Active Topics
-
Sailfish OS for the Motorola Moto G7 Power (XT1955-5) - (ocean) (3)
to SailfishOS by edp17 - 4 hrs, 36 mins ago -
The N900 is now 15 years old! (6)
to Nokia N900 by Macros - 1 day, 8 hrs ago -
F(x)tec Pro1x (QWERTY) for sale (0)
to Buy & Sell by aln00000 - 1 day, 21 hrs ago -
n770 youtube video (0)
to General by nmdv - 5 days, 20 hrs ago - more...
 |
|
2014-12-09
, 09:32
|
|
Posts: 47 |
Thanked: 118 times |
Joined on Jan 2009
@ Krakow, POLAND
|
#2
|
I have struggled with validating certificates on N900 recently and this is how I understand it:
This will always end with error as you are not passing location of the certificates to the openssl command like in your next example. It has nothing to do with empty /etc/ssl/certs/ folder. Try it using some other Linux distro and it will end with the same error too.
There is nothing to be fixed.
Applications like links-browser or Alpine email client know the location of certificates because it's provided during compilation as one of configure script arguments: --with-ssl=path for links and --with-ssl-certs-dir=path (for Alpine).
Code:
openssl s_client -connect startpage.com:443 -prexit
Code:
Verify return code: 20 (unable to get local issuer certificate)
There is nothing to be fixed.
Applications like links-browser or Alpine email client know the location of certificates because it's provided during compilation as one of configure script arguments: --with-ssl=path for links and --with-ssl-certs-dir=path (for Alpine).
| The Following 2 Users Say Thank You to totalizator For This Useful Post: | ||
|
|
2014-12-09
, 15:36
|
|
Posts: 1,808 |
Thanked: 4,272 times |
Joined on Feb 2011
@ Germany
|
#3
|
Originally Posted by independent
And when are you planning to post one or more of the following (in increasing order of niceness
The reason is I use a version of links-browser with ssl support compiled in.
(a) the binary .deb
(b) instructions on how you compiled it
(c) announcement of package availability in extras-devel
Cheers.
| The Following 2 Users Say Thank You to reinob For This Useful Post: | ||
|
|
2014-12-11
, 08:19
|
|
Posts: 78 |
Thanked: 84 times |
Joined on Aug 2012
|
#4
|
Originally Posted by reinob
It was two years ago and it's a bin I made when I had a scratchbox install. I transfer it between installs. ..and I forgot I must have linked openssl to /etc/certs/common-ca/ (wireshark shows no http leakage). I don't think anyone wants it
And when are you planning to post one or more of the following (in increasing order of niceness
Cheers.
| The Following 2 Users Say Thank You to independent For This Useful Post: | ||
Following on from the excellent thread with modest connecting with regards to / sslv3 / tlsv1..
I've been checking to see if openssl connects to various websites securely via the command line.
My reading of this is openssl cannot see the the directory with the ca-certificates in it.
What I have done to try and fix this (to no avail):
- I have tried editing the /etc/ssl/openssl.crt file.
- I have tried symlinking to the /etc/certs/common-ca in several different ways.
- Tried copying the files over.
The reason is I use a version of links-browser with ssl support compiled in. It seems to work but testing with the openssl commands doesn't seem to work. Any ideas?
-----
PS on a completely different note to remove sslv3 (POODLE vulnerability) support in the web browser. Change about:config and set this switch:
security.enable_ssl3 user set boolean false
Last edited by independent; 2014-12-04 at 19:38.