**** BEGIN LOGGING AT Fri Oct 02 02:59:59 2015 Oct 02 06:34:36 Morning! Oct 02 06:35:54 Herrie: My build environment is finally building, it seems (it still hasn't completed a build, but it's very close to finishing its first without crashing). Oct 02 06:39:21 Herrie: I was looking into #965 and wondered if the reason you linked to blog posts specifying how to use OpenSSL directly is because we want to ditch PmCertificateMgr or if the intention is to use PmCertificateMge API? Oct 02 06:45:32 iscgar the PmCertificateMgr API needs to be extended so it can display the cert info like on legacy Oct 02 06:46:01 I linked the blog because it had some sample code that looked pretty plug & play to me, but then again I'm a C++ n00b Oct 02 06:46:12 Good to hear your environment is building now :) Need to setup mine too :P Oct 02 06:46:42 Seems mine has a X2 550 CPU, might bump that to 6 cores instead :P Oct 02 06:48:42 Herrie, see PM Oct 02 06:50:08 Herrie: Looking at https://github.com/webOS-ports/certmgrd/blob/master/src/certmgr_service.c it seems to me that using PmCertificateMgr CertX509ReadStrProperty function and passing X509Properties enum values is all we need to get all the needed data. Oct 02 06:54:41 Herrie: unless the JSON there isn't complete (which seems the case, since the Certificate Manager app displays more information) Oct 02 06:57:00 Morning! Oct 02 06:57:51 morphis: ping Oct 02 07:08:30 Tofe: pong Oct 02 07:14:15 morphis: I'm struggling a little bit to get PalmServiceBridge integrated into webengine (but will succeed I think), and I wondered: wouldn't it be much more easier if it was provided as a UserScript + WebChannel object? Oct 02 07:15:12 As far as I can see, the WebOS apps do things like a=new PalmBridgeService(subscribe); a.call("uri"); Oct 02 07:16:49 Herrie: ok, so looking at the Certificate Manager app I can see that the JSOn there is of different format. Should we stick to the legacy format? Oct 02 07:19:14 Herrie: also, it seems that we use PmCertificateMgr from openwebos repositories. Should we fork it? Oct 02 07:20:33 Tofe: I tried that in the past but that ends up very complex in terms of managing multiple instances and mapping it correctly Oct 02 07:20:41 also across different levels of frames etc. Oct 02 07:20:56 that is why we just used what was already available from legacy Oct 02 07:21:20 morphis: there should be only one instance per app? Oct 02 07:21:48 Tofe: that would be easy Oct 02 07:22:00 then a singleton would be good to manage Oct 02 07:22:12 in the backend it is managed by a single connection Oct 02 07:22:15 to ls2 Oct 02 07:22:26 but PalmServiceBridge can be instantiate multiple times Oct 02 07:22:34 depends a bit on how enyo wraps that or who else Oct 02 07:23:00 Tofe: we could also change and switch to a different abstraction but that would require to modify enyo1 and all enyo2 users Oct 02 07:23:07 mmh... well, if you tried it already, I don't think it's worth running towards the same wall again :) Oct 02 07:23:09 which isn't a real option Oct 02 07:23:16 Tofe: I would prefer that Oct 02 07:23:37 Anyway I nearly already have PalmServiceBridge integrated Oct 02 07:23:41 nice! Oct 02 07:23:48 it works also at runtime? Oct 02 07:24:10 Not yet, there were mistakes in the adaptation of the IDL I made Oct 02 07:24:18 ok Oct 02 07:24:29 Tofe: just out of interest, you have the code already somewhere? Oct 02 07:24:32 (because there is a standard, but of course everyone has its own version...) Oct 02 07:24:40 morphis: sure Oct 02 07:25:02 https://github.com/Tofee/qtwebengine-chromium and https://github.com/Tofee/qtwebengine branch tofe/work Oct 02 07:29:09 iscgar: morphis wrote our certificate manager he might know more Oct 02 07:29:23 Tofe: really nice! Oct 02 07:29:34 Herrie|Veer: ? Oct 02 07:29:41 Basically our current API doesn't provide the display certificate functionality and it would be good to have that. Oct 02 07:30:13 for sure Oct 02 07:30:30 morphis: iscgar is looking into #965 Oct 02 07:30:38 morphis: I'm looking into #965 Oct 02 07:30:50 Herrie: ahh, you beat me there :) Oct 02 07:30:58 Seems OWO provides pmcertificatemgr and you wrote certmgrd Oct 02 07:31:46 Legacy had the option to display certificate info before you would accept it. We lack that currently Oct 02 07:34:16 right, so the cert management lib should already provide most bits for this Oct 02 07:34:23 we just have to extend certmgrd Oct 02 07:36:38 morphis: Ok. Since certmgrd is using pmcertificatemgr and it doesn't have the required functionality, should we fork pmcertificatemgr and extend it? Oct 02 07:37:10 also, should we stick to legacy format of the JSON? Oct 02 07:37:13 iscgar: let me take a quick look Oct 02 07:38:09 iscgar: what are you missing from pmcertificatemgr? Oct 02 07:38:27 Well our certmgr is in Settings app so we don't need to stick to legacy 1:1 I guess? Not sure there would be a need to deviate though? Oct 02 07:39:43 iscgar: basically https://github.com/openwebos/pmcertificatemgr should already have everything needed for this Oct 02 07:40:51 morphis: signature and public key are not available through pmcertificatemgr Oct 02 07:42:19 if that is missing feel free to fork pmcertificatemgr Oct 02 07:42:34 for the ls2 api we can diverge and don't have to stick to legacy Oct 02 07:45:45 morphis: sure, but legacy's structure of the JSON (subject.altname) seems a bit nicer than ours (subjectAltname). Should I change it to legacy's format? Oct 02 07:45:47 morphis, can you fork it since we cannot into ports? Oct 02 07:46:02 Then we can take it from there? Oct 02 07:46:03 iscgar: fine for me Oct 02 07:46:05 Herrie|Veer: yes Oct 02 07:47:13 Herrie|Veer: done Oct 02 07:47:20 https://github.com/webOS-ports/pmcertificatemgr Oct 02 07:48:12 morphis: thanks. Will get to it then. Oct 02 07:48:27 Seems you gave me access already too? Oct 02 07:48:39 Herrie|Veer: yes Oct 02 07:50:19 Nice :) Oct 02 08:43:22 iscgar: Switched the recipe in meta-webos-ports/fido to our new fork and building a new nightly now Oct 02 08:45:17 Herrie: thanks. currently cleaning up the code at pmcertificatemgr to ease maintainability from now on Oct 02 08:46:11 :) That's always good. When this is out of the way we also need to see how we can integrate it with the browser certificate management at some point in time. Oct 02 08:46:35 It seems it uses it's own store for now while on legacy that was shared for the whole device Oct 02 08:47:24 But that might be something Tofe can tackle since he's deep into WebEngine already anyway :P Oct 02 08:49:46 Herrie|Veer: we'll see, we'll see :) Oct 02 08:55:46 Tofe: Just seems that browser has it's own certificate handling/store while on legacy it used the central one. Oct 02 08:58:14 Herrie|Veer: indeed it has Oct 02 09:04:10 Not sure how difficult it would be to switch that, but I guess we can revisit that sometime when you're done with the migration. Oct 02 09:06:01 Herrie|Veer: yes, one thing at a time :) Oct 02 09:06:55 Tofe: Yes, it's merely cosmetics in general but it would be good to have it streamlined at some point in time :) Oct 02 09:07:12 I guess we could hijack https://github.com/Tofee/qtwebengine-chromium/blob/tofe/work/chromium/content/public/browser/cert_store.h Oct 02 09:12:36 Tofe: Yeah that sounds like a plan. There would need to be a few more things with the actual acceptance of the certificate which would need to call the certificatemgr to import it etc Oct 02 14:34:54 mmmh looks like I didn't understand well how the chromium build system was working. The PalmServiceBridge wrapper was not part of the build yet. So I have some some build errors to fix before being able to see it in action. Oct 02 15:28:41 Tofe: Baby steps are also steps :) Getting closer and closer :) **** ENDING LOGGING AT Sat Oct 03 02:59:58 2015