Page 1 of 2 12 LastLast
Results 1 to 20 of 31
Like Tree9Likes
  1.    #1  
    Squid SSL Bump
    Description:
    Squid Web Proxy allows bumping insecure SSL connections when required in a sense providing TLS 1.2 support to webOS.
    This is done transparently by intercepting webOS connections, decrypting them, and then encrypting using higher protocol.
    Squid certificate should be installed in webOS certificate manager to get rid of validation errors.
    The proxy forwarding must be enabled by any suitable webOS proxy application, e.g. ProxySwitch.
    More: Feature: Squid-in-the-middle SSL Bump

    Screenshots:


    Sources:
    https://gitlab.com/nizovn/com.nizovn.squid
    https://gitlab.com/nizovn/preware_fe...packages/squid

    Installation:
    The application package is available in nizovn/preware_feed, but due to TLS 1.2 requirement of GitLab, it should be installed manually after installing also com.nizovn.glibc, com.nizovn.cacert (not used, needed for openssl to install) and com.nizovn.openssl.

    Usage:
    After installation, launch the application and tap on "Generate && Install Certificate" button. This will install squid certificate into webOS. Then start squid by "Start" button.
    The certificate will need to be updated manually when it expires. Certificate change will take effect after squid restart.
    Use any webOS proxy application to setup forwarding to squid: IP 127.0.0.1 port 3128.

    Changelog:
    4.8-0: Initial version
    Last edited by NIN_ru; 09/14/2019 at 07:11 AM.
  2. #2  
    Uhm.... something is maybe wrong.

    nizovn feed on gitlab : preware gives a SSL certificate error

    with nizovn openssl 1.0.2p , project macaw 2018 keeps giving the usual white empty page on registering
    with 1.0.2l , the page was opening but squid gave a cert error

    Forgot, the above was on a go

    On a pre3, the feed on gitlab gives a strange unpacking error.
    Last edited by mazzinia; 09/09/2019 at 03:10 AM.
  3. #3  
    This could be huge! I was so excited when I saw this pop-up on the @PrewareUpdates Twitter feed today!
    An on-device squid proxy was exactly the idea I was thinking of a few months ago. (I know that sounds weird and petty, but whatever.)

    Short of actually replacing the SSL/TLS webOS system libraries, an on-device proxy that also "upgraded" the TLS connection to TLS 1.2 was what I thought could be the next best option.

    Not ashamed to see NIN_ru had the same idea and the ability/talent to actually write the code to do it.

    I really hope this works! I'm going to test it on my TouchPad.
    Last edited by George Mari; 09/08/2019 at 09:58 PM.
    Preemptive likes this.
  4. #4  
    NIN_ru: Seems that the glibc package is stuck installing on my Veer for about 3 hrs already. I copied the IPK to the device and tried to install with Preware. Any suggestions on how to debug what's the issue?
    HP Veer (daily driver), HP Pre 3, HP Touchpad Proper 4G/LTE (Sierra MC7710), HP Touchpad 32GB WiFi, Palm Pre 2
  5. #5  
    Success! Here is a screen capture from my TouchPad of the squid project page on gitlabs, as proof.

    browser_2019-09-09_074147.png

    I had already installed the glibc and openssl packages from Qt webbrowser and/or Qupzilla.

    NIN_ru: After downloading and installing the package manually from the Preware feed folder on gitlabs, I ended up re-running the postinst script manually on the device. Then pressed the button to generate a certificate, then installed and configured the Proxy Switch app as suggested, and it worked.

    proxyswitch_2019-09-09_074204.png
  6. #6  
    Based on what I can see using the ps command, squid is using about 26MB of resident memory, and about 35MB of virtual memory - if I'm reading the output right. Not bad at all, considering everything it is doing.
  7. #7  
    Nice save! Can't wait to try this!
  8. #8  
    well, weird. on the Go I can go to twitter ( https ) on the stock browser (even if the rendering is bad) using squid.
    But i cannot go to gitlab, is unable to load the page

    I guess is an issue with the Go. on the pre3 I can open gitlab in the stock browser ( just is slow like hell )
    Last edited by mazzinia; 09/09/2019 at 09:17 AM.
  9. #9  
    @george mari . But the version originally installed of openssl is 1.0.2l and at least to me gave issues with squid
  10. #10  
    Quote Originally Posted by Herrie View Post
    NIN_ru: Seems that the glibc package is stuck installing on my Veer for about 3 hrs already. I copied the IPK to the device and tried to install with Preware. Any suggestions on how to debug what's the issue?
    Solved, reboot and could install via Preware

    [edit]
    It seems to work fine on the Veer. The Proxy Switcher app would need some work to display better on the Veer though. But can load GitLab, GitHub and update Macaw to 1.8.1 from 1.8.0 so seems things are working. Macaw 2018 seems to work as well. Do receive Tweets and can send some
    [/edit]
    Last edited by Herrie; 09/09/2019 at 10:08 AM.
    HP Veer (daily driver), HP Pre 3, HP Touchpad Proper 4G/LTE (Sierra MC7710), HP Touchpad 32GB WiFi, Palm Pre 2
  11. #11  
    Quote Originally Posted by mazzinia View Post
    @george mari . But the version originally installed of openssl is 1.0.2l and at least to me gave issues with squid
    What issues, if any, beside what you posted earlier?

    -- Sent from my Palm TouchPad using Forums
  12. #12  
    Quote Originally Posted by Herrie View Post
    Solved, reboot and could install via Preware

    [edit]
    It seems to work fine on the Veer. The Proxy Switcher app would need some work to display better on the Veer though. But can load GitLab, GitHub and update Macaw to 1.8.1 from 1.8.0 so seems things are working. Macaw 2018 seems to work as well. Do receive Tweets and can send some
    [/edit]
    Interesting you were able to get Macaw 2018 working - I could not. I'm trying to remember my debugging process. :-)
  13. #13  
    I got Macaw 2018 working again, mostly. I re-started Squid, Proxy Switch, then Macaw 2018, and I was able to get a fresh timeline.

    I added some debug logging statements, and found that before I restarted everything, a webOS API call to check if there was a working Internet connection, was failing.

    -- Sent from my TouchPad using Communities
    Grabber5.0 likes this.
  14. #14  
    Quote Originally Posted by George Mari View Post
    I got Macaw 2018 working again, mostly. I re-started Squid, Proxy Switch, then Macaw 2018, and I was able to get a fresh timeline.

    I added some debug logging statements, and found that before I restarted everything, a webOS API call to check if there was a working Internet connection, was failing.

    -- Sent from my TouchPad using Communities
    I've seen the connection check fail sometime in the past randomly as well with some other apps such as Email or Communities on TP.

    Sent from my Redmi Note 4 using Tapatalk
    HP Veer (daily driver), HP Pre 3, HP Touchpad Proper 4G/LTE (Sierra MC7710), HP Touchpad 32GB WiFi, Palm Pre 2
  15. #15  
    Quote Originally Posted by George Mari View Post
    What issues, if any, beside what you posted earlier?

    -- Sent from my Palm TouchPad using Forums
    Well, I got a lot of messages from squid about the certificate not being accepted by the websites
  16. #16  
    I updated the ProxySwitch app and named it ProxySwitcher so it can work properly on Pre 1/2 and Veer. Pre 3 should work as well. New IPK available via: https://github.com/Herrie82/ProxySwi...ases/tag/1.2.0 I've submitted it to PivotCE feed as well (pending approval).
    HP Veer (daily driver), HP Pre 3, HP Touchpad Proper 4G/LTE (Sierra MC7710), HP Touchpad 32GB WiFi, Palm Pre 2
    gazaud likes this.
  17. #17  
    Quote Originally Posted by mazzinia View Post
    Well, I got a lot of messages from squid about the certificate not being accepted by the websites
    Maybe try deleting that certificate in the webOS Certificate Manager, and try creating a new one? I haven't seen that error yet myself.
  18. #18  
    That's a test I tried, and didn't change things.

    Then I noticed that the version of openssl from nizovn on gitlab was 1.0.2p "now" , while the one I had installed from him was 1.0.2l . Once upgraded the certificate issue ended, but gitlab is totally not working on the Go, and preware gives an ssl error with gitlab
  19. #19  
    Well, This is working well on my pre3. I had switched to android for my daily as The pre3 no longer could access pretty much anything anymore before this squid in the middle update. Now twitter, email, and some websites work again. All the websites I tried would at least send data. Whether or not you could read it is of course a different problem. When asking what ssl version I am using. It returns LTS 1.2. So this is a big help to anyone that wants to still use an old webos device. Now the question is, do I want to go back?
  20. #20  
    After using this for a day or so, I'm seeing I have to restart things after the device sleeps for a while. Which is fine for me, and how I use my TouchPad these days.

    I just want people to realize this may not always be 100% seamless, set it forget it.
Page 1 of 2 12 LastLast

Similar Threads

  1. SSL certificate problem
    By anthonb in forum webOS Discussion Lounge
    Replies: 3
    Last Post: 03/10/2019, 03:08 PM
  2. Preware SSL certificate problem
    By anthonb in forum Palm Pre 2
    Replies: 0
    Last Post: 03/03/2019, 02:18 PM
  3. Impossible to load some websites because of SSL-Error
    By Nafetz in forum webOS Discussion Lounge
    Replies: 5
    Last Post: 09/05/2017, 12:34 PM
  4. webOS SSL certificate updater
    By dkirker in forum webOS Discussion Lounge
    Replies: 11
    Last Post: 10/12/2014, 08:33 PM
  5. New SSL Bug - Not Heartbleed
    By ToniCipriani in forum webOS Discussion Lounge
    Replies: 2
    Last Post: 06/22/2014, 06:18 AM

Posting Permissions