Reply
Thread Tools
nthn's Avatar
Posts: 764 | Thanked: 2,888 times | Joined on Jun 2014
#21
I didn't even know you could access this site through HTTPS!
 

The Following User Says Thank You to nthn For This Useful Post:
peterleinchen's Avatar
Posts: 4,117 | Thanked: 8,901 times | Joined on Aug 2010 @ Ruhrgebiet, Germany
#22
Originally Posted by fstern View Post
Apparently I included the wrong chain certificate in the config - this should be fixed now.
Hmm, still the same here with N900/N9/JollaC (stock browser).

Guess nieldk is right and we need to add that root cert? [no idea how to do so the Jolla]

@pichlo
stock browser on Jolla1?
__________________
SIM-Switcher, automated SIM switching with a Double (Dual) SIM adapter
--
Thank you all for voting me into the Community Council 2014-2016!

Please consider your membership / supporting Maemo e.V. and help to spread this by following/copying this link to your TMO signature:
[MC eV] Maemo Community eV membership application, http://talk.maemo.org/showthread.php?t=94257

editsignature, http://talk.maemo.org/profile.php?do=editsignature
 

The Following User Says Thank You to peterleinchen For This Useful Post:
pichlo's Avatar
Posts: 6,445 | Thanked: 20,981 times | Joined on Sep 2012 @ UK
#23
Originally Posted by peterleinchen View Post
@pichlo
stock browser on Jolla1?
Yes. 10 chars
__________________
Русский военный корабль, иди нахуй!
 

The Following User Says Thank You to pichlo For This Useful Post:
peterleinchen's Avatar
Posts: 4,117 | Thanked: 8,901 times | Joined on Aug 2010 @ Ruhrgebiet, Germany
#24
Originally Posted by pichlo View Post
Yes. 10 chars
Strange!
As I just charged/booted my J1 tosee the same behaviour.



--
after adding the root cert from nieldk's link on my N9 I can directly connect to https://maemo.org
but funny things happen, after log in I use http instead https, after forcing use of https all CSS is mixed up
not to speak of I cannot use https://talk.maemo.org with my N9???


So I guess we got a cert from StartCom with their latest root cert, which is not on N900/N9/Jolla1/C (except pichlo's )


Even the browser now accepts connections to https://maemo.org, openssl is bickering a bit:
Code:
~ # openssl s_client  -connect maemo.org:443
WARNING: can't open config file: /etc/ssl/openssl.cnf
986220256:error:25066067:DSO support routines:DLFCN_LOAD:could not load the shared library:dso_dlfcn.c:187:filename(libz.so): libz.so: cannot open shared object file: No such file or directory
986220256:error:25070067:DSO support routines:DSO_load:could notload the shared library:dso_lib.c:244:
CONNECTED(00000003)
depth=0 C = DE, CN = www.maemo.org
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 C = DE, CN = www.maemo.org
verify error:num=27:certificate not trusted
verify return:1
depth=0 C = DE, CN = www.maemo.org
verify error:num=21:unable to verify the first certificate
verify return:1
---
Certificate chain
 0 s:/C=DE/CN=www.maemo.org
   i:/C=IL/O=StartCom Ltd./OU=StartCom Certification Authority/CN=StartCom Class 1 DV Server CA
 1 s:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Class 1 Primary Intermediate Server CA
   i:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Certification Authority
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIQFDlk59swohnIrczFTcuZMzANBgkqhkiG9w0BAQsFADB4
MQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjEpMCcGA1UECxMg
U3RhcnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxJjAkBgNVBAMTHVN0YXJ0
Q29tIENsYXNzIDEgRFYgU2VydmVyIENBMB4XDTE2MDgwMTA5MTYzM1oXDTE3MDgw
MTA5MTYzM1owJTELMAkGA1UEBhMCREUxFjAUBgNVBAMMDXd3dy5tYWVtby5vcmcw
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCxdZkTSlrj5ejU7rEwSZvC
9OpesLANYoaMC5dxz3lAH2Izh4xgjsI6RK1XK+B2nlKoD+gCYqAFlMBTADx1hhSc
R0zYSH8+4GobQkPWV7EKt0I9ND+J03Nt2TzjWGVAvgMar+FOeVx0ygRlLHH1vY5B
MBbXqTyNDPPnwtHULAxhWZqMs7DDIOcAhBbcnMEbKI7lF1kYbuG9zjyk68sCB2++
UOBtHpIDTfTj+VbKZJjtIzBbQ0ERj710RNwgFFMkP2PPFh2xm5aBx1stt+84PM4n
9N/HIDmd5Rdq3KgwHGtZRGsSWMlw8sklREVT0ydAb9BjT0DJIu7KOwebEDFeawJT
AgMBAAGjggLOMIICyjAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUH
AwIGCCsGAQUFBwMBMAkGA1UdEwQCMAAwHQYDVR0OBBYEFM+8dokAYU6Va4XuRseE
Dn8b/ra7MB8GA1UdIwQYMBaAFNeRTgHEsL/4yGeTRJznM/qtkwyvMG8GCCsGAQUF
BwEBBGMwYTAkBggrBgEFBQcwAYYYaHR0cDovL29jc3Auc3RhcnRzc2wuY29tMDkG
CCsGAQUFBzAChi1odHRwOi8vYWlhLnN0YXJ0c3NsLmNvbS9jZXJ0cy9zY2Euc2Vy
dmVyMS5jcnQwOAYDVR0fBDEwLzAtoCugKYYnaHR0cDovL2NybC5zdGFydHNzbC5j
b20vc2NhLXNlcnZlcjEuY3JsMCMGA1UdEQQcMBqCDXd3dy5tYWVtby5vcmeCCW1h
ZW1vLm9yZzAjBgNVHRIEHDAahhhodHRwOi8vd3d3LnN0YXJ0c3NsLmNvbS8wUQYD
VR0gBEowSDAIBgZngQwBAgEwPAYLKwYBBAGBtTcBAgUwLTArBggrBgEFBQcCARYf
aHR0cHM6Ly93d3cuc3RhcnRzc2wuY29tL3BvbGljeTCCAQQGCisGAQQB1nkCBAIE
gfUEgfIA8AB2AGj2mPgfZIK+OozuuSgdTPxxUV1nk9RE0QpnrLtPT/vEAAABVkV6
uyoAAAQDAEcwRQIgG8vUl6lHX1KBceXqsRTUDptgzoamlaS5FZ7jIFco998CIQC+
FoNlzVK5rq4XvU/g5VPvdRz17Nx+Q2Q+kqLU+4p85QB2AKS5CZC0GFgUh7sTosxn
cAo8NZgE+RvfuON3zQ7IDdwQAAABVkV6uyQAAAQDAEcwRQIhAMsa+Z1GxfR4kthV
znJ6mg0L0m8Ek2PwD4y57NrkWew8AiAJ9NNKKbexvWWFLhAOLk5OLkkKok7ZHaNZ
XhE08kpDDTANBgkqhkiG9w0BAQsFAAOCAQEAn2cS1Zb5ipgUeQJxq/pmFqKMzwiQ
2M3Ov1a5zZx83Rcf92iOq/d1e3U3Y41/QGtmzSvPZ727fs7AyWfjqcbSPY9Mbwq7
QZRDfUnxKCHeCe395ZAa1eb2pK5Y8luD0UVjapuxZa/2HAUEHaw0AGN+outhkHzE
w7J5RrLsx6632XatoKcsE+yztMj1dXAXdMvVKkk3/an++yEuXNEMBa6hTrUWHS53
kHJeib5grvJdueiIZE8pFCHVD3TQr6s4Xy0+Sy86K7ob4WjMnG0aos8ZFJTW9eZx
inaiwqPWk9RZ0e6kMyU1RiuKYy50vWTq+sDmCLJVzuXgKwDmlLXi/uCaAw==
-----END CERTIFICATE-----
subject=/C=DE/CN=www.maemo.org
issuer=/C=IL/O=StartCom Ltd./OU=StartCom Certification Authority/CN=StartCom Class 1 DV Server CA
---
No client certificate CA names sent
---
SSL handshake has read 3726 bytes and written 643 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES128-GCM-SHA256
    Session-ID: BC667593DA05FD4540AE0AE2E7F24784D3CAEAFCFD944316BA8766A903982CF9
    Session-ID-ctx:
    Master-Key: 2AD6165C4AA6A5AB02A1AB72921582013BE722A28B8BF2713BCFADC439E7429F4A170EBB93C5F48C8AA92F7B9A9BDBBB
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 300 (seconds)
    TLS session ticket:
    0000 - 41 04 5e 4a d7 cb 81 15-43 0e e1 86 dd 40 ad df   A.^J....C....@..
    0010 - 05 c3 f2 2d c5 74 26 af-28 3e b4 59 1d 9d 2b 90   ...-.t&.(>.Y..+.
    0020 - a6 15 58 73 b5 be de aa-a3 2e e7 12 2f b4 b0 ac   ..Xs......../...
    0030 - ab bd 2a 77 ee 63 63 41-fc 1c dd 43 79 02 a5 89   ..*w.ccA...Cy...
    0040 - e8 51 87 8c 08 0e 46 4b-15 19 e7 75 ca 3a 4b 93   .Q....FK...u.:K.
    0050 - 45 ff e8 4f 2c 0c 04 d7-1b a9 50 72 84 f4 a9 1f   E..O,.....Pr....
    0060 - 0c ae 45 b3 7a 00 4f 79-aa 95 a0 a7 a3 be 42 92   ..E.z.Oy......B.
    0070 - eb f2 0e 86 cf eb 60 2e-fe 1c d2 dd 81 51 39 4d   ......`......Q9M
    0080 - 8e 15 66 96 49 dd 38 0c-9e f8 80 a1 81 2e f5 a2   ..f.I.8.........
    0090 - 6b 55 2f 1e 0e d2 90 6c-6e d6 1c 0c 91 31 56 67   kU/....ln....1Vg
    00a0 - 9d 08 4f 14 f8 0a 58 57-67 2f e8 72 7f 1a 56 57   ..O...XWg/.r..VW
    00b0 - 41 ac 9b a9 30 49 af d8-bd b2 7b 83 c5 5e 7e 12   A...0I....{..^~.

    Start Time: 1470688476
    Timeout   : 300 (sec)
    Verify return code: 21 (unable to verify the first certificate)
---
closed
???
__________________
SIM-Switcher, automated SIM switching with a Double (Dual) SIM adapter
--
Thank you all for voting me into the Community Council 2014-2016!

Please consider your membership / supporting Maemo e.V. and help to spread this by following/copying this link to your TMO signature:
[MC eV] Maemo Community eV membership application, http://talk.maemo.org/showthread.php?t=94257

editsignature, http://talk.maemo.org/profile.php?do=editsignature

Last edited by peterleinchen; 2016-08-08 at 20:45. Reason: oops
 

The Following User Says Thank You to peterleinchen For This Useful Post:
pichlo's Avatar
Posts: 6,445 | Thanked: 20,981 times | Joined on Sep 2012 @ UK
#25
Hey, all I know is one day I happily browse https://talk.maemo.org on my Jolla. The next day I wake up to continue browsing and what should I see? This thread claimng that I should see problems. But I don't. I continue not having problems ever since. Not a blip. I checked on two PCs (one W7, one W8) just to make sure, also no problems.
__________________
Русский военный корабль, иди нахуй!
 

The Following 3 Users Say Thank You to pichlo For This Useful Post:
peterleinchen's Avatar
Posts: 4,117 | Thanked: 8,901 times | Joined on Aug 2010 @ Ruhrgebiet, Germany
#26
That is indeed strange!
About the Jolla, not so about the big guns (having SW/certs update almost daily nowadays).

But that there are no other reports here makes me wonder, too!?!
Are we the only dinosaurs on the world using those little devices to browse the small world of (T)MO???
__________________
SIM-Switcher, automated SIM switching with a Double (Dual) SIM adapter
--
Thank you all for voting me into the Community Council 2014-2016!

Please consider your membership / supporting Maemo e.V. and help to spread this by following/copying this link to your TMO signature:
[MC eV] Maemo Community eV membership application, http://talk.maemo.org/showthread.php?t=94257

editsignature, http://talk.maemo.org/profile.php?do=editsignature
 

The Following User Says Thank You to peterleinchen For This Useful Post:
peterleinchen's Avatar
Posts: 4,117 | Thanked: 8,901 times | Joined on Aug 2010 @ Ruhrgebiet, Germany
#27
Originally Posted by peterleinchen View Post
That is indeed strange!
About the Jolla, ...
Possibly not so as iirc you set your device on highest (not yet officially released) version 2.0.2.48. My C is on 2.0.2.43. Maybe they included that cert in between these versions?
__________________
SIM-Switcher, automated SIM switching with a Double (Dual) SIM adapter
--
Thank you all for voting me into the Community Council 2014-2016!

Please consider your membership / supporting Maemo e.V. and help to spread this by following/copying this link to your TMO signature:
[MC eV] Maemo Community eV membership application, http://talk.maemo.org/showthread.php?t=94257

editsignature, http://talk.maemo.org/profile.php?do=editsignature
 

The Following 2 Users Say Thank You to peterleinchen For This Useful Post:
pichlo's Avatar
Posts: 6,445 | Thanked: 20,981 times | Joined on Sep 2012 @ UK
#28
Originally Posted by peterleinchen View Post
Possibly not so as iirc you set your device on highest (not yet officially released) version 2.0.2.48. My C is on 2.0.2.43. Maybe they included that cert in between these versions?
That is possible. How do I check?
__________________
Русский военный корабль, иди нахуй!
 

The Following User Says Thank You to pichlo For This Useful Post:
peterleinchen's Avatar
Posts: 4,117 | Thanked: 8,901 times | Joined on Aug 2010 @ Ruhrgebiet, Germany
#29
Originally Posted by pichlo View Post
That is possible. How do I check?
Good question.
Did not find cmcli nor acmcli on Jolla to read out all installed certs and grep for StartCom.

Someone can chime in if there is a package to be installed containing cli for ceft management? (then we might check)

--edit
possibly we can check easier way
Code:
[root@Sailfish nemo]# pkcon search name cert
Searching by name
Waiting in queue
Starting
Refreshing software list
Querying
Installed       ca-certificates-2014.2.1-1.4.2.noarch           The Mozilla CA root certificate bundle
Available       ca-certificates-2014.2.1-1.4.2.source           The Mozilla CA root certificate bundle
__________________
SIM-Switcher, automated SIM switching with a Double (Dual) SIM adapter
--
Thank you all for voting me into the Community Council 2014-2016!

Please consider your membership / supporting Maemo e.V. and help to spread this by following/copying this link to your TMO signature:
[MC eV] Maemo Community eV membership application, http://talk.maemo.org/showthread.php?t=94257

editsignature, http://talk.maemo.org/profile.php?do=editsignature

Last edited by peterleinchen; 2016-08-09 at 21:36.
 

The Following 2 Users Say Thank You to peterleinchen For This Useful Post:
Posts: 245 | Thanked: 233 times | Joined on May 2010 @ Ljubljana, Slovenia
#30
Just to add -- have 2.0.3.11 installed, checked above command and same versions are present:

Code:
login as: nemo
nemo@192.168.1.123's password:
Last login: Fri Aug  5 08:08:45 2016
NOTICE: Env value ignored HYBRIS_LD_LIBRARY_PATH=/usr/libexec/droid-hybris/system/lib:/vendor/lib:/system/lib
,---
| SailfishOS 2.0.3.11 (Espoonjoki) (armv7hl)
'---
[nemo@Sailfish ~]$ pkcon search name cert
Searching by name
Waiting in queue
Starting
Refreshing software list
Querying
Installed       ca-certificates-2014.2.1-1.4.2.noarch           The Mozilla CA root certificate bundle
Available       ca-certificates-2014.2.1-1.4.2.source           The Mozilla CA root certificate bundle
[nemo@Sailfish ~]$ openssl s_client  -connect maemo.org:443
-bash: openssl: command not found
[nemo@Sailfish ~]$
No openssl, tho :/

Browsing TMO via https://talk.maemo.org also work, stock browser.

Checked page on PC (W10, Firefox 48) and working, too. Fresh certificate, valid from 1. avgust 2016.

Last edited by sponka; 2016-08-10 at 09:25.
 

The Following 2 Users Say Thank You to sponka For This Useful Post:
Reply

Thread Tools

 
Forum Jump


All times are GMT. The time now is 13:53.