N900 ssl connection problem qt and wget no match hostname
 

I am writing a qt application which should download a file over ssl connection. Sadly it is not working with the following error message*. The protocol is fixed to TLSv1. I am using cssu-testing with openssl 0.9.8zh-1+maemo1+0m5+0cssu0 and maemosec. version 0.2.10.

*To investigate the problem I am using wget and also getting same error message like:

will redirect to basemap.nationalmap.gov

Both downloads not working.

Maybe it has something to do with redirection.

I have also installed needed certificates with the certificate manager and created /etc/osso-af-init/ssl.defs file which get loaded during boot time. I guess this was not needed.

When I check with:

or
I will get a successful ssl handshake.
Maybe someone has a clue about this or has maybe some hint.

Could it be possible to make a certificate with a different hostname?

Please help me I am happy to hear any suggestions.

Re: N900 ssl connection problem qt and wget no match hostname
 

Maybe it is silly suggestion as I'm not an expert, but what is the result when you add "--no-check-certificate" flag to the wget command...?

Re: N900 ssl connection problem qt and wget no match hostname
 

I guess it will work but not solving the root of the problem:)

Re: N900 ssl connection problem qt and wget no match hostname
 

Yes, it does not solve the root of the problem, and iit does not work either...

But: I typed that command on my chrooted kali linux and the error was the following: "Resolving basemap.nationalmap.gov (basemap.nationalmap.gov)... failed: Name or service not known.
wget: unable to resolve host address `basemap.nationalmap.gov'" so it did not produce the error from above...
On the internet I found that it could be even wget that causing the issue. On Maemo5 I have 1.10, on kali 1.13.

Re: N900 ssl connection problem qt and wget no match hostname
 

looks like a dns issue maybe only related to the terminal. I tried it on some Ubuntu and was getting a file not found. This is reasonable because a German tile from an US map server is not possible. So here an us-tile-png:

The problem with maemo still exists. It seems we need maybe a new openssl and wget. A new openssl means also patching qt.
As far as I know to many things (also closed ones) depending on the old openssl, so we need to wait for maemo leste.
So atm the only way is to ignore the ssl error which is unsecure due to possible man in the middle attack.
Openssl api changes from 0.9.8 to 1.x.x.

There is another map server from which it is impossible to download because I guess the server does not support all TSLv1 crypting methods. With Ubuntu it works.

Re: N900 ssl connection problem qt and wget no match hostname
 

I did compile OpenSSL 1.0.1g for n900 some time ago.
I used without issues, so you could try it out

http://talk.maemo.org/showthread.php?t=91787

Re: N900 ssl connection problem qt and wget no match hostname
 

Ehmm I thought the backward compatibility is 72,2% from 0.9.8 to 1.0.x, for qt4-x11 it shouldn't be a problem but I thought for other packages it could be a problem if they use removed Symbols. For qt4-x11 you will only need a patch when you want to use openssl 1.1.x.

Hmm but maybe I am wrong I found something similar to your package:

https://github.com/agamez/maemo-openssl-1.0.2

I will try both.

But another thing, for qt4-x11 there is only a build dependencie with libssl-dev but no dependencie to libssl for installing. So I could rebuild qt4-x11 with other openssl and don't need to replace the maemo one?:confused:

Re: N900 ssl connection problem qt and wget no match hostname
 

Oh I missed this interesting tmo thread about openssl 1.0.2.

Re: N900 ssl connection problem qt and wget no match hostname
 

Or join efforts :)
I am sure you could make valuable contributions.

Re: N900 ssl connection problem qt and wget no match hostname
 

Yeah you are right we all should push maemo leste.
I hope I will be able to make some contributions.

Regarding my ssl problem:

• Rebuilding wget with cssu openssl - not fixing.
• Using openssl 1.0.1g - not fixing.
• Rebuilding qt4-x11 from cssu with gcc472 and openssl 1.0.1 ends in a compiler error.:confused:

@nieldk do you remember which configure parameters did you use for openssl 1.0.1.