Active Topics
-
Firefox with Leste (5)
to Maemo 7 / Leste by teroyk - 4 days, 7 hrs ago -
Handbook (2)
to Maemo 7 / Leste by teroyk - 5 days, 6 hrs ago - more...
| The Following 28 Users Say Thank You to freemangordon For This Useful Post: | ||
ahmadamaj, casketizer, don_falcone, ersanpermana, Estel, gianko, Hurrian, joerg_rw, Joseph9560, kent_autistic, marxian, MINKIN2, misiak, munozferna, myname24, nokiabot, panjgoori, peterleinchen, pichlo, pkz, praveenchand, sbock, sixwheeledbeast, Sourav.dubey, The Wizard of Huz, thedead1440, TMavica, zlatokosi | ||
|
2013-01-05
, 21:42
|
|
Posts: 479 |
Thanked: 1,284 times |
Joined on Jan 2012
@ Enschede, The Netherlands
|
#2
|
Originally Posted by freemangordon
I already tried, but I doubt this would suffice. More people should mention this... no, SHOUT and B*TCH about this. Nokia's negligence so far isn't acceptable, IMNSHO.
Beware:
Maybe Harmattan users should call Nokia Support for an update. Or it is HiFo that should do that, I don't know. Please someone from the HiFo board comment on what should Harmattan users do (in light of the "email to elop" concerns)
Meanwhile, since I have incepted my device I tried to fix it myself:
Code:
~ $ ariadne mv /etc/ssl/certs/d937b34e05fdd9cf9f1216aeb6892feb253a881c.pem /etc/ssl/certs/d937b34e05fdd9cf9f1216aeb6892feb253a881c.pem.donttrust
Also, this might be under the protection of Aegis (which would be a good thing) and thus might lead to a MALF next boot. My Linux-fu isn't high enough to know how to fix it... Perhaps someone else can?
| The Following 3 Users Say Thank You to Fuzzillogic For This Useful Post: | ||
 |
|
2013-01-05
, 21:51
|
|
Posts: 6,436 |
Thanked: 12,699 times |
Joined on Nov 2011
@ Ängelholm, Sweden
|
#3
|
ssl certs are not under aegis protection
just enter full credentials mode by "ariadne sh" and then move/delete untrusted cert
just enter full credentials mode by "ariadne sh" and then move/delete untrusted cert
| The Following 3 Users Say Thank You to coderus For This Useful Post: | ||
|
|
2013-01-05
, 22:20
|
|
Posts: 1,067 |
Thanked: 2,383 times |
Joined on Jan 2012
@ Finland
|
#4
|
if you want the 'proper' way to remove it, then the right command would be:
opensh -c "acmcli -C aegis-certman-common-ca::CertCACommonAdd -lc common-ca -r d937b34e05fdd9cf9f1216aeb6892feb253a881c"
This assumes that you have installed opensh with all the capas. You can run the acmcli with all capa inception shell too.
opensh -c "acmcli -C aegis-certman-common-ca::CertCACommonAdd -lc common-ca -r d937b34e05fdd9cf9f1216aeb6892feb253a881c"
This assumes that you have installed opensh with all the capas. You can run the acmcli with all capa inception shell too.
__________________
IRC: jonni@freenode
Sailfish: ¤ Qt5 SailfishTouchExample ¤ Qt5 MultiPointTouchArea Example ¤ ipaddress ¤ stoken ¤ Sailbox (Dropbox client) ¤
Harmattan: ¤ Presence VNC for Harmattan ¤ Live-F1 ¤ BTinput-terminal ¤ BabyLock ¤ BabyLock Trial ¤ QML TextTV ¤
Disclaimer: all my posts in this forum are personal trolling and I never post in any official capacity on behalf of any company.
IRC: jonni@freenode
Sailfish: ¤ Qt5 SailfishTouchExample ¤ Qt5 MultiPointTouchArea Example ¤ ipaddress ¤ stoken ¤ Sailbox (Dropbox client) ¤
Harmattan: ¤ Presence VNC for Harmattan ¤ Live-F1 ¤ BTinput-terminal ¤ BabyLock ¤ BabyLock Trial ¤ QML TextTV ¤
Disclaimer: all my posts in this forum are personal trolling and I never post in any official capacity on behalf of any company.
| The Following 10 Users Say Thank You to rainisto For This Useful Post: | ||
|
|
2013-01-05
, 22:31
|
|
Posts: 479 |
Thanked: 1,284 times |
Joined on Jan 2012
@ Enschede, The Netherlands
|
#5
|
Thanks rainisto, that fixed it 
The aegis-certman-common-ca package installed the certificates into /usr/share/aegis-certman-common-ca, any idea if that is used for something? The turktrust certificate over there can be (re)moved using more conventional ways tho.
The aegis-certman-common-ca package installed the certificates into /usr/share/aegis-certman-common-ca, any idea if that is used for something? The turktrust certificate over there can be (re)moved using more conventional ways tho.
|
|
2013-01-05
, 22:46
|
|
Posts: 1,067 |
Thanked: 2,383 times |
Joined on Jan 2012
@ Finland
|
#6
|
you don't need to remove any files after running that acmcli command. They will not be used by harmattan system.
__________________
IRC: jonni@freenode
Sailfish: ¤ Qt5 SailfishTouchExample ¤ Qt5 MultiPointTouchArea Example ¤ ipaddress ¤ stoken ¤ Sailbox (Dropbox client) ¤
Harmattan: ¤ Presence VNC for Harmattan ¤ Live-F1 ¤ BTinput-terminal ¤ BabyLock ¤ BabyLock Trial ¤ QML TextTV ¤
Disclaimer: all my posts in this forum are personal trolling and I never post in any official capacity on behalf of any company.
IRC: jonni@freenode
Sailfish: ¤ Qt5 SailfishTouchExample ¤ Qt5 MultiPointTouchArea Example ¤ ipaddress ¤ stoken ¤ Sailbox (Dropbox client) ¤
Harmattan: ¤ Presence VNC for Harmattan ¤ Live-F1 ¤ BTinput-terminal ¤ BabyLock ¤ BabyLock Trial ¤ QML TextTV ¤
Disclaimer: all my posts in this forum are personal trolling and I never post in any official capacity on behalf of any company.
| The Following User Says Thank You to rainisto For This Useful Post: | ||
 |
|
2013-01-06
, 03:43
|
|
Posts: 566 |
Thanked: 282 times |
Joined on Sep 2010
@ Lower Saxony
|
#7
|
Is it a coincidence this cert is the first in the Certmanager list?
Can certs be revoked manually on N900?
Can certs be revoked manually on N900?
__________________
Nokia N900 - Galaxy S3 - Galaxy Tab
Nokia N900 - Galaxy S3 - Galaxy Tab
|
|
2013-01-06
, 12:53
|
|
Posts: 228 |
Thanked: 137 times |
Joined on Jan 2012
@ UK
|
#8
|
Is opensh needed? or is open mode + devel-su + develsh enough?
 |
|
2013-01-06
, 14:00
|
|
Posts: 4,117 |
Thanked: 8,901 times |
Joined on Aug 2010
@ Ruhrgebiet, Germany
|
#9
|
Originally Posted by casketizer
No, it is due to the cert name begins with "(".
Is it a coincidence this cert is the first in the Certmanager list?
You may check with
Code:
dbus-send --system --type=method_call --dest=com.nokia.osso_browser /com/nokia/osso_browser/request com.nokia.osso_browser.load_url string:"chrome://pippki/content/certManager.xul"
Originally Posted by casketizer
Yes, there is such possibility. I will put a script (produced at DigiNotar times) at the end of post.
Can certs be revoked manually on N900?
Originally Posted by rainisto
For N900 users, please refer to below script.
if you want the 'proper' way to remove it, then the right command would be:
opensh -c "acmcli -C aegis-certman-common-ca::CertCACommonAdd -lc common-ca -r d937b34e05fdd9cf9f1216aeb6892feb253a881c"
For N9 users, do we need to delete that CA also from browser? (but according to open mentioned bug, there is no such possibility?)
Simple script/guide to remove fraudulent CAs:
Code:
#!/bin/sh
#removing fraudulent CAs
echo enter the cert\(ifier\) You are looking for:
read cert
cmcli -T common-ca -L | grep "$cert"
echo now copy the full cert ID ...
read nothing
echo and give it as input \(for removal\)
read certID
if [ `id -u` != 0 ] ; then
sudo cp /etc/certs/common-ca/$certID.pem /etc/certs/common-ca/$certID.pem.old
sudo cmcli -c common-ca -r $certID
else
cp /etc/certs/common-ca/$certID.pem /etc/certs/common-ca/$certID.pem.old
cmcli -c common-ca -r $certID
fi
echo now open microb and goto
echo chrome://pippki/content/certManager.xul
echo and delete the cert also there in the CA manager
read nothing
dbus-send --system --type=method_call --dest=com.nokia.osso_browser /com/nokia/osso_browser/request com.nokia.osso_browser.load_url string:"chrome://pippki/content/certManager.xul"
--edit
BUT, one more question arises here:
I do see two certificate IDs for TÜRKTRUST
~ $ cmcli -T common-ca -L | grep "TÜRK"
c126ef0d847fc578cabfa616229289c42af952e7 TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı
d937b34e05fdd9cf9f1216aeb6892feb253a881c TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı
chrome://pippki/content/certManager.xul
So maybe for harmattan users, you also check bettwer twice?
I have no idea, why we do have them twice. Or if we need to block/delete both. Or if only one is fraudulent ...
__________________
SIM-Switcher, automated SIM switching with a Double (Dual) SIM adapter
--
Thank you all for voting me into the Community Council 2014-2016!
Please consider your membership / supporting Maemo e.V. and help to spread this by following/copying this link to your TMO signature:
[MC eV] Maemo Community eV membership application, http://talk.maemo.org/showthread.php?t=94257
editsignature, http://talk.maemo.org/profile.php?do=editsignature
SIM-Switcher, automated SIM switching with a Double (Dual) SIM adapter
--
Thank you all for voting me into the Community Council 2014-2016!
Please consider your membership / supporting Maemo e.V. and help to spread this by following/copying this link to your TMO signature:
[MC eV] Maemo Community eV membership application, http://talk.maemo.org/showthread.php?t=94257
editsignature, http://talk.maemo.org/profile.php?do=editsignature
Last edited by peterleinchen; 2013-01-06 at 15:25.
| The Following 3 Users Say Thank You to peterleinchen For This Useful Post: | ||
 |
|
2013-01-06
, 15:19
|
|
Posts: 301 |
Thanked: 227 times |
Joined on Nov 2009
@ Turkey
|
#10
|
https://blog.mozilla.org/security/20...t-certficates/
According to this page Mozilla is revoking both certificates, so there's no reason why we should not.
According to this page Mozilla is revoking both certificates, so there's no reason why we should not.
__________________
Maemo/MeeGo/Tizen Turkey - http://meegoturkiye.org & http://tizenturkiye.com
N900: Turkish Localization | MT Theme | VodaSMS
N9: MeeSaver
Maintaining: Audelicious | xmp
Maemo/MeeGo/Tizen Turkey - http://meegoturkiye.org & http://tizenturkiye.com
N900: Turkish Localization | MT Theme | VodaSMS
N9: MeeSaver
Maintaining: Audelicious | xmp
| The Following User Says Thank You to Aranel For This Useful Post: | ||
http://googleonlinesecurity.blogspot...-security.html
Fremantle Community SSU will issue an update ASAP.
Maybe Harmattan users should call Nokia Support for an update. Or it is HiFo that should do that, I don't know. Please someone from the HiFo board comment on what should Harmattan users do (in light of the "email to elop" concerns)
Never fear. I is here.
720p video support on N900,SmartReflex on N900,Keyboard and mouse support on N900
Nothing is impossible - Stable thumb2 on n900
Community SSU developer
kernel-power developer and maintainer