1 (edited by francesco 2017-08-20 08:02:17)

Topic: Fix SSL on Chumby One

I think I found a fix for the SSL issue, which is preventing some widgets to work.

Basically I've recompiled libcurl using the same version installed on the chumby but linked it to an upgraded OpenSSL library (1.0.0s). Everything else (gnutls,  hair raising c-ares, zlib etc.) stays the same.
Since the OpenSSL library is statically linked to libcurl, the impact on the rest of the system should be minimal.

This makes the update relatively simple.
It's made of three files: libcurl, curl (an executable) and an updated CA store. These files should just be copied on the Chumby file system.

Archives are available here:
tar.gz archive: http://fpalab.com/download/Chumby_SSLfix.tar.gz
zip archive: http://fpalab.com/download/Chumby_SSLfix.zip

Checksum (md5):
tar.gz archive:http://fpalab.com/download/Chumby_SSLfix.tar.md5
zip archive:http://fpalab.com/download/Chumby_SSLfix.zip.md5

Detailed instructions are in README (Unix) or readme.txt (win).

The installation does require some basic Unix knowledge and Chumby hacking and does modify the internal OS: beware as mistakes can prevent the device from booting.
And no, there is no installer yet but if the update proves to be useful I will add one.


Re: Fix SSL on Chumby One

We have a similar fix working for all of the mSD-card based chumby devices, and we were working on an installer when we had to put it aside to deal with the dash situation.

The solution for the chumby Classic is to update the firmware to version 1.7.3

We're back working on the installer.

Re: Fix SSL on Chumby One

francesco wrote:

I think I found a fix for the SSL issue, which is preventing some widgets to work.

Community participation, awesome stuff smile

Cleaning up any loose bits and bytes.

Re: Fix SSL on Chumby One

That's awesome. I wanted to look into this a couple years ago and never found the time. Thanks for sharing! Now I need to see if this will fix the issues I was having with pianobar.

Linux Guy - Occasional Chumby Hacker

Re: Fix SSL on Chumby One

Great, just let us know if that helped you.

In the meantime I've done two things.

First I've put the files on sourceforge with additional details (compile options are coming soon). 
The link is: https://chumby-ssl-fix.sourceforge.io/

Second I uploaded a new version, V2.0 This one supports sites that were giving problems during SSL negotiations.
Also, it comes with an installer, both manual and automatic (for the braves).

The automatic setup should work like this: extract all the files and directories on an USB key, rename




turn off the Chumby, insert the key, turn it back on and wait......

Manual installation is also supported and is simpler than the previous one.
Further details are in the README (readme.txt for win), which should be read before doing anything.


6 (edited by ccchuck 2017-08-31 14:41:17)

Re: Fix SSL on Chumby One

francesco wrote:

    I think I found a fix for the SSL issue.....

Duane wrote:

We have a similar fix working for a.......
.......We're back working on the installer.

While I am intrigued by francesco's possible solution, I think I will wait for yours...

eh... which might be coming... soon?

Re: Fix SSL on Chumby One

I have released Version 3 of the SSL fix for the Chumby One.

This update addresses the performance issues of the previous versions: it drops support of OpenSSL and uses mbedTLS instead.
Improvements are quite satisfying and until now I haven't had any compatibility issues.

Probably this is going to be the last release and only bug fixes or minor tweaks will follow.

If anyone wants to try it out go to https://sourceforge.net/projects/chumby-ssl-fix/

Re: Fix SSL on Chumby One

For those who don't have the Chumby One but still want to try the fix, there's a utility which can check the compatibility of their Chumby with the fix.

It's available here: https://sourceforge.net/projects/chumby … st-SSLfix/

Read the readme file, but usage is simple.

Unpack the archive and save all files and directories in a USB key, insert the key in the Chumby, turn on the Chumby and wait until the widgets are displayed.
If you can find the picture of a nice Swiss mountain in the key src directory, the test was successful.
(technical stuff is in the install.log)

For further information see the wiki.

Re: Fix SSL on Chumby One

Does this "fix" the "out of date" problem with  widget like local weather, NOAA, etc.?

Re: Fix SSL on Chumby One

Sorry for taking so long to answer.

I don't know if the SSL fix can fix that problem. However I suspect it's more related to the time settings, namely the time zone.

Re: Fix SSL on Chumby One

Has anyone tried this fix?
I am aware that it would probably not impact local weather since the app has been modified, but was hoping it might allow loading jpgs etc., via URLimage from sites using SSL.