Skip to Content.

geteduroam - Re: Cert setting not configured by geteduroam on Lineage Phone

Subject: An open discussion list for topics related to the geteduroam service

List archive

Re: Cert setting not configured by geteduroam on Lineage Phone

Chronological Thread 
  • From: Paul Dekkers <paul.dekkers AT>
  • To: Martin Pauly <pauly AT>, geteduroam AT
  • Subject: Re: Cert setting not configured by geteduroam on Lineage Phone
  • Date: Thu, 25 Feb 2021 21:30:01 +0100
  • Arc-authentication-results: i=1; 1; spf=pass; dmarc=pass action=none; dkim=pass; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed;; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=mp8jpPZAD0TTjIvtGQr0oCnI2jr3B09fNnkCevzbv3w=; b=XyNtRTsAQKInjeftmNighuF4NwlgHXB6ftP2lv4aqwfG659AVcV6UuvPq2Fic2GG4RW1hq21aQujF+2ZY91hj4v1bpaeXYfsy9bcqEa3LuxxyKZeuR7IvLXC/xMrtbov0ehQJz4WRX2ioQ7UJQlcJXiLyF9/kWzIq71hPSshEOMyAFb2AWYe9L+HwlcJ2g50hPAZZtWp5vJw/MWTiWQU/pkxz8sVLnXmtOWUGJdXXN46DUlfyfuwYPgErwygHTHrtPKPBXIsvml8VIUKjoG1U7A8HLNwjAdM6SiO2NWBx21Mvvk/950vHy8w9bfASCav0dThMrKU+M1kYAGB3IuFvg==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901;; cv=none; b=HrYsrc/CXE1XyuBHJVtB4Jn2C1Y2Q3OBhaXfR3QUPFoQ00e7CPoKsvdisR1pDvW5EZMiWiU/2MM7WRJcx51uwfEpDWQjXLDgufDnUgxRoV4WkMmrPEgV3zrkGLWxNUjqbvAi3+9nkXkFMP/sM7kqqvTP/mlocM9ym70GzJxjP7DiIeyCOx4w0EzYM+RuquHHadDxHcAwqdquYNDY0OoorEVutfniii0+lI9hZgyXa88pwGt73g5EOUq00FXu1wGoCBp4wpQeHfl2uES1tYGIFi51wFe75YETGnZ1Kia8A0oqAfEnQK5Zw2gZyCyoRJCVnUAxp0cvdYViIsPceTvjHQ==
  • Authentication-results:; dkim=none (message not signed) header.d=none;; dmarc=none action=none;

Hi Marin,

On 31/01/2021 23:38, Martin Pauly wrote:

I have a BQ Auqaris X Pro running Lineage 17.1
I removed eduroam and our second SSID umrnet_staff from the WiFi settings.
I called geteduroam, entered the data and got the success message.

A look at the WiFi settings showed that the root cert is available
(probably installed by CAT before), but the setting still says "Please Select".
Sounds dangerous to me, what can we do about it ?

I myself overlooked this mail, sorry for that.

I understand your concern; if you have just one intermediate certificate it is displayed properly. If you have multiple, like with the TCS service popular in our community, it is not displayed properly in the settings. Instead, the settings show a red warning that you still need to pick one: but that's because the UI can't handle. It's just a limitation of the UI, the certificates are installed and used. So it's not insecure.

To be extra sure, I verified; and it's indeed not just the API returning "things are OK", but they are actually OK. I was unable to get online with a certificate from the same CA but with a different name, or one from other CA with the same name for that matter.


Archive powered by MHonArc 2.6.19.

Top of Page