original data as seen on pending.io

pull/1/head
mcnesium 2014-11-21 16:01:53 +01:00
parent 11786877af
commit 3a626bff6c
2 changed files with 80 additions and 0 deletions

View File

@ -2,3 +2,22 @@ b2g-certificates
================
A shell script to add root certificates to Firefox OS
*The script originates at Enrico's [pending.io](http://www.pending.io/add-cacert-root-certificate-to-firefox-os/) where the discussion came up to enhance the script. The following is the initial documentation taken from that page as well. Anyone is welcome to contribute.*
While being quite happy with my new Firefox OS phone so far, the biggest stopper for me was that, like all Mozilla products, the root certificate of [CAcert](https://www.cacert.org) was not included and so I could not access sites using certificates assured by CAcert.
Recent versions of [Gaia](https://github.com/mozilla-b2g/gaia) allow to accept untrusted site certificates in the browser but in case you want to use an IMAP server or Caldav server which is using a CAcert assured certificate, you are still stuck.
Based on a post by [Carmen Jiménez Cabezas](https://groups.google.com/forum/?fromgroups#!topic/mozilla.dev.b2g/B57slgVO3TU), I wrote a script to read the certificate database from the phone (via adb), add some certificates and then write the database back to the phone. After this procedure, the CAcert root certificate (or any other) are known by the phone and can be used. This enabled me to access my own IMAP server via SSL from the Email app and also use a self-hosted groupware as Caldav server for the Calendar app via HTTPS.
How-to
------
Save the script somewhere on your system.
Once done, add a new directory in the directory where you stored the script and place the certificates in this directory which you want to add to the phone's database. For CAcert, this would be the class 3 root certificate in PEM format as found on the [CAcert website](https://www.cacert.org/index.php?id=3).
Then simply run the script.
Note: before running the script you need to enable 'Remote debugging' in the Developer settings menu and connect your phone with your PC using a USB cable (or more general: get adb working).

View File

@ -0,0 +1,61 @@
#!/bin/bash
CERT_DIR=certs
ROOT_DIR_DB=/data/b2g/mozilla
CERT=cert9.db
KEY=key4.db
PKCS11=pkcs11.txt
DB_DIR=`adb shell "ls -d ${ROOT_DIR_DB}/*.default 2>/dev/null" | sed "s/default.*$/default/g"`
if [ "${DB_DIR}" = "" ]; then
echo "Profile directory does not exists. Please start the b2g process at
least once before running this script."
exit 1
fi
function log
{
GREEN="\E[32m"
RESET="\033[00;00m"
echo -e "${GREEN}$1${RESET}"
}
# cleanup
rm -f ./$CERT
rm -f ./$KEY
rm -f ./$PKCS11
# pull files from phone
log "getting ${CERT}"
adb pull ${DB_DIR}/${CERT} .
log "getting ${KEY}"
adb pull ${DB_DIR}/${KEY} .
log "getting ${PKCS11}"
adb pull ${DB_DIR}/${PKCS11} .
# clear password and add certificates
log "set password (hit enter twice to set an empty password)"
certutil -d 'sql:.' -N
log "adding certificats"
for i in ${CERT_DIR}/*
do
log "Adding certificate $i"
certutil -d 'sql:.' -A -n "`basename $i`" -t "C,C,TC" -i $i
done
# push files to phone
log "stopping b2g"
adb shell stop b2g
log "copying ${CERT}"
adb push ./${CERT} ${DB_DIR}/${CERT}
log "copying ${KEY}"
adb push ./${KEY} ${DB_DIR}/${KEY}
log "copying ${PKCS11}"
adb push ./${PKCS11} ${DB_DIR}/${PKCS11}
log "starting b2g"
adb shell start b2g
log "Finished."