**** BEGIN LOGGING AT Fri Aug 25 03:00:03 2017 Aug 25 11:30:47 hi Aug 25 12:33:33 hi jonwil Aug 25 13:18:29 sicelo, saw your post about AGPS Aug 25 13:19:38 AGPS works 100% for me with version 0.2.9 of maemosec-certman* Aug 25 13:21:37 I see nothing wrong with the output from the cmcli commands and nothing to suggest that something is broken with the certificates. Aug 25 13:22:12 supl.nokia.com currently returns a 3-certificate chain, the root of which is VeriSign Universal Root Certification Authority Aug 25 13:22:37 The VeriSign Universal Root Certification Authority certificate exists in the common-ca certificate store but NOT in the location-proxy certificate store Aug 25 13:23:02 which is why your cmcli -T location-proxy -v supl.nokia.com:7275 command thinks its a self-signed certificate and your cmcli -T common-ca -v supl.nokia.com:7275 command doesn't Aug 25 13:23:06 weird then. wonder what's up on my device. absolutely no A-GPS Aug 25 13:23:32 If you run it with both -T location-proxy and -T common-ca (in either order) it should correctly find the VeriSign Universal Root Certification Authority certificate Aug 25 13:23:42 What IP do you have in /etc/hosts for supl.nokia.com? Aug 25 13:24:07 I am using 52.22.201.16 Aug 25 13:24:12 me too Aug 25 13:24:24 very weird that its not working Aug 25 13:25:00 Can you properly ping/tracert supl.nokia.com from your N900? Aug 25 13:25:37 wait never mind on that, the machine doesn't answer pings Aug 25 13:25:41 so its not going to work Aug 25 13:25:44 syslog: Aug 25 13:25:46 Aug 25 15:25:16 Nokia-N900 location-proxy[1332]: GLIB DEBUG default - Socket to supl.nokia.com opened, fd=12, verify_res=19 Aug 25 13:25:50 Aug 25 15:25:16 Nokia-N900 location-proxy[1332]: GLIB WARNING ** default - host: supl.nokia.com not verified, result: 19 Aug 25 13:25:56 and then, Aug 25 13:26:16 Aug 25 15:25:17 Nokia-N900 location-proxy[1332]: GLIB WARNING ** default - Connection to h-slp.mnc000.mcc653.pub.3gppnetwork.org:7275 failed Aug 25 13:26:19 Aug 25 15:25:17 Nokia-N900 location-proxy[1332]: GLIB WARNING ** default - error:2006A066:BIO routines:BIO_get_host_ip:bad hostname lookup Aug 25 13:28:47 What output do you get if you type nslookup supl.nokia.com on your n900? Aug 25 13:29:29 Name: supl.nokia.com Aug 25 13:29:29 Address 1: 52.22.201.16 supl.nokia.com Aug 25 13:29:53 That's as it should be Aug 25 13:30:36 there's something causing me to get that "not verified" result, and it would seem to me cert-related. i should investigate further Aug 25 13:31:18 do you get the outcome in your logs? Aug 25 13:31:24 *that Aug 25 13:31:35 no, I get the correct output with verify_res=0 Aug 25 13:31:46 exactly as i expected Aug 25 13:32:02 Its very weird that its printing "connection to h-slp.mnc000.mcc653.pub.3gppnetwork.org:7275 failed" Aug 25 13:32:49 that's expected .. seems when if fails to communicated with specified supl server, it then tries to resolve it via cellular operator Aug 25 13:33:09 you cn get that if you, for example, put in a wrong IP Aug 25 13:34:11 maybe i should try a different supl server. do you have the other IPs handy? Aug 25 13:35:43 What output do you get if you type openssl s_client -showcerts -connect supl.nokia.com:7275 ? Aug 25 13:36:13 run on your N900 that is Aug 25 13:36:25 That will display the entire certificate chain that the server is sending you Aug 25 13:38:38 http://paste.debian.net/982994/ Aug 25 13:40:08 openssl s_client and liblocation don't use the same store iirc Aug 25 13:40:14 liblocation uses certman Aug 25 13:40:39 If you run the same command but add -CAPath /etc/certs/common-ca what do you get for the "verifiy" lins? Aug 25 13:40:44 (yes, this whole ssl/tls stuff is a mess ... and gnutls has yet another one) Aug 25 13:41:06 openssl s_client will use the same store as certman if you pass the right -CAPath (the one above) Aug 25 13:41:45 As the current maintainer of certman, I do know how all this works :) Aug 25 13:42:20 Reading the pastebin, it looks like sicelo gets identical certificates from supl.nokia.com as me. Aug 25 13:42:52 so that's not the problem. Aug 25 13:43:15 makes sense to get same, but my liblocation prefers the non-working one :-/ Aug 25 13:43:31 http://paste.debian.net/plain/982995 Aug 25 13:44:38 What version does dpkg -l give for location-proxy? Aug 25 13:44:45 Should be 0.100-1+0m5 Aug 25 13:45:19 yes i have that one Aug 25 13:46:26 what flavor of CSSU are you using? Aug 25 13:46:38 thumb Aug 25 13:46:47 and is it up-to-date with the latest version? Aug 25 13:47:12 yes, Aug 25 13:47:51 1Tmaemo11+thumb0 Aug 25 13:49:49 ok, so community-thumb repo only has version 0.2.2 of maemosec-certman-common-ca, where did you get the 0.2.9 version you are running now? Aug 25 13:50:11 Or maybe I am looking at an obsolete commubity-thumb repo somehow... Aug 25 13:52:17 devel .. i reported the problem that got solved by 0.2.9 Aug 25 13:52:46 ok. Aug 25 13:55:46 Any chance you can send me a copy of your /etc/certs and /etc/secure folders so I can compare them with what they should be? Aug 25 13:55:58 sure Aug 25 13:56:00 Great. Aug 25 13:58:51 don't have somewhere to upload to (from N900) .. doesn't contain any confidential info afaict. could i post on the tmo post? Aug 25 13:58:56 yeahmaemosec-certman-common-ca Aug 25 13:59:01 yeah do that Aug 25 13:59:06 No there is nothing sensitive in there Aug 25 14:00:45 oh yeah one more thing, what version do you get if you do dpkg -l libssl0.9.8? Aug 25 14:01:44 ii libssl0.9.8 0.9.8zh-1+maemo1+0m5+0cssu SSL shared libraries Aug 25 14:03:14 Ok, thats what I have Aug 25 14:04:15 Ok so I can rule out a problem with supl.nokia.com address being wrong and a problem with supl.nokia.com not sending same certificates and a problem with having wrong version of any of the relavent packages Aug 25 14:04:32 uploaded Aug 25 14:07:24 included both dirs Aug 25 14:08:26 Ok you have some differences in your CA store which might be the cause of your problem. Aug 25 14:08:48 can you get me the output of dpkg -L maemosec-certman-common-ca? Aug 25 14:08:57 and also dpkg -s maemosec-certman-common-ca? Aug 25 14:11:31 How did you install maemosec-certman 0.2.9 btw, did you install it by adding cssu-testing to your repo list and then doing apt-get or did you install it by downloading the deb files and installing with dpkg? Aug 25 14:12:26 it's a while ago, can't remember Aug 25 14:12:33 ok. Aug 25 14:13:25 http://paste.debian.net/983003/ Aug 25 14:14:30 http://paste.debian.net/plain/983004 Aug 25 14:25:15 Ok so the best thing to try now is to download http://maemo.merlin1991.at/cssu/community-devel/pool/free/m/maemo-security-certman/maemosec-certman-common-ca_0.2.9_all.deb and install it with dpkg -i Aug 25 14:30:54 Does installing that fix your problem? Aug 25 14:34:10 without reboot, same issue. let me reboot and see Aug 25 14:40:06 Any luck? Aug 25 14:44:13 yay! Aug 25 14:44:17 thanks jonwil Aug 25 14:44:19 working now Aug 25 14:44:25 great. Aug 25 14:44:42 Good to know that a reinstall seemes to have fixed whatever certificate was causing issues Aug 25 14:49:24 Some time when I get the chance (i.e. when its not "A.M. Very, very A.M" (as they said in Apollo 13) I will update maemosec-certman with the latest root CA certificates. Aug 25 14:49:59 Its too much work to try and remove the no-longer-needed special-case location-proxy root CA certificate and its not harming anything by leaving it there so I wont try and remove it :) Aug 25 14:54:31 thanks. i could see (from logs) that it was something to do with certs .. unfortunately it didn't occur to reinstall :-) Aug 25 15:01:20 Posted in the tmo thread with some tips (check the IP address matches the one I am using to be sure you have the right one, check that you are running 0.2.9 and if not, install 0.2.9 and if the IP is correct and you are running 0.2.9 and it still wont work, try reinstalling the certman-common-ca package) Aug 25 15:01:30 So hopefully anyone else with problems will have some tips to try now Aug 25 15:02:42 yes i saw it. marvellous Aug 25 16:18:07 isn't suppl SSL secured? Aug 25 16:19:01 nevermind Aug 25 16:27:44 Seems I have 0.2.3 Aug 25 18:44:38 i see there are few cli versions of facebook chat. Most written in javascript. Would any of them work with N900? Aug 25 19:40:36 try :-) Aug 25 19:42:25 sicelo: couldn't find any from repos ;) Aug 25 19:42:50 and while i dug more of it, im pretty sure it is pointless to try oven Aug 25 19:43:11 try github Aug 25 19:43:22 it needs node.js 6 or 7 and we have 0.8 Aug 25 19:46:18 also needs npm Aug 25 19:51:08 there's a messenger capable plugin for pidgin .. maybe check its dependencies Aug 25 19:51:19 * sicelo doesn't use facebook chat Aug 25 19:53:08 it needs newer glibc i recall Aug 25 19:53:28 or something newer anyways Aug 25 19:54:06 but i think im gonna try cli version on my devuan n900. There it should work without problems Aug 25 20:00:06 Vajb: devuan-n900 has sms and phone-calls? Aug 25 20:00:55 I wouldn't go near it either. Aug 25 20:01:44 Isn't there a web interface? Aug 25 20:08:57 sunshavi: i haven't managed to get even x yet. This also might explain my enthusiasm towards cli ;) Aug 25 20:11:07 sixwheeledbeast: it works well in opera browser, but it annoys me a lot. Because to get new messages i have to refresh the page. Probably if i knew how to, it would be possible to scrape together something with parts of opera and some stand alone app or cli. Aug 25 20:12:43 ideal would be irss facebook plugin :D Aug 25 20:12:51 irssi* Aug 25 21:02:33 I imagine you should be able to do SMS just using ofono and the Python scripts included with it. Aug 25 21:03:16 (it won't be very nice interfacially though) Aug 26 00:30:55 maxdamantus: very nice. What about phone calls?. are you talking just about cli, right? Aug 26 01:20:19 sunshavi: yes, just CLI. Aug 26 01:21:18 Vajb: You can look into bitlbee. I have not researched it for years, do not even know if it is still maintained. Aug 26 01:21:21 sunshavi: last time I tried was before there was open cmt-speech code, but iirc I was able to make calls but not hear/say anything. Aug 26 01:26:28 I primarily use Facebook Messenger in Pidgin on my home computer but there are some times when I have to use Facebook Messenger for the Android OS or the Facebook or Facebook Messenger Web site because what I need to do is not possible with the Pidgin (actually, libpurple) plug-in. There used to be Finch, which uses the same backend/stack as Pidgin but uses text/character mode. Presumably Finch is still maintained? Aug 26 01:39:29 I wonder if there is some model of smartphone running the Android OS with an integrated hardware keyboard of which I am unaware because it is marketed to business instead of consumers. I noticed that, at least in my area, the courier companies, at least FedEx and the UPS, still use a handheld computer with both a touch screen and an integrated hardware keyboard for text input instead of playing the frustrating game of trying to use a touch screen to edit Aug 26 01:39:29 text. The integrated hardware keyboard is one of the best hardware features of the Nokia N900 in my opinion even though I prefer the integrated hardware keyboard of the Nokia C6-00. **** ENDING LOGGING AT Sat Aug 26 03:00:01 2017