Active Topics

 


Reply
Thread Tools
Posts: 75 | Thanked: 269 times | Joined on Aug 2012
#11
See attached file for contents.

Code:
Nokia-N900:~# apt-cache policy libnspr4 libnss3-certs libnss3 microb-engine-common microb-engine       
libnspr4:
  Installed: 1:20100401-1.9.2-5.2+0m5+0cssu2+thumb0
  Candidate: 1:20100401-1.9.2-5.2+0m5+0cssu2+thumb0
  Version table:
 *** 1:20100401-1.9.2-5.2+0m5+0cssu2+thumb0 0
        500 http://maemo.merlin1991.at fremantle/free Packages
        100 /var/lib/dpkg/status
     1:20100401-1.9.2-5.2+0m5+0cssu2 0
        500 http://repository.maemo.org fremantle/free Packages
     1:20100401-1.9.2-5.2+0m5+0cssu1 0
        500 http://repository.maemo.org fremantle/free Packages
     1:20100401-1.9.2-5.2+0m5+0cssu0 0
        500 http://repository.maemo.org fremantle/free Packages
libnss3-certs:
  Installed: 1:20100401-1.9.2-5.2+0m5+0cssu2+thumb0
  Candidate: 1:20100401-1.9.2-5.2+0m5+0cssu2+thumb0
  Version table:
 *** 1:20100401-1.9.2-5.2+0m5+0cssu2+thumb0 0
        500 http://maemo.merlin1991.at fremantle/free Packages
        100 /var/lib/dpkg/status
     1:20100401-1.9.2-5.2+0m5+0cssu2 0
        500 http://repository.maemo.org fremantle/free Packages
     1:20100401-1.9.2-5.2+0m5+0cssu1 0
        500 http://repository.maemo.org fremantle/free Packages
     1:20100401-1.9.2-5.2+0m5+0cssu0 0
        500 http://repository.maemo.org fremantle/free Packages
libnss3:
  Installed: 1:20100401-1.9.2-5.2+0m5+0cssu2+thumb0
  Candidate: 1:20100401-1.9.2-5.2+0m5+0cssu2+thumb0
  Version table:
 *** 1:20100401-1.9.2-5.2+0m5+0cssu2+thumb0 0
        500 http://maemo.merlin1991.at fremantle/free Packages
        100 /var/lib/dpkg/status
     1:20100401-1.9.2-5.2+0m5+0cssu2 0
        500 http://repository.maemo.org fremantle/free Packages
     1:20100401-1.9.2-5.2+0m5+0cssu1 0
        500 http://repository.maemo.org fremantle/free Packages
     1:20100401-1.9.2-5.2+0m5+0cssu0 0
        500 http://repository.maemo.org fremantle/free Packages
microb-engine-common:
  Installed: 1:20100401-1.9.2-5.2+0m5+0cssu2+thumb0
  Candidate: 1:20100401-1.9.2-5.2+0m5+0cssu2+thumb0
  Version table:
 *** 1:20100401-1.9.2-5.2+0m5+0cssu2+thumb0 0
        500 http://maemo.merlin1991.at fremantle/free Packages
        100 /var/lib/dpkg/status
     1:20100401-1.9.2-5.2+0m5+0cssu2 0
        500 http://repository.maemo.org fremantle/free Packages
     1:20100401-1.9.2-5.2+0m5+0cssu1 0
        500 http://repository.maemo.org fremantle/free Packages
     1:20100401-1.9.2-5.2+0m5+0cssu0 0
        500 http://repository.maemo.org fremantle/free Packages
microb-engine:
  Installed: 1:20100401-1.9.2-5.2+0m5+0cssu2+thumb0
  Candidate: 1:20100401-1.9.2-5.2+0m5+0cssu2+thumb0
  Version table:
 *** 1:20100401-1.9.2-5.2+0m5+0cssu2+thumb0 0
        500 http://maemo.merlin1991.at fremantle/free Packages
        100 /var/lib/dpkg/status
     1:20100401-1.9.2-5.2+0m5+0cssu2 0
        500 http://repository.maemo.org fremantle/free Packages
     1:20100401-1.9.2-5.2+0m5+0cssu1 0
        500 http://repository.maemo.org fremantle/free Packages
     1:20100401-1.9.2-5.2+0m5+0cssu0 0
        500 http://repository.maemo.org fremantle/free Packages
CSSU-T (thumb) version:
21.2011.38-1Tmaemo11+thumb0
Attached Files
File Type: gz certs-secure.tar.gz (451.9 KB, 140 views)
 

The Following 2 Users Say Thank You to Ilew For This Useful Post:
Posts: 567 | Thanked: 2,965 times | Joined on Oct 2009
#12
You have the correct set of certificates on your device that you should have so that isn't why it works for you and not for me.
The microb-engine version looks ok too from what I can see.

Its very wierd that your system works and mine does not...
 

The Following User Says Thank You to jonwil For This Useful Post:
Community Council | Posts: 685 | Thanked: 1,234 times | Joined on Sep 2010 @ Mbabane
#13
Tested the packages. On my CSSU-Testing device, it worked right away.

My thumb device however had completely opposite results. Not only did it not work, but all certificates disappeared. After some help, all look ok in the certificate manager. However cmcli/openssl all don't "see" them.

Attached are contents of my /etc/certs and /etc/secure
Attached Files
File Type: gz certs.tar.gz (102.5 KB, 135 views)
File Type: gz secure.tar.gz (9.7 KB, 127 views)
 

The Following 3 Users Say Thank You to sicelo For This Useful Post:
Posts: 567 | Thanked: 2,965 times | Joined on Oct 2009
#14
Ok, the plot thickens even more.
I loaded the microb-refui package that matches the microb-engine stuff I am currently running (so all of them were built in the same build run)

If I load a site (say https://www.entrust.net) into the normal microb UI (via the "web" thing) I get the sec_error_unknown_issuer error.
Yet if I then load the exact same URL into the microb-engine reference UI (via the run-mozembed.sh file in the microb-refui package) it loads just fine without errors.

Getting microb and browserd into GDB is probably the only way I am going to be able to get to the bottom of this and as of yet I haven't found a way to do that
 

The Following User Says Thank You to jonwil For This Useful Post:
Posts: 567 | Thanked: 2,965 times | Joined on Oct 2009
#15
I found the problem.
Seems that stale certificates have ended up in the mozilla/microb cert8.db file and are causing the errors.
If I move that file out of the way, all the sites that are failing load in microb.
Simply deleting it though isn't the real answer since I dont know what information that file contains. What we need is something that can remove all the bogus certificates from that file (likely bogus intermediate certificates I bet) and "clean" the file up but without removing anything important.
 

The Following 7 Users Say Thank You to jonwil For This Useful Post:
Posts: 75 | Thanked: 269 times | Joined on Aug 2012
#16
I knew it had something to do with those db files.
The db files are in the BerkeleyDB format.
So you can use db_util to dump the certificates to read them.

There's also certutil:
https://developer.mozilla.org/en-US/...Tools/certutil
 

The Following 3 Users Say Thank You to Ilew For This Useful Post:
Posts: 458 | Thanked: 783 times | Joined on Jan 2010 @ France
#17
Originally Posted by Ilew View Post
I knew it had something to do with those db files.
The db files are in the BerkeleyDB format.
So you can use db_util to dump the certificates to read them.

There's also certutil:
https://developer.mozilla.org/en-US/...Tools/certutil
jonwil,

Yes certutil seem to be the tool you need ...

Here is another link that can help you to build it : Certutil is not building properly on Scratchbox ARM builds

Hope it help ...

A++
 

The Following 2 Users Say Thank You to colin.stephane For This Useful Post:
Maemish's Avatar
Posts: 1,718 | Thanked: 4,764 times | Joined on Apr 2018 @ Helsinki, Finland.
#18
I think this thread is right place to ask. I have updated maemosec-certs from extras-devel. "How's My SSL?" site warns that I have to unsecure SSL certs accepted. How can I remove/disable these certs?

And another question. Here is said that have updated root certificates from mozilla. Is it good thing to do and can it help with micro-b being able to access more sites? I would like to get micro-b more secure but at the moment I'm batling with getting Opera to be labeled in that site at least OK (now it is bad because these two files) and I don't know how to edit and what file exactly and with what. Is it the common-ca-certificates.crt or something?
__________________
"I don't know how but I can try!" (active)

Master of not knowing (active)

For me it is possible to get lost in any case (active)

Learning to fall from high (DONE)

Learning to code with BASIC (WIP)
 

The Following User Says Thank You to Maemish For This Useful Post:
Reply


 
Forum Jump


All times are GMT. The time now is 15:11.