Alternative methods of posting on DT?

citrojohn

22 Feb 2017, 15:23

I just bought the most expensive phone I've ever owned... a £50 used Blackberry Q5. (Got to fund the keyboards somehow.) However, the native browser blocks DT because of its imperfect HTTPS, and of course there's no HTTP site. I can use textise.net to view DT, but not to post - which was part of the point of buying the Q5. :x
The obvious answer is to get another browser, which is what I'll probably do, but I just wondered what other ways of posting there are. I've heard of Tapatalk of course :roll: , but are there other methods? Post by email or something?

User avatar
seebart
Offtopicthority Instigator

22 Feb 2017, 15:25

citrojohn wrote: ...because of its imperfect HTTPS
Ugh someone's gonna love to hear that... :o

citrojohn

22 Feb 2017, 15:34

seebart wrote:
citrojohn wrote: ...because of its imperfect HTTPS
Ugh someone's gonna love to hear that... :o
Oh dear, I thought it was a known thing. Sorry :oops: To be fair, I've only been using the Q5 a couple of days - I probably ought to wait till I find out how to post a screenshot, and see if DT still gets blocked in a week or so. Mind you, given Blackberry's security focus I guess they might well be over-vigilant. :)

Leaving the HTTPS aside, then: what methods / apps / programs do people use to post on DT from their phone?

User avatar
webwit
Wild Duck

22 Feb 2017, 16:12

Seems to be a Blackberry browser bug.
http://support.blackberry.com/kb/articl ... =000020833

citrojohn

22 Feb 2017, 19:07

webwit wrote: Seems to be a Blackberry browser bug.
http://support.blackberry.com/kb/articl ... =000020833
I'm fairly sure I'm not on a Blackberry Enterprise Server - just connecting directly to the Internet via a wireless LAN. The OS version's 10.3.2.2836 . I'll try with a different browser later.

Screenshots: (pardon the huge text)
Spoiler:
IMG_20170222_171108.png
IMG_20170222_171108.png (78.62 KiB) Viewed 4911 times
IMG_20170222_171116.png
IMG_20170222_171116.png (67.4 KiB) Viewed 4911 times

User avatar
Daniel

22 Feb 2017, 21:41

Maybe you can import the Lets encrypt certificate manually?

citrojohn

22 Feb 2017, 22:40

OK, I'm posting this with JumpGo (a recommended alternative browser). I got a message when the page loaded:
Connection to this site is not secure: - certificate is not trusted. Proceed anyway?
So it does seem to be Blackberry blocking the site when it would be better to ask the user. Not sure why the error comes up, but at least JumpGo lets me choose to trust DT.
Spoiler:
I have also learnt that I am never going to use Android without cursor keys... the text cursor and selection interface are ridiculous. :roll:

User avatar
webwit
Wild Duck

22 Feb 2017, 22:50

We got A+ status on https:
https://www.ssllabs.com/ssltest/analyze ... hority.net

I'm pretty sure your Blackberry doesn't support SNI. Without SNI, you need a unique IP for the https domain only, while we have a shared IP for deskthority.net, deskthority.org and deskthority.com (the "subject alternative names"). Because it has no concept of SNI, it thinks the cert is unsafe. You'll have the same problem with many sites if this is what's happening.

If that is the case, you have ancient software which needs to be updated.

User avatar
Daniel Beardsmore

22 Feb 2017, 23:25

That doesn't look like a SAN or SNI issue — it looks like the root certificate list is outdated on the phone. If the phone lacks the required intermediate and root certificates, it has no means to verify that the leaf certificate is legitimate. (The intermediate may come down from the server, but the root certificate must be stored on the client machine, as that's what legitimises the site's certificate.)

The old trick for phones with self-signed and private certificate chains was to e-mail yourself the root and intermediate certificates and then open the attachments within the phone, which would let you install them — never tried this on a BlackBerry though as they never cared. (You can export the leaf certificate from Internet Explorer and the intermediate and root certificates from the Certificates MMC snap-in in Windows; I've never tried to resolve this from a different operating system.) This does require an end-to-end e-mail path that doesn't block certificates; Outlook will let you send them as attachments but not view the attachments.

User avatar
webwit
Wild Duck

23 Feb 2017, 00:00

I guess that might also be it. Still is him, not us. :twisted:

User avatar
Daniel Beardsmore

23 Feb 2017, 00:09

The first thing to do is to make sure the OS is up-to-date — this may have been addressed in an update.

citrojohn

23 Feb 2017, 02:04

Right, I'll try those two suggestions and report back - thanks, guys. :) The OS isn't the latest, so updating might help. Do I need to have viewed DT in IE for the certificates to be accessible?

User avatar
Daniel Beardsmore

23 Feb 2017, 09:25

Nope. In theory, all you need is a root canal certificate update on the phone.

citrojohn

23 Feb 2017, 13:44

Daniel Beardsmore wrote: [...] all you need is a root canal certificate update on the phone.
I'll have to take it to the dentist. If the battery ever needs replacing I'll end up taking a drill to it anyway :twisted: ...

I just tried the native browser on my old phone (BB 8520, OS5) and got a similar "certificate is not trusted" error. (Quite surprised it worked at all, actually, given the length of time it takes to load anything normally - nowadays my other phones just give up if I don't use Opera Mini.) So presumably the 8520's got the same missing root certificate.

Post Reply

Return to “Deskthority talk”