Notices


Reply
Thread Tools
Posts: 541 | Thanked: 2,780 times | Joined on Oct 2009
#1
So it looks like (at least per what happens when I try to use wget on the relavent URL) Translink have updated their system to require TLS 1.2. Which means I need to add TLS 1.2 support to QT. Which means I need a newer OpenSSL than the 0.9.8zh version currently in use on Fremantle.

I know there are ports of newer OpenSSL for Fremantle but I dont know which one I should use or where to get it from. I also dont know if anyone has already done the work to support TLS 1.2 in the Maemo QT version or not and if so where to get it from (if not, I will have to do the back-port myself). Can anyone help me out?
 

The Following 4 Users Say Thank You to jonwil For This Useful Post:
Posts: 538 | Thanked: 1,455 times | Joined on Feb 2012 @ Germany
#2
I am struggling to make a newer openssl version running in parallel with an old version. So from myside I can't help here atm.
Regarding TSL1.2 and qt4 I don't have a clue, if there are some patches.

For qt 4.8.7 there is a debian openssl 1.1.0 patch I will attach it.
Attached Files
File Type: gz qt4-openssl-1.1.patch.tar.gz (6.0 KB, 18 views)
 

The Following 3 Users Say Thank You to Halftux For This Useful Post:
Posts: 538 | Thanked: 1,455 times | Joined on Feb 2012 @ Germany
#3
Here I found something about backport tls version to qt4.

https://github.com/mkrautz/mumble-de...b523a3eccb8b58

This one is maybe newer:
https://github.com/mkrautz/mumble-de...bc7545b80bd7fe

And here a backport of Support for DH and ECDH key exchange for QSslSocket servers.
So this one is not needed for clients.
https://github.com/mkrautz/mumble-de...9129d74f609f40

Last edited by Halftux; 2018-05-30 at 12:27.
 

The Following 3 Users Say Thank You to Halftux For This Useful Post:
Posts: 541 | Thanked: 2,780 times | Joined on Oct 2009
#4
Looks like the main issue then is getting a newer OpenSSL working and running on-device without breaking the older OpenSSL.
 

The Following 3 Users Say Thank You to jonwil For This Useful Post:
Posts: 541 | Thanked: 2,780 times | Joined on Oct 2009
#5
I have identified that there are no local Nokia-specific changes needed for OpenSSL 1.1.0h (all the patches in Nokia 0.9.8n that aren't in Debian 0.9.8n are either not needed or got merged upstream). All I need to do know is to figure out how to get Debian 1.1.0h to compile on Fremantle.
 

The Following 3 Users Say Thank You to jonwil For This Useful Post:
Posts: 541 | Thanked: 2,780 times | Joined on Oct 2009
#6
I have managed to get OpenSSL 1.1.0h to compile in Scratchbox. Current source tree is at https://github.com/jonwil/openssl/

The openssl test cases are failing on Scratchbox armel (doesn't surprise me given how "unique" scratchbox is in the way it runs the arm binaries and stuff) so I have turned them off in the packaging.
All the tests pass on my N900 so I am going to continue and test the actual packages on my N900 and see what happens.

Once I get OpenSSL working, I will then move onto getting TLS 1.2 support into QT and then getting Fahrplan fixed.
 

The Following 9 Users Say Thank You to jonwil For This Useful Post:
Posts: 541 | Thanked: 2,780 times | Joined on Oct 2009
#7
Ok, new OpenSSL works so far in that I can run openssl s_client -connect blah and get the results I expect (I had to run a command on the certificates to get them in the format the new OpenSSL wants but my analysis of the N900 rootfs suggests nothing is reading the certificates that way, they are all either using maemosec-certman or reading the maemosec-certman pem files so it should be safe to run that rehash)

New packages are at http://maemo.merlin1991.at/cssu/comm...ree/o/openssl/

Next up, QT and Fahrplan
 

The Following 10 Users Say Thank You to jonwil For This Useful Post:
Posts: 541 | Thanked: 2,780 times | Joined on Oct 2009
#8
For reference, these are the packages on a stock N900 PR1.3 install that link to OpenSSL:
Closed packages:
as-daemon (active sync daemon for Microsoft email servers)
osso-wlan-security (provides security stuff for WiFi)
nokiamessaging (nokia messaging stuff, no longer works AFAIK)
adobe-flashplayer (Flash plugin)
sharing-services-default (sharing services stuff, its the OVI plugin that uses OpenSSL)
funambol-cpp-api (SyncML stuff)
location-proxy (proxy to handle the communications between the GPS hardware and the AGPS SUPL server)
osso-backup (backup program)
ota-settings (handles cellular data connection settings sent over the air)
maesync-backend (backend for syncing with Nokia PC application and things)
liblomesa (low level image viewer API)

Open packages:
maemo-security-certman (maemo certificate manager)
maemo-security-certman-applet (maemo certificate manager applet)
tinymail (tinymail backend stuff for modest)
xorg-server (main binaries for X11)
curl (command line tool for accessing URLs)
loudmouth (library for Jabber)
microb-eal (microb component)
qt4-x11 (QT4 package)
sofia-sip (SIP library)
clinkc (UPnP library)

Packages who's openness is unknown:
tablet-browser-ui (tablet browser main binary, I think I saw source code for this one somewhere but I cant find it and I may have been mistaken)
connui-internet (internet connectivity UI widgets, dont know if the clone done for maemo-leste is complete and can be compiled to work as a drop-in replacement for the Fremantle package)
connui-wlan (wlan connectivity UI widgets, dont know if the clone done for maemo-leste is complete and can be compiled to work as a drop-in replacement for the Fremantle package)
 

The Following 7 Users Say Thank You to jonwil For This Useful Post:
Reply

Thread Tools

 
Forum Jump


All times are GMT. The time now is 03:40.