eqw | Hello. Is it possible to fix SSL on n900, like curl https://google.com ? | 14:23 |
---|---|---|
sicelo | i have been unable tuse my Exchange account on N900 since Sept. 20. The same account works just fine from an Android device. The microsoft analyzer tool does not work on it. i am suspecting a certificate issue, but having a difficult time figuring out which certificates i need to have. | 14:24 |
sicelo | eqw: curl --capath /etc/certs/common-ca should work | 14:25 |
sicelo | re:exchange - the server is mail.jwpub.org, in case someone has a chance to look into certs i may need. unfortunately i am not able to get assistance from the administrators (the cons of using an ancient device). | 14:27 |
sicelo | N900 just reports a not-very helpful "Error communicating with Exchange Server" | 14:33 |
eqw | sicelo: thank you! | 14:58 |
sicelo | worked? | 14:58 |
eqw | yes | 14:58 |
sicelo | cool | 14:58 |
eqw | but it doesn't with https://login.yota.ru | 15:01 |
sicelo | i'd be glad if someone can test this for me on their N900, cmcli -T common-ca -v eas.jwpub.org:443 | 15:03 |
sicelo | eqw: cmcli is happy about your site, at least. | 15:05 |
totalizator | uh, can I export all SMS/MMS messages from n900 to gmail? | 15:09 |
KotCzarny | you can get your sms from sqlite db in ~ | 15:10 |
KotCzarny | as for importing to gmail.. | 15:10 |
totalizator | I have a faint memory that this was possible | 15:10 |
KotCzarny | maybe via sharing to some email address | 15:10 |
totalizator | KotCzarny: oh, right, still not bad | 15:10 |
KotCzarny | in which case you send them as emails to your account | 15:11 |
sicelo | i'd be glad if someone can test this for me on their N900, cmcli -T common-ca -v eas.jwpub.org:443 | 20:56 |
KotCzarny | should it return anything? | 20:58 |
KotCzarny | it prints nothing | 20:58 |
sicelo | prints nothing for me too, which i think is odd. it should say whether it is able to verify the cert correctly or not, aiui | 20:59 |
KotCzarny | yeah, it prints OK for google.com | 20:59 |
sicelo | thanks for checking for me. i was afraid i borked my device | 21:01 |
KotCzarny | try: cmcli -T common-ca -v -d eas.jwpub.org:443 | 21:02 |
sicelo | that's an important email account for me, and i'm stuck now that N900 can't access the account. imap/pop aren't enabled on the server. and unfortunately, n900 browsers all can't open the web page either | 21:02 |
KotCzarny | erm, nvm, wrong syntax | 21:03 |
sicelo | i've tried the -d before .. doesn't seem to work with -v | 21:04 |
KotCzarny | i can hint you to run: strace cmcli -T common-ca -v eas.jwpub.org:443 | 21:04 |
KotCzarny | read(3, 0xcf778, 5) = -1 ECONNRESET (Connection reset by peer) | 21:05 |
KotCzarny | shutdown(3, 2 /* send and receive */) = -1 ENOTCONN (Transport endpoint is not connected) | 21:05 |
KotCzarny | it basically gets connection reset | 21:05 |
KotCzarny | which means the other side doesnt like what n900 sends to them | 21:05 |
KotCzarny | write(3, "\26\3\1\0P\1\0\0L\3\1[\274\373\273*\316\203\330\333\222?\30\351S$\233)ZhN\271"..., 85) = 85 | 21:06 |
* sicelo isn't in the mood to get an android just yet | 21:07 | |
KotCzarny | maybe some kind of proxy at home? | 21:07 |
KotCzarny | or grab some el-cheapo server at ovh | 21:07 |
KotCzarny | they offer 6usd/month for 250mbit bw, 2TB hdd, dedicated machines (arm based) | 21:08 |
sicelo | what would it help me with? | 21:09 |
KotCzarny | setting external proxy to help n900 get around the world | 21:09 |
sicelo | mitmproxy for example? or any other solutions? | 21:09 |
KotCzarny | even your own mail server | 21:10 |
KotCzarny | to collate your mail, which doesnt fuss around when it comes to n900 | 21:10 |
sicelo | but i won't be able to pickup mail from this account ... although maybe i should try davmail | 21:11 |
KotCzarny | try: openssl s_client -state -connect eas.jwpub.org:443 | 21:16 |
KotCzarny | remote server simply drops the connection when it tries to use sslv2/3 | 21:16 |
KotCzarny | or even sooner | 21:16 |
KotCzarny | https://pastebin.com/raw/WscURR6K | 21:18 |
sicelo | i have a newer openssl, so mine does go through, but fails with unable to verify vertificate | 21:18 |
KotCzarny | same command on laptop gets to certificate exchange | 21:18 |
sicelo | adding -CApath /etc/certs/common-ca works | 21:19 |
KotCzarny | OpenSSL 0.9.8zf 19 Mar 2015 | 21:19 |
KotCzarny | not for me | 21:20 |
KotCzarny | :) | 21:20 |
KotCzarny | they just hate old protocols | 21:20 |
KotCzarny | and cut them short | 21:20 |
sicelo | 1.1.0h-4 | 21:20 |
sicelo | that's from jonwil. if there was a way to make all of maemosec work with this newer openssl | 21:21 |
sicelo | N900 is 10 years next year. :-) | 21:26 |
sparre | Backporting newer SSL/TLS libraries to N900/Maemo would be nice. | 21:32 |
bencoh | :) | 21:35 |
sicelo | it would be nice, indeed. i am not technically able. do we have someone who could offer? | 21:54 |
sicelo | jonwill took on part of the job (hence the openssl 1.1.0h) | 21:56 |
Generated by irclog2html.py 2.17.0 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!