On Wed, Oct 27, 2010 at 6:12 PM, Steve Schultze <[email protected]>wrote:
> On Oct 27, 2010, at 5:22 PM, Brian Carlstrom wrote: > > yes, its just for VPN. the certs might be manageable under VPN settings, > but > > I've never confirmed that. I believe I've seen in the the Nexus One user > guide. > > I can't figure out how to do any of this on my G2 (Froyo). I see no place > for cert management even for VPN. I've gone through the process of setting > up a working VPN connection and still no clues. I agree, I don't see anything in the manual: http://member.america.htc.com/download/web_materials/Manual/HTC_Hero/091201_Hero_HTC_English_UM.pdf The Nexus One manual I mentioned: http://static.googleusercontent.com/external_content/untrusted_dlcp/www.google.com/en/us/googlephone/nexusone-userguide.pdf has a section "Working with secure certificates". The details are still sparse in the VPN section. However, when I ask to add a cert, I see a few types, one of which has CRT which stands for certificate I believe. <http://member.america.htc.com/download/web_materials/Manual/HTC_Hero/091201_Hero_HTC_English_UM.pdf> > In that case, there needs to be some mechanism for specifying removal or > disabling certs in that store in a user-writeable location (maybe > /data/misc/keystore is the place). NSS does this by having a read-only > default cert store but user settings that essentially get overlaid on top. > http://code.google.com/p/android/issues/detail?id=11231 <http://code.google.com/p/android/issues/detail?id=11231> > Have you figured out where the email and browser look for certs? > CACert.org seems to think they look at /system/security/cacerts.bks > http://wiki.cacert.org/ImportRootCert#Android_Phones yes, that is used by javax.net.ssl.SSLSocket This guy says it's the "Dalvik library's SSL implementation": > http://code.google.com/p/android/issues/detail?id=9152#c1 which is what I work on, I've very confident about how email and browser works, just not the VPN (and apparently WiFi) use of the KeyStore. -bri -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
