09/06/2015, 08:47 AM
Unfortunately, one way or another, this IS a legacy webOS problem. It remains unclear, but is either:
Originally Posted by Jeff Marshall7
- A fault in the version of OpenSSL - Solution: replace this module (not as easy as it sounds - it's built in to the OS).
- A failure of webOS to request the SHA256 function - Solution: Patch webOS (requires being able to read the source code, proprietary or not. Might be possible for a skilled programmer.)
- An actual bug in invoking or passing the data correctly to OpenSSL or in the general approval process. - Solution: Patch webOS.
The fact that SHA256 certificates appear to work in the browser is actually good news as it implies the basic functionality is there, suggesting the fault is in the email app. I think it's been stated that the email app code is readable, perhaps even open source. So for someone who has the skill to understand and fix that code, a solution may be possible, but that it was apparently not noticed or fixed by Palm through all released versions of webOS is not encouraging.
webOS never had a large user-base and the enthusiasm came from those impressed by the UI and the ease with which webOS could be hacked/fixed. It is becoming increasingly like an old car held together with duct tape - the expense of a proper fix exceeds the cost of a new car. In our case, the cost is developer time - better spent on LuneOS. We remain fortunate that Grabber5.0 is developing ever better duct tape!
It is only the frequency of Google's changes that are highlighting this problem and in fact driving the development of the Grabber app. This is good, because the issue is not confined to Google, and more and more services will be moving to these certificates over the next few months (there is a deadline to deprecate ALL older type certificates).
I'll just humbly repeat my suggestion that compared to the effort Grabber5.0 is making to increase the ease of use by enabling root access, the effort of adding user input should be fairly easy. Hopefully, by version 5.0 it will not just be a Google Cert Grabber, but a Universal one.