Active Topics

 


Reply
Thread Tools
Posts: 567 | Thanked: 2,965 times | Joined on Oct 2009
#1
More and more servers now require TLS 1.2 which microb doesn't currently support. I am willing to help write code (or adapt existing code) if we can figure out what needs to be done.

"use another browser", "use maemo-leste" and similar options are not acceptable to me, I want to make microb (and gecko engine/nss) that are currently running on my N900 support TLS 1.2, I do not want to change browser or OS.
 

The Following 17 Users Say Thank You to jonwil For This Useful Post:
Community Council | Posts: 685 | Thanked: 1,235 times | Joined on Sep 2010 @ Mbabane
#2
i think we're all with you and would most definitely love it if that succeeded (and Leste evangelist that I am, Leste would also most likely benefit from such improved microb).
 

The Following 11 Users Say Thank You to sicelo For This Useful Post:
Halftux's Avatar
Posts: 868 | Thanked: 2,516 times | Joined on Feb 2012 @ Germany
#3
@jonwil I thought you had once a deep look into this microb engine.

I think what I know you know already.

For sure you need to get new libnss3 running.

So have a look into:
libnss3
microb-engine
libmaemosec-certman0
microb-eal
libssl

microb white paper
microb browser architecture
 

The Following 9 Users Say Thank You to Halftux For This Useful Post:
Posts: 1,203 | Thanked: 3,027 times | Joined on Dec 2010
#4
I did find https://bugzilla.mozilla.org/show_bug.cgi?id=480514

There's some work in Leste repo on updating maemo-security-certman to use openssl 1.1.0. Not sure if that will help out as well in the long run to keep components and certificates up to date. Some Leste components like that could be backported to Fremantle to aid in testing.
 

The Following 8 Users Say Thank You to Android_808 For This Useful Post:
Posts: 567 | Thanked: 2,965 times | Joined on Oct 2009
#5
I think the best way forward is as follows:
1.Figure out what version of NSS or what NSS tag or what NSS revision matches what's in microb-engine (we know what Gecko revision matches microb-engine but we need to match that back to the NSS repository)
2.Figure out of any of the local patches made to the microb-engine source code apply to NSS and whether those patches need to be handled going forward.
3.Grab the oldest release of NSS that has working TLS 1.2 support (actual official release by the NSS team, not just a repository revision)
4.Examine both sets of code and figure out what has changed that will affect microb-engine (e.g. has the public API changed in ways that matter)
and 5.Once we know what's changed, figure out whether its possible to port microb-engine to the newer NSS and then do it.

As far as I know, everything that talks to the NSS libraries is FOSS so the ABI doesn't matter, just the API.
 

The Following 9 Users Say Thank You to jonwil For This Useful Post:
Posts: 567 | Thanked: 2,965 times | Joined on Oct 2009
#6
Ok so I have identified that microb-engine is using a Gecko revision taken from somewhere in the mozilla-1.9.2/Firefox 3.6.x tree and is using NSS_3_12_6_RTM.
The TLS 1.2 support didn't land until NSS 3.15.1 and the first version of Firefox to use that is Firefox 24.

Based on what I have observed, we have several options here as a way forward:
1.Start from the mozilla-central commit for NSS 3.12.6 RTM, move forward in time and look for any commits that update NSS (or that are necessary in order to update NSS to newer versions) and try and back-port those changes to microb-engine

2.Take the Gecko base code from Firefox 24.x and figure out if we can make it work as a replacement for microb-engine ([porting various local microb patches to that code, identifying if anything has changed API or ABI wise in the header files that get used by the stuff outside of microb-engine, figure out if any maemo-specific bits have been removed from the codebase etc) then if we can make it work (either as-is or with some porting work on the things that talk to microb-engine) use that to replace microb-engine.

or 3.Try to get Fennec 24.x working on Maemo5 and modify it so it can slot in as the "system" browser but with microb-engine remaining around for maps and rtcom-messaging-api and such (again identifying if there are any bits removed that matter, any maemo-specific changes we need to make/port across/whatever). I dont know when Fennec dropped all the bits needed for Maemo/Linux and became "Firefox for Android" but I have seen a Fremantle port of Fennec 17 so that might be a place to start.

The goal of this work is to allow people who are using Maemo Fremantle (and who are interested in the work) to have a browser that can at least connect to web sites using the latest security protocols and (depending on how things are done) maybe also get some browser improvements in there as well so it can do better on rendering web pages.
 

The Following 12 Users Say Thank You to jonwil For This Useful Post:
Posts: 567 | Thanked: 2,965 times | Joined on Oct 2009
#7
There IS an option 4: Find all the patches needed for TLS 1.2 support in NSS and mozilla and back-port those to microb-engine somehow.

Oh and for those who say "forget about microb and stuff and use an existing modern replacement", what modern replacement do you suggest people on Maemo Fremantle use?

The newest Fennec build currently available for Maemo is Fennec 17 and that's not new enough to support TLS 1.2 and the newest security stuff so there is no existing Gecko browser that we can use.

All the new-enough webkit based browsers out there would need just as much porting work to run on Maemo as a newer Gecko does so that's not an option. And Leste isn't usable as a daily driver yet (and doesn't have a browser yet anyway) so switching to a new OS is also not an option. (and obviously "get a new phone" isn't the answer either since people using the N900 in 2018 are almost certainly using it because they like it and prefer it to iOS and Android
 

The Following 12 Users Say Thank You to jonwil For This Useful Post:
Posts: 1,203 | Thanked: 3,027 times | Joined on Dec 2010
#8
Maemo code wasn't completely removed until 26.

https://bugzilla.mozilla.org/show_bug.cgi?id=906072
 

The Following 9 Users Say Thank You to Android_808 For This Useful Post:
Posts: 567 | Thanked: 2,965 times | Joined on Oct 2009
#9
There are other bugs related to Maemo support including
https://bugzilla.mozilla.org/show_bug.cgi?id=653201 (cant tell what version that was removed in)
https://bugzilla.mozilla.org/show_bug.cgi?id=1080529 (although that looks like a website change rather than a code change so we can ignore it)
and https://bugzilla.mozilla.org/show_bug.cgi?id=648156 (which looks like it was removed in Firefox 5.x so long before the build of FF we need to be worried about, this one looks like the important one)

And there may be other bugs in there that I haven't found yet that are relavent to us.
 

The Following 6 Users Say Thank You to jonwil For This Useful Post:
Posts: 567 | Thanked: 2,965 times | Joined on Oct 2009
#10
After some thoughts I would say option 2 is the best way forward (get FF24 Gecko code running in microb-engine).
To pull it off we need to
A.Identify which of the Maemo local patches need to be forward ported to FF24 and port them
B.Identify what needs to change in the debian packaging to make FF24 work
C.Identify any breaking changes to API or ABI between microb-engine and FF24 and find a solution to those somehow
D.Identify anything important that got removed between microb-engine and FF24 (such as the above linked bugs) and find a solution.
and E.Identify any cases where FF24 needs newer versions of libraries than microb-engine and find a solution to that somehow.
 

The Following 8 Users Say Thank You to jonwil For This Useful Post:
Reply


 
Forum Jump


All times are GMT. The time now is 18:02.