Reply
Thread Tools
Posts: 46 | Thanked: 160 times | Joined on Jun 2010 @ Germany, Berlin
#101
Though I am happy with supl.vodafone.com I took some time today fiddling around with supl-proxy from tajuma.com .

I checked against all working supl-server I know of:

sls1.sirf.com
supl.google.com
supl.nokia.com
supl.sonyericsson.com
supl.vodafone.com

Everytime with preceeding steps in N900:
- gconftool --recursive-unset /system/nokia/location
- reboot
- setting location server to my server with running supl-proxy (pointed to the next supl server from the five mentioned above)
- running location test tool with method ACWP (with OK to supl usage terms)

To my surprise I got a quick (less than 10sec) location result within some hundred meters around with three of the five servers:

sls1.sirf.com
supl.nokia.com
supl.vodafone.com

With the others I got quite more data exchanged, but didn't get a location result.
If anyone is interested, see my proxy logfiles attached.

Without supl-proxy , just pointing my N900 to the five servers directly (with all the preceeding steps), the only server working for me is supl.vodafone.com .

I set up supl-proxy on my own network gateway and when I was rechecking without proxy my N900 was on wifi in my own network. So all request from same IP to the supl servers.

Okay, this could mean that N900 has probs with the data coming from google and sonyericsson, but for sirf and nokia(!) the only cause for failing - left to see to me - is certificate issues.
peterleinchen, seems you where quite right with your assumptions ...

I verified certificate chain on N900 (should have done earlier):
Code:
[2|user@Nokia-N900|/] cmcli -T common-ca -v supl.vodafone.com:7275 
f73d6238917bbaeb04235d2219a1da31b4b68f4d supl.vodafone.com
 trust chain(1):
   f18ab43c6a02bfd8228c7965cf88f4abbc180aa6 Thawte Server CA
Verified OK
And for Nokia:
Code:
[2|user@Nokia-N900|/] cmcli -T common-ca -v supl.nokia.com:7275 
1ad16dd494e161abd39bd94ed94bf8eafe4ede28 supl.nokia.com
 Verification failed: self signed certificate
Too bad.
Checking the chain:
Code:
openssl s_client -connect supl.nokia.com:7275
I already had a short look into the cert chain , replacing VeriSign certs in certificate manager (via cmcli). But with no luck.
One can find all VeriSign root certs at http://www.symantec.com/page.jsp?id=roots .

Maybe someone has more abilities to digg deeper into it. Would be nice to have supl.nokia.com usable again. Until then supl.vodafone.com is good enough for my needs.

Cheers, Ulle
Attached Files
File Type: zip supl-proxy_logs_n900.zip (12.1 KB, 193 views)
 

The Following 15 Users Say Thank You to Ulle For This Useful Post:
Posts: 1,378 | Thanked: 1,604 times | Joined on Jun 2010 @ Göteborg, Sweden
#102
Superb research Ulle!
Could and should maemo.org run supl-proxy for us?
Was it easy to build? (for linux?).

How much traffic (kb/mb) in an exchange?
 

The Following 5 Users Say Thank You to handaxe For This Useful Post:
Posts: 3 | Thanked: 10 times | Joined on Feb 2011
#103
If you're going the (local or remote) supl-proxy route, which I intended to try as soon as I can get a Maemo dev environment set up, I strongly suggest you have a look at the open databases of cell IDs and wireless APs at http://openbmap.org/ and http://www.opencellid.org/ - I think prehaps with ephemeris data added, these could make a much better, more accurate, and open, SUPL server than we can currently get.

I think the Maemo app CellNet-info uses one of those sites to provide lat/long info for a cell, but I'm not entirely sure at the moment.

An open SUPL server would benefit not only the N900, but virtually any modern phone.
 

The Following User Says Thank You to LjL For This Useful Post:
Posts: 3,074 | Thanked: 12,960 times | Joined on Mar 2010 @ Sofia,Bulgaria
#104
Code:
openssl s_client -connect supl.nokia.com:7275 -CApath /etc/certs/common-ca/
.
.
.
New, TLSv1/SSLv3, Cipher is RC4-MD5
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
    Cipher    : RC4-MD5
    Session-ID: ..................
    Session-ID-ctx:
    Master-Key: ...................
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    Start Time: 1377673374
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
__________________
Never fear. I is here.

720p video support on N900,SmartReflex on N900,Keyboard and mouse support on N900
Nothing is impossible - Stable thumb2 on n900

Community SSU developer
kernel-power developer and maintainer

 

The Following 4 Users Say Thank You to freemangordon For This Useful Post:
peterleinchen's Avatar
Posts: 4,117 | Thanked: 8,901 times | Joined on Aug 2010 @ Ruhrgebiet, Germany
#105
I know that (and openssl returns also error when not pointed to /etc/certs/common-ca).
But why on earth does cmcli return an error even when pointed explicitly to common-ca???
That made me thinking of hard-coded certs in GPS blob.

And why supl.nokia.com returns result for N900 when using proxy?
__________________
SIM-Switcher, automated SIM switching with a Double (Dual) SIM adapter
--
Thank you all for voting me into the Community Council 2014-2016!

Please consider your membership / supporting Maemo e.V. and help to spread this by following/copying this link to your TMO signature:
[MC eV] Maemo Community eV membership application, http://talk.maemo.org/showthread.php?t=94257

editsignature, http://talk.maemo.org/profile.php?do=editsignature

Last edited by peterleinchen; 2013-08-28 at 07:12.
 

The Following 2 Users Say Thank You to peterleinchen For This Useful Post:
Posts: 3,074 | Thanked: 12,960 times | Joined on Mar 2010 @ Sofia,Bulgaria
#106
Originally Posted by peterleinchen View Post
I know that (and openssl returns also error when not pointed to /etc/certs/common-ca).
But why on earth does cmcli return an error even when pointed explicitly to common-ca???
That made me thinking of hard-coded certs in GPS blob.

And why supl.nokia.com returns result for N900 when using proxy?
hmm, seems you have misread my post, if given
"-CApath /etc/certs/common-ca/", it does not fail
__________________
Never fear. I is here.

720p video support on N900,SmartReflex on N900,Keyboard and mouse support on N900
Nothing is impossible - Stable thumb2 on n900

Community SSU developer
kernel-power developer and maintainer

 

The Following 2 Users Say Thank You to freemangordon For This Useful Post:
peterleinchen's Avatar
Posts: 4,117 | Thanked: 8,901 times | Joined on Aug 2010 @ Ruhrgebiet, Germany
#107
No no, I read and understood correctly.
As I made same experience.

openssl fails when not pointed to common-ca
openssl succeeds when pointed to common-ca

cmcli fails when not pointed to common-ca
cmcli fails also even when pointed to common-ca

So that means we have all needed certs aboard, but mabe they are not used or ... ?
At least Nokia and Google changed their cert paths in the past.

And the proxy acts as a proxy? Or initiates a completely new connection to supl? In first case it would not work afaik as ssl/cert communication is just forwarded?
__________________
SIM-Switcher, automated SIM switching with a Double (Dual) SIM adapter
--
Thank you all for voting me into the Community Council 2014-2016!

Please consider your membership / supporting Maemo e.V. and help to spread this by following/copying this link to your TMO signature:
[MC eV] Maemo Community eV membership application, http://talk.maemo.org/showthread.php?t=94257

editsignature, http://talk.maemo.org/profile.php?do=editsignature

Last edited by peterleinchen; 2013-08-28 at 07:37.
 

The Following 2 Users Say Thank You to peterleinchen For This Useful Post:
Posts: 3,074 | Thanked: 12,960 times | Joined on Mar 2010 @ Sofia,Bulgaria
#108
Originally Posted by peterleinchen View Post
...
So that means we have all needed certs aboard, but mabe they are not used or ... ?
...we have a bug in /usr/bin/location-proxy

I am thinking to RE that, it is not that big, but before I start, could someone try to confirm(somehow?) this is the binary to blame

EDIT: seems like it is libmaemosec.so to blame

EDIT2: microb doesn't have any problem connecting to supl.nokia.com:7275
__________________
Never fear. I is here.

720p video support on N900,SmartReflex on N900,Keyboard and mouse support on N900
Nothing is impossible - Stable thumb2 on n900

Community SSU developer
kernel-power developer and maintainer


Last edited by freemangordon; 2013-08-28 at 07:48.
 

The Following 7 Users Say Thank You to freemangordon For This Useful Post:
peterleinchen's Avatar
Posts: 4,117 | Thanked: 8,901 times | Joined on Aug 2010 @ Ruhrgebiet, Germany
#109
Oh man you are the man!

Why we did not contact you directly? Maybe because I did not want to put everything on your shoulder.
Eagerly waiting for a result. Be it positive or negative.

BIG thanks in advance.
How to do you a favour (already declined donations)?
__________________
SIM-Switcher, automated SIM switching with a Double (Dual) SIM adapter
--
Thank you all for voting me into the Community Council 2014-2016!

Please consider your membership / supporting Maemo e.V. and help to spread this by following/copying this link to your TMO signature:
[MC eV] Maemo Community eV membership application, http://talk.maemo.org/showthread.php?t=94257

editsignature, http://talk.maemo.org/profile.php?do=editsignature
 

The Following 3 Users Say Thank You to peterleinchen For This Useful Post:
Posts: 3,074 | Thanked: 12,960 times | Joined on Mar 2010 @ Sofia,Bulgaria
#110
Originally Posted by peterleinchen View Post
How to do you a favour (already declined donations)?
Find why "cmcli fails also even when pointed to common-ca"
__________________
Never fear. I is here.

720p video support on N900,SmartReflex on N900,Keyboard and mouse support on N900
Nothing is impossible - Stable thumb2 on n900

Community SSU developer
kernel-power developer and maintainer

 

The Following 2 Users Say Thank You to freemangordon For This Useful Post:
Reply

Tags
a-gps, nokia n900

Thread Tools

 
Forum Jump


All times are GMT. The time now is 12:45.