Page 1 of 3 123 LastLast
Results 1 to 20 of 51
Like Tree51Likes
  1.    #1  
    I finally got around to making an app to update the root certs. This is mainly maintenance, but does remove 6 or 7 expired certs from the root certs installed on the various webOS devices. It should work on everything. Should not require a reboot, but it might if the file indexer doesn't notice right away.

    I got the original roots off the emulator. Removed the expired certs. Then added certs via:

    Certificate Authority Certificates

    which gets it's certs from mozilla
    https://hg.mozilla.org/releases/mozi...s/certdata.txt


    It won't remove expired certs from the certificate manager app. I encourage everyone to go through their installed certs, check details and the expired dates. Delete the expired ones.

    This is especially important for those testing the new openssl that have any old expired certs, like hotmail.com installed. From the openssl.org pages:

    If several CA certificates matching the name, key identifier, and serial number condition are available, only the first one will be examined. This may lead to unexpected results if the same CA certificate is available with different expiration dates. If a "certificate expired" verification error occurs, no other certificate will be searched. Make sure to not have expired certificates mixed with valid ones.
    On 1.4.5 devices it runs really quickly, since it only copies 2 files.

    On 2.x and 3.x it takes a couple of minutes as it has to go through all the certs and links in /var/ssl/certs; /var/ssl/trustedcerts; /etc/ssl/certs/trustedcerts

    for those interested the scripts are posted on github:
    https://github.com/frantid/webos-ope...ster/rootcerts
    Attached Files Attached Files
    French Pre3, UK Pre2, US Veer, German gsm Pre, 680, garmin ique 3600 & still have my working palm pilot 1000 with the 1 Mb adapter

    Please remove UberCalendar and google sync behavior patches prior to system updates.
    patch Google calendar sync behavior for 2.x.x and TouchPad (Oauth2 and advanced sync requirements enabled)
    Preference guide for MetaView's UberCalendar patch
  2. #2  
    Wait a minute!
    • C+DAV
    • Google sync fixes
    • Instructions to fetch certificates
    • Youtube fixes
    • LuneTube
    • Cert Grabber
    • Google API 3 update
    • SSL Updater
    • Root Certificate updates
    • (and all the stuff I've missed out)


    I was really convinced that webOS was a zombie OS, but at this rate...

    ...I'm expecting to see, "LuneOS ported to Pre3" by the end of the week.
    https://twitter.com/Herrie1982/statu...94531513970688

    I can't actually keep up with all these developments!
    Last edited by Preemptive; 10/28/2015 at 12:45 AM.
  3. #3  
    Quote Originally Posted by Preemptive View Post
    Wait a minute!
    • C+DAV
    • Google sync fixes
    • Instructions to fetch certificates
    • Youtube fixes
    • LuneTube
    • Cert Grabber
    • Google API 3 update
    • SSL Updater
    • Root Certificate updates
    • (and all the stuff I've missed out)


    I was really convinced that webOS was a zombie OS, but at this rate...

    ...I'm expecting to see, "LuneOS ported to Pre3" by the end of the week.
    That won't happen, but other great things are cooking currently! Really interesting things happening at the moment.... Not sure we'll be able to push out a release this month, but we'll try Depends on how things work out the next few days
    HP Veer (daily driver), HP Pre 3, HP Touchpad Proper 4G/LTE (Sierra MC7710), HP Touchpad 32GB WiFi, Palm Pre 2
    petbull likes this.
  4. #4  
    Quote Originally Posted by Herrie View Post
    That won't happen, but other great things are cooking currently! Really interesting things happening at the moment.... Not sure we'll be able to push out a release this month, but we'll try Depends on how things work out the next few days
    You managed dual boot on Blackberry PRIV testing device :shock:




    Just kidding.

    -- Sent from my Palm Pre using Forums
    Preemptive likes this.
  5. #5  
    You managed dual boot on Blackberry PRIV testing device :shock:




    Just kidding.

    -- Sent from my Palm Pre using [i]Forums
    I wish I had those kind of connections & skills :-P It would be an ideal successor to Pre 3 and Veer :-P Just the price :'( But usually those drop fairly quickky with BB. If they would offer some nice trade in offers or cash backs like they did with their other devices it might get attractive.


    -- Sent from my TouchPad Go using Communities
    HP Veer (daily driver), HP Pre 3, HP Touchpad Proper 4G/LTE (Sierra MC7710), HP Touchpad 32GB WiFi, Palm Pre 2
  6. #6  
    Quote Originally Posted by Preemptive View Post
    Wait a minute!
    • C+DAV
    • Google sync fixes
    • Instructions to fetch certificates
    • Youtube fixes
    • LuneTube
    • Cert Grabber
    • Google API 3 update
    • SSL Updater
    • Root Certificate updates
    • (and all the stuff I've missed out)


    I was really convinced that webOS was a zombie OS, but at this rate...

    ...I'm expecting to see, "LuneOS ported to Pre3" by the end of the week.
    https://twitter.com/Herrie1982/statu...94531513970688

    I can't actually keep up with all these developments!
    This is re-incarnation of webOS. My Yahoo and Gmail (IMAP) are working on my Palm Pre.

    Many thanks to frantid and others in this forum. Without their passion for webOS, hard work and help, webOS would have been long dead.

    My sincere thanks.

    I am updating my contact list on Palm Pre via outlook.com (microsoft). Update outlook.com contact list and then sync it to my Palm Pre. Otherwise, there is no other way besides updating it manually. Yahoo and Gmail contacts don't sync with Palm Pre and other options are limited to 2.x and 3.x devices.
    Sent via HP TouchPad using Forums
    Rnp likes this.
  7. #7  
    I have multiple questions:

    - does this replace the Grabber app, or work separately, and both should be installed (and occasionally used)?
    - does this require occasionally being ran manually (like the Grabber app), or is it an automatic process triggered by a cert request?
    - can i simply delete all existing certs, and let the app repopulate with valid certs?
    - is this similar to, in conflict with, or completely unrelated to, the OpenSSL thing that's in alpha at the moment?

    Thanks again for creating tools for webOS! You are keeping the lifeboat afloat!
    Sporting my 13th Pre device, a NOS unlocked ROW Pre3!
  8. #8  
    Certificates come in different ways

    There are these, called root certificates, which are on the top of a pyramid.

    These can be used to sign/create other certificates, that would be one step down from the top

    You can have any number of layers below.

    Every certificate which is on a lower level will hold information on the certificate from the level above which was used to create it.

    On your device/in your browser, when you browse the web, use the net, a program, like openssl, will try to verify whether in the chain of all these certificates every one is still valid.

    To be able to do this, a device/browser comes with a list of the top level certificates(root), and a program to check the chain.

    This tool updates these root certificates
    In another thread somebody published an update to OpenSSL

    Previously, the cert grabber tool, was needed to workaround some problems which basically should not occur anymore if you use above two mentioned updates.

    Maybe a bit basic how I describe it, but I hope it clarifies it all a bit



    -- Sent from my Palm Pre3 using Forums
    Preemptive and Rnp like this.
  9.    #9  
    Quote Originally Posted by TJs11thPre View Post
    I have multiple questions:

    - does this replace the Grabber app, or work separately, and both should be installed (and occasionally used)?
    It is separate. A certificate chain usually looks like: server certificate - some intermediate certificate (one or more of these) - root certificate. This app updates the root certificates. The Grabber app gets the server certificate. By having the server certificate on your device you skip verifying the certificate chain and verify the server directly. Normally you just need the root certificate not the server certificate on your device and openssl will use the root to verify the server certificate. But our openssl version is old and doesn't work with the newer SHA256 certificates. Until you update your openssl you will need to use the grabber app.

    - does this require occasionally being ran manually (like the Grabber app), or is it an automatic process triggered by a cert request?
    No just install it. There is no "app" to run. There might need to be another one at some point in time as more roots get updated to SHA256. You can uninstall it with Preware, it will leave the updated certificates on the device.

    - can i simply delete all existing certs, and let the app repopulate with valid certs?
    Don't do this. There are certificates on your device to cover software apps and cell phone carrier related certificates. You will need these and they aren't included in the update.

    - is this similar to, in conflict with, or completely unrelated to, the OpenSSL thing that's in alpha at the moment?
    It is a companion to it. In order to work correctly openssl needs to have a current set of root certificates installed and expired roots removed. That's what the app provides. It works on the certificates that you don't see with the certificate manager app. There are over one hundred certificates on any given webOS device that you don't see with the certificate manager app.
    French Pre3, UK Pre2, US Veer, German gsm Pre, 680, garmin ique 3600 & still have my working palm pilot 1000 with the 1 Mb adapter

    Please remove UberCalendar and google sync behavior patches prior to system updates.
    patch Google calendar sync behavior for 2.x.x and TouchPad (Oauth2 and advanced sync requirements enabled)
    Preference guide for MetaView's UberCalendar patch
  10. #10  
    thanks for these clear answers. Final Q's:

    - So after installing this, we'll still need to install the new OpenSSL thing that's currently in Alpha?

    - Why can't I download this directly to device? Why must every file provided in this site be downloaded to a PC first, then put on device with USB, then installed with Internalz Pro? isn't there an easier way YET?? (i tried from Forums app, it renamed it something with a really long number, then dashes between every word, AND it was an unsupported zip file format. I wish we had an OTA update solution!!! argh)
    Last edited by TJs11thPre; 10/29/2015 at 10:53 AM.
    Sporting my 13th Pre device, a NOS unlocked ROW Pre3!
  11.    #11  
    Quote Originally Posted by TJs11thPre View Post
    thanks for these clear answers. Final Q's:

    - So after installing this, we'll still need to install the new OpenSSL thing that's currently in Alpha?
    Yes. Once that is installed you should no longer need to run the grabber app.

    - Why can't I download this directly to device? Why must every file provided in this site be downloaded to a PC first, then put on device with USB, then installed with Internalz Pro? isn't there an easier way YET?? (i tried from Forums app, it renamed it something with a really long number, then dashes between every word, AND it was an unsupported zip file format. I wish we had an OTA update solution!!! argh)
    It's a limit of the webOS devices. I have never found a way around it.
    French Pre3, UK Pre2, US Veer, German gsm Pre, 680, garmin ique 3600 & still have my working palm pilot 1000 with the 1 Mb adapter

    Please remove UberCalendar and google sync behavior patches prior to system updates.
    patch Google calendar sync behavior for 2.x.x and TouchPad (Oauth2 and advanced sync requirements enabled)
    Preference guide for MetaView's UberCalendar patch
  12. #12  
    If you have a link to an IPK on the web directly, you can have preware install it from there.

    Forums 1.4.4 can open ipk directly from a link posted here.

    But if I remember correctly, we can not attach ipk to a post as an attachment.

    -- Sent from my Palm Pre3 using Forums

    EDITED: forgot to type not in front of attach.

    Also I just tested, I cannot download this zip attachment, not from within forums, nor directly from the post in the browser, seems a limitation of the forumsite with our webos
    Last edited by horzel; 10/29/2015 at 12:20 PM.
  13. #13  
    Quote Originally Posted by horzel View Post
    If you have a link to an IPK on the web directly, you can have preware install it from there.

    Forums 1.4.4 can open ipk directly from a link posted here.

    But if I remember correctly, we can not attach ipk to a post as an attachment.

    -- Sent from my Palm Pre3 using Forums

    EDITED: forgot to type not in front of attach.

    Also I just tested, I cannot download this zip attachment, not from within forums, nor directly from the post in the browser, seems a limitation of the forumsite with our webos
    Yes, the download manager in webOS does not get access to the browser cookies, so secure downloads (behind a login) do not work. Big shortcoming. There was a patch that added it for a number of sites, but it never made it past alpha status. It had to be hacked in to webOS.
  14. #14  
    Quote Originally Posted by TJs11thPre View Post
    ...

    - Why can't I download this directly to device?

    Why must every file provided in this site be downloaded to a PC first, then put on device with USB, then installed with Internalz Pro?

    Isn't there an easier way YET??

    (i tried from Forums app, it renamed it something with a really long number, then dashes between every word, AND it was an unsupported zip file format. I wish we had an OTA update solution!!! argh)
    Isn't Preware supposed to be that easier way? Is there any reason why this Root Cert Updater app is not in Preware? Just wondering...

    Thank you, frantid, for creating this very important app for us!
    TJs11thPre and Rnp like this.
  15. #15  
    Yeah, this can be put into Preware.
    TJs11thPre likes this.
  16. #16  
    Quote Originally Posted by UI Designer View Post
    Isn't Preware supposed to be that easier way? Is there any reason why this Root Cert Updater app is not in Preware?
    Maybe also try 'OpenSSL-Updater'? It is probably still under the Alpha App Testing Feeds there, until proven stable.
    By activating this feed you also agree to be subject to the Alpha Testing 'Rules' etc, naturally!

    Testing Feeds - WebOS Internals

    Last edited by Mutoidi; 10/30/2015 at 04:20 AM.

    TP 32Gb 4G. 3.0.5 / CM10. ~ Pre3 16Gb GSM. 2.2.4. ~ TS2 BT Audio-Dock ~ HP iPaq. hx-2790b.
    TP 32Gb Wifi. 3.0.5 / CM10. ~ Veer (Wht.) 8Gb GSM. 2.2.4. ~ HP Omen-15-5206tx. 256Gb SSD. i7-O/C@3.39Ghz. Win10.
  17.    #17  
    I haven't added it to Preware yet. I will after I get access -- never needed it to submit patches.
    French Pre3, UK Pre2, US Veer, German gsm Pre, 680, garmin ique 3600 & still have my working palm pilot 1000 with the 1 Mb adapter

    Please remove UberCalendar and google sync behavior patches prior to system updates.
    patch Google calendar sync behavior for 2.x.x and TouchPad (Oauth2 and advanced sync requirements enabled)
    Preference guide for MetaView's UberCalendar patch
  18. #18  
    I don't know what the limitations or obstacles are with adding to Preware, but this seems to be the best way for new webOS solutions to be distributed to the public.

    I really wish it was utilized to its full potential. Trying to pull links and share resources through the forum is just not as efficient.

    Thanks to everyone who IS supplying these webOS solutions. Your efforts are appreciated, even if i can't actually use them!
    Sporting my 13th Pre device, a NOS unlocked ROW Pre3!
  19. #19  
    You need an account on WebOSNation that's activated etc. Alternatively you could submit it to the PivotCE one since the guys there are more on the ball lately it seems.

    -- Sent from my TouchPad Go using Communities
    HP Veer (daily driver), HP Pre 3, HP Touchpad Proper 4G/LTE (Sierra MC7710), HP Touchpad 32GB WiFi, Palm Pre 2
  20.    #20  
    It should be in now. It's under utilities.
Page 1 of 3 123 LastLast

Similar Threads

  1. Can't Install Root Cert on TP Go 3.0.4
    By boovish in forum Other webOS Tablets
    Replies: 3
    Last Post: 02/21/2014, 02:34 PM
  2. EAS with root & client cert?
    By ckgoodwin in forum webOS Synergy and Synchronization
    Replies: 11
    Last Post: 09/29/2009, 05:13 PM
  3. to root or not to root..that is the question
    By horrorshow13 in forum General News & Discussion
    Replies: 11
    Last Post: 09/01/2009, 03:17 PM
  4. To Root or not to Root, that is the question.
    By cashen in forum webOS Development
    Replies: 3
    Last Post: 06/13/2009, 08:28 PM

Posting Permissions