Subject: An open discussion list for topics related to the geteduroam service
Re: Cert setting not configured by geteduroam on Lineage Phone
- From: Paul Dekkers <paul.dekkers AT surf.nl>
- To: Martin Pauly <pauly AT hrz.uni-marburg.de>, geteduroam AT lists.geant.org
- Subject: Re: Cert setting not configured by geteduroam on Lineage Phone
- Date: Thu, 25 Feb 2021 21:30:01 +0100
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=surf.nl; dmarc=pass action=none header.from=surf.nl; dkim=pass header.d=surf.nl; arc=none
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=mp8jpPZAD0TTjIvtGQr0oCnI2jr3B09fNnkCevzbv3w=; b=XyNtRTsAQKInjeftmNighuF4NwlgHXB6ftP2lv4aqwfG659AVcV6UuvPq2Fic2GG4RW1hq21aQujF+2ZY91hj4v1bpaeXYfsy9bcqEa3LuxxyKZeuR7IvLXC/xMrtbov0ehQJz4WRX2ioQ7UJQlcJXiLyF9/kWzIq71hPSshEOMyAFb2AWYe9L+HwlcJ2g50hPAZZtWp5vJw/MWTiWQU/pkxz8sVLnXmtOWUGJdXXN46DUlfyfuwYPgErwygHTHrtPKPBXIsvml8VIUKjoG1U7A8HLNwjAdM6SiO2NWBx21Mvvk/950vHy8w9bfASCav0dThMrKU+M1kYAGB3IuFvg==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=HrYsrc/CXE1XyuBHJVtB4Jn2C1Y2Q3OBhaXfR3QUPFoQ00e7CPoKsvdisR1pDvW5EZMiWiU/2MM7WRJcx51uwfEpDWQjXLDgufDnUgxRoV4WkMmrPEgV3zrkGLWxNUjqbvAi3+9nkXkFMP/sM7kqqvTP/mlocM9ym70GzJxjP7DiIeyCOx4w0EzYM+RuquHHadDxHcAwqdquYNDY0OoorEVutfniii0+lI9hZgyXa88pwGt73g5EOUq00FXu1wGoCBp4wpQeHfl2uES1tYGIFi51wFe75YETGnZ1Kia8A0oqAfEnQK5Zw2gZyCyoRJCVnUAxp0cvdYViIsPceTvjHQ==
- Authentication-results: surf.nl; dkim=none (message not signed) header.d=none;surf.nl; dmarc=none action=none header.from=surf.nl;
On 31/01/2021 23:38, Martin Pauly wrote:
I have a BQ Auqaris X Pro running Lineage 17.1
I removed eduroam and our second SSID umrnet_staff from the WiFi settings.
I called geteduroam, entered the data and got the success message.
A look at the WiFi settings showed that the root cert is available
(probably installed by CAT before), but the setting still says "Please Select".
Sounds dangerous to me, what can we do about it ?
I myself overlooked this mail, sorry for that.
I understand your concern; if you have just one intermediate certificate it is displayed properly. If you have multiple, like with the TCS service popular in our community, it is not displayed properly in the settings. Instead, the settings show a red warning that you still need to pick one: but that's because the UI can't handle. It's just a limitation of the UI, the certificates are installed and used. So it's not insecure.
To be extra sure, I verified; and it's indeed not just the API returning "things are OK", but they are actually OK. I was unable to get online with a certificate from the same CA but with a different name, or one from other CA with the same name for that matter.
- Re: Cert setting not configured by geteduroam on Lineage Phone, Paul Dekkers, 02/25/2021
- Re: Cert setting not configured by geteduroam on Lineage Phone, Martin Pauly, 02/27/2021
Archive powered by MHonArc 2.6.19.