page.jsp?id=roots .
Maybe someone has more abilities to digg deeper into it. Would be nice to have supl.nokia.com usable again. Until then supl.vodafone.com is good enough for my needs.
Cheers, Ulle