Active Topics
-
Firefox with Leste (5)
to Maemo 7 / Leste by teroyk - 3 days, 1 hr ago -
Handbook (2)
to Maemo 7 / Leste by teroyk - 4 days ago - more...
| The Following 3 Users Say Thank You to freemangordon For This Useful Post: | ||
|
2013-08-29
, 13:34
|
|
Posts: 3,074 |
Thanked: 12,960 times |
Joined on Mar 2010
@ Sofia,Bulgaria
|
#142
|
Originally Posted by michaaa62
it is cmcli -c common-ca -r 00d85a4c25c122e58b31ef6dbaf3cc5f29f10d61-1 - without .pem extension
Any suggestions, what i am doing wrong???
Removing the certificates does not work, adding fails because the files exist...My PRCode:Nokia-N900:/tmp/supl# cmcli -c common-ca -r 00d85a4c25c122e58b31ef6dbaf3cc5f29f10d61-1.pem Nokia-N900:/tmp/supl# cmcli -c common-ca -r 00d85a4c25c122e58b31ef6dbaf3cc5f29f10d61.pem Nokia-N900:/tmp/supl# perl /usr/bin/c_rehash /etc/certs/common-ca | grep 00d8 00d85a4c25c122e58b31ef6dbaf3cc5f29f10d61-1.pem => 7651b327.0 00d85a4c25c122e58b31ef6dbaf3cc5f29f10d61.pem => 7651b327.1Code:Nokia-N900:/tmp/supl# apt-cache policy mp-fremantle-community-pr mp-fremantle-community-pr: Installed: 21.2011.38-1Tmaemo8.2+thumb1 Candidate: 21.2011.38-1Tmaemo8.2+thumb1
__________________
Never fear. I is here.
720p video support on N900,SmartReflex on N900,Keyboard and mouse support on N900
Nothing is impossible - Stable thumb2 on n900
Community SSU developer
kernel-power developer and maintainer
Never fear. I is here.
720p video support on N900,SmartReflex on N900,Keyboard and mouse support on N900
Nothing is impossible - Stable thumb2 on n900
Community SSU developer
kernel-power developer and maintainer
|
|
2013-08-29
, 13:48
|
|
Posts: 46 |
Thanked: 160 times |
Joined on Jun 2010
@ Germany, Berlin
|
#143
|
Originally Posted by michaaa62
Or consider using my bash one-liner in http://talk.maemo.org/showpost.php?p=1370357
Any suggestions, what i am doing wrong???
Removing the certificates does not work, adding fails because the files exist...
 |
|
2013-08-29
, 16:26
|
|
Posts: 4,117 |
Thanked: 8,901 times |
Joined on Aug 2010
@ Ruhrgebiet, Germany
|
#144
|
Originally Posted by freemangordon
freemangordon,
No, we found what the real problem is and which is the package to blame. The code chunk that is misbehaving is yet to be found.
here you refer to the google problem, or?
As I see the Nokia problem solved due to mixed up certs!?
I noticed that I can only get ACWP data, but not AGNSS data from Nokia server (also Vodafone). Should nokia provide that info also?
If yes, there is still above mentioned code chunk to be found (either for Google or Nokia).
Only thing I may think of causing this is some change in Google supl data still in the specification, but not correctly handled in N900 (like it was for tinymail).
Do you have another idea?
--edit
Okay, just reread.
And of course you refer with your code chunk to some problem in libmaemosec not handling the presence of two certificates with same fingerprint, right?
Nevertheless above problem with Google is still present, but not that urgent anymore (still I'd like to know/solve ...)
--editedit
Or, another thought:
could it be that Google changed their supl server to deliver only AGNSS data and no ACWP data anymore. And our N900 is only able to collect/use ACWP? This would explain the SSL-trusty successful (and bigger) data exchange with Google and Sirf supl servers.
__________________
SIM-Switcher, automated SIM switching with a Double (Dual) SIM adapter
--
Thank you all for voting me into the Community Council 2014-2016!
Please consider your membership / supporting Maemo e.V. and help to spread this by following/copying this link to your TMO signature:
[MC eV] Maemo Community eV membership application, http://talk.maemo.org/showthread.php?t=94257
editsignature, http://talk.maemo.org/profile.php?do=editsignature
SIM-Switcher, automated SIM switching with a Double (Dual) SIM adapter
--
Thank you all for voting me into the Community Council 2014-2016!
Please consider your membership / supporting Maemo e.V. and help to spread this by following/copying this link to your TMO signature:
[MC eV] Maemo Community eV membership application, http://talk.maemo.org/showthread.php?t=94257
editsignature, http://talk.maemo.org/profile.php?do=editsignature
Last edited by peterleinchen; 2013-08-29 at 16:36.
|
|
2013-08-29
, 16:54
|
|
Posts: 46 |
Thanked: 160 times |
Joined on Jun 2010
@ Germany, Berlin
|
#145
|
Originally Posted by peterleinchen
Thank you peterleinchen, for bringing this up! I actually have no clue whats going on with ACWP and AGNSS, but it could be the difference in what the servers are delivering.
I noticed that I can only get ACWP data, but not AGNSS data from Nokia server (also Vodafone).
...
could it be that Google changed their supl server to deliver only AGNSS data and no ACWP data anymore. And our N900 is only able to collect/use ACWP? This would explain the SSL-trusty successful (and bigger) data exchange with Google and Sirf supl servers.
So following this:
ACWP is returned from nokia, vodafone and sirf with just a pair of long/lat data (or kind of),
AGNSS ist returned from google and sonyericsson (not sirf) with quite some PDU/RLP and ephemeris data.
Both in XML-like style.
 |
|
2013-08-29
, 17:04
|
|
Posts: 2,222 |
Thanked: 12,651 times |
Joined on Mar 2010
@ SOL 3
|
#146
|
wireshark is your friend ;-)
__________________
Maemo Community Council member [2012-10, 2013-05, 2013-11, 2014-06 terms]
Hildon Foundation Council inaugural member.
MCe.V. foundation member
EX Hildon Foundation approved Maemo Administration Coordinator (stepped down due to bullying 2014-04-05)
aka "techstaff" - the guys who keep your infra running - Devotion to Duty http://xkcd.com/705/
IRC(freenode): DocScrutinizer*
First USB hostmode fanatic, father of H-E-N
Maemo Community Council member [2012-10, 2013-05, 2013-11, 2014-06 terms]
Hildon Foundation Council inaugural member.
MCe.V. foundation member
EX Hildon Foundation approved Maemo Administration Coordinator (stepped down due to bullying 2014-04-05)
aka "techstaff" - the guys who keep your infra running - Devotion to Duty http://xkcd.com/705/
IRC(freenode): DocScrutinizer*
First USB hostmode fanatic, father of H-E-N
|
|
2013-08-29
, 17:09
|
|
Posts: 46 |
Thanked: 160 times |
Joined on Jun 2010
@ Germany, Berlin
|
#147
|
If someone wants to test supl.sonyericsson.com with N900 there is still the first show stopper to solve: Certificate verification fails due to missing issuer cert.
I found this http://pastebin.com/2dNbJ79L , which was mentioned in an android gps discussion somewhere, and copied line 8. to 28. (the content of cacert.txt) into a file on my N900 .
Then after
I get with
a nice "Verified OK".
Edit: I couldn't find the root/issuer cert for sls1.sirf.com and sls2.sirf.com . I sent an email to slssupport@sirf.com (does not exist anymore) and webmaster@csr.com, asking for that. No answer so far ...
Last edited by Ulle; 2013-08-29 at 17:13.
I found this http://pastebin.com/2dNbJ79L , which was mentioned in an android gps discussion somewhere, and copied line 8. to 28. (the content of cacert.txt) into a file on my N900 .
Then after
Code:
cmcli -c common-ca -a /path/to/that/file
Code:
cmcli -T common-ca -v supl.sonyericsson.com:7275
Edit: I couldn't find the root/issuer cert for sls1.sirf.com and sls2.sirf.com . I sent an email to slssupport@sirf.com (does not exist anymore) and webmaster@csr.com, asking for that. No answer so far ...
Last edited by Ulle; 2013-08-29 at 17:13.
| The Following 5 Users Say Thank You to Ulle For This Useful Post: | ||
|
|
2013-08-29
, 17:18
|
|
Posts: 46 |
Thanked: 160 times |
Joined on Jun 2010
@ Germany, Berlin
|
#148
|
Originally Posted by joerg_rw
wiresharky is my friend, indeed
wireshark is your friend ;-)
! But doesn't help much with TLS encrypted data ...
| The Following User Says Thank You to Ulle For This Useful Post: | ||
|
|
2013-08-29
, 17:26
|
|
Posts: 804 |
Thanked: 1,598 times |
Joined on Feb 2010
@ Gdynia, Poland
|
#149
|
Originally Posted by Ulle
Are you saying about a certificate or about the actual data exchanged with server-side location software? I recently came across this article while acomplishing something at work, maybe mitmproxy could be used to "fool" N900 that your computer is location server (may require fake certificate generation via mitmproxy and installation on N900) and passing all traffic through your set-up proxy? That could help in debugging the internals of raw unciphered data exchanged between N900 and location server... I hope that's helpful (but I'm awake for 20-something-th hour now, so please excuse me if I got you wrong).
wiresharky is my friend, indeed
| The Following User Says Thank You to misiak For This Useful Post: | ||
|
|
2013-08-29
, 17:57
|
|
Posts: 46 |
Thanked: 160 times |
Joined on Jun 2010
@ Germany, Berlin
|
#150
|
Originally Posted by misiak
Thanks for sharing, but I already tried to "proxy" with socat until eccerr0r was pointing to supl-* at tajuma.com. Thats the only practicable way for watching TLS encrypted SUPL data exchange.
maybe mitmproxy could be used to "fool" N900
The tool is just exellent. Deploying MITM a big waste of time (for that).
 |
| Tags |
| a-gps, nokia n900 |
«
Previous Thread
|
Next Thread
»
| Thread Tools | |
|
All times are GMT. The time now is 11:46.
Never fear. I is here.
720p video support on N900,SmartReflex on N900,Keyboard and mouse support on N900
Nothing is impossible - Stable thumb2 on n900
Community SSU developer
kernel-power developer and maintainer