10/18/2015, 04:34 PM
Lately, more and more webOS users have been experiencing the "error: requested encryption not supported by server" in the mail application, aka "the yellow triangle of death" (see webOS Nation thread).
TL;DR; Major servers on the web are moving away from SHA-1 to SHA-256 certificates. However, legacy webOS devices cannot natively process SHA-256 certificates, forcing users to trust server-presented certificates in their devices on a regular basis to keep their mail application working... No-one can survive that, not for long!
OpenSSL-Updater is a system-wide solution for webOS 1.x/2.x/3.x that brings SHA-256 certificates digest capability from the latest OpenSSL 0.9.8 release to your webOS smartphone/tablet (this is not to be confused with the optware version that gets installed in /opt).
OpenSSL-Updater is currently in alpha test.
At the moment, to get OpenSSL-Updater, you have to enable the alpha feeds in Preware. To do so, please follow these instructions. Then enable the "alpha-apps" feed.
Ideally, testing shall be conducted as follows (one step at a time, only a single parameter change per step):
- without the app installed, remove installed certs until you get the issue (yellow triangle, "error: requested encryption not supported by server", ...)
- install the app and verify the issue does not happen anymore
- remove the app, the issue shall be back
Alpha testers, please report issues directly in GitHub (can you also identify in this thread or PM me, we're not so many left in the field and your feedback is needed so we can safely move out of alpha/beta...)
Any other information/request you would like to share/ask, please report in this thread.
Installation / Removal
Just install OpenSSL-Updater from Preware.
To return your device to its original, unpatched state, simply uninstall the application (either directly from the device, through Preware or via the "palm-install -r org.webosinternals.openssl-updater" command).
A system reboot is required after installation/removal, as running programs will see their OpenSSL dynamic libraries change (and most certainly crash). This is automagically performed by the end of the installation/removal process.
The official documentation for OpenSSL-Updater can be found in the OpenSSL-Updater wiki page.
OpenSSL-Updater was successfully tested on the following devices:
- webOS 2.2.4 Emulator Image for Pre2/Pre3/Veer (started its life fresh from the SDK-2222.vmdk.zip emulator-images)
- webOS 2.2.4 Palm Pre2 (started its life quite some time ago after a visit to the webOS Doctor / webosdoctorp224pre2wr.jar), a day-to-day phone up to now
- webOS 3.0.5 WiFi Touchpad (most probably started its life 3.0.2, then went OTA 3.0.4 and 3.0.5), a day-to-day tablet up to now
- webOS 1.4.5 Emulator Image for Pre/Pixi (started its life fresh from the Palm/SDK distribution)
- webOS 1.4.5 Pixi Plus (in the state it was before being brought back from the shadows), resurrected for the sake of testing
Current version is meant/expected to work on webOS 2.x/3.x devices. As a "side-effect", it appears to work as well on webOS 1.4.x (still to be tested on a real device, though)!
Because OpenSSL libraries are being replaced live (for now), programs dynamically linked with those libraries are likely to crash and in-turn cause a system-wide crash (and reboot) with an unfinished installation, leaving the device in an intermediate unusable state (unix/novacom running but LunaSysMgr down). One specific case is being investigated on this suspicion, you've been warned!
Many thanks to Rod & the webOS Internals team for building the tools and the distribution infrastructure, this would not have been possible without their great work. Special thanks to Rod for his quick and effective support in accepting the app in the build system and reviving the WOI feeds.