On Oct 27, 2010, at 5:22 PM, Brian Carlstrom wrote: > yes, its just for VPN. the certs might be manageable under VPN settings, but > I've never confirmed that. I believe I've seen in the the Nexus One user > guide.
I can't figure out how to do any of this on my G2 (Froyo). I see no place for cert management even for VPN. I've gone through the process of setting up a working VPN connection and still no clues. > > On a possibly relevant note, it seems like the Kestore-service certs live in > > /system/etc/security/. On my G2, this memory is write-protected. Does this > > have an effect on the ability to install custom certs? (I will not digress > > into my extreme distaste for the G2 write-protect regime, which I imagine > > you can appreciate). > > > > The /system partition is read-only. This doesn't have anything to do > with the G2. /system/etc/security contains a readonly cacerts.bks which > contains the system CA certs. The keystore process seems to be using > /data/misc/keystore for storage. In that case, there needs to be some mechanism for specifying removal or disabling certs in that store in a user-writeable location (maybe /data/misc/keystore is the place). NSS does this by having a read-only default cert store but user settings that essentially get overlaid on top. Have you figured out where the email and browser look for certs? CACert.org seems to think they look at /system/security/cacerts.bks http://wiki.cacert.org/ImportRootCert#Android_Phones This guy says it's the "Dalvik library's SSL implementation": http://code.google.com/p/android/issues/detail?id=9152#c1 -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
