|
Re: Nwer OpenSSL on Maemo Fremantle
I don't have a specific example, hence i said 'guess.'
It is just that I could use openssl s_client without needing -CApath before. There are a couple of SSL/TLS issues I have, but I won't directly say are a result of the new OpenSSL. For example, since I update it and the corresponding qt4-x11, some https feeds aren't refreshing for me with cutenews, etc. I doubt it is related, but yeah |
Re: Nwer OpenSSL on Maemo Fremantle
Quote:
So when recompiling did nothing then cutenews need more network connection debug output to analyse the problem. Sometimes redirection could be a pain. |
Re: Nwer OpenSSL on Maemo Fremantle
Quote:
Try to rehash without perl infront. For my system and same openssl version it is working without the -CApath. Also myself compiled wget against new openssl is working without specifying --ca-directory=directory (Without this option Wget looks for CA certificates at the system-specified locations, chosen at OpenSSL installation time.) and it works. I could upload wget for >=cssu-testing+openssl 1.1.0h to openrepos if it is needed. |
Re: Nwer OpenSSL on Maemo Fremantle
2 Attachment(s)
@sicelo
I recompiled cutenews and qmlbrowser with cssu-devel libqt4. For cutenews I set QSsl::AnyProtocol and for qmlbrowser I set QSsl::SecureProtocols. Both should now support TLS 1.1 and 1.2 If you like you can try them. I will try qmlbrowser when I find some time for it. |
Re: Nwer OpenSSL on Maemo Fremantle
Thanks very much @Halftux. Even though my openssl still needs -CApath after the rehash without 'perl', it is really nice to see the updated qmlbrowser. https://howsmyssl.com now says it is Probably Okay, as opposed to Bad in the previous version. Thank you.
I will test my openssl situation properly later on. |
Re: Nwer OpenSSL on Maemo Fremantle
Quote:
Did you made this rehash as root? From where do you starting openssl binary, from ssh or from osso-terminal? I will make also some test with openssl again and make a cross check. I have also not so much experience with openssl 1.1.0h before I was using 1.0.1g + SNI patched libqt4 for cssu-testing. |
Re: Nwer OpenSSL on Maemo Fremantle
@ sicelo
Ok you are right I have now a device where I installed openssl1.1.0 from scratch which it is not working without -CApath. So this one is tricky can't remember what I did to the other device where it is working. I will dive into it. Stay tuned. |
Re: Nwer OpenSSL on Maemo Fremantle
1 Attachment(s)
Ok here it is, I found the difference.
I created a "ssl.defs" file in "/etc/osso-af-init/". I will attach the file. Furthermore I edited af-defines.sh in the same folder. Add a new line around line 160(were other *.defs get loaded): Code:
source_if_is ssl.defsCongratulation now you are finished and all console tools like openssl, ssh and wget should work without -CApath. I think I did it when I had some problems with other openssl in the past, the date of the file is 12.04.2018 and now it helps:). |
Re: Nwer OpenSSL on Maemo Fremantle
Yay! That solved the issue, and I am ashamed it never occured to me to think about environment variables.
There are still lots of sites that won't open in qmlbrower or update in cutenews, but let me assume something changed in them. Will try downgrading qt4 though. Example feed that worked in cutenews up to the 29th September (around when I did the upgrade): https://mybroadband.co.za/news/feed Enabling cutenews' logging, I get: Code:
Updating feed 'MyBroadband' using URL 'https://mybroadband.co.za/news/feed' |
Re: Nwer OpenSSL on Maemo Fremantle
Quote:
I need to have a look at the sources from libqt4 from repo, the patch at github looks smaller than I thought it would be. Here as a goody: I will attach wget and a libssl1.0.2 which you could use parallel with older openssl versions. When you use openssl >=1.1.0h you should use the version from openrepos. Both versions are only debianized and maemo optified. For the libssl1.0.2 I used the sources from ceene. edit: post to wget for older openssl |
| All times are GMT. The time now is 04:16. |
vBulletin® Version 3.8.8