- Berlin, Germany
- https://laforge.gnumonks.org
- Joined on
2024-01-27
Hi @retrofreak83 - thanks for taking some time to help me out here.
First of all,
LocalProfileInfois an imported class, coming from another project, so extending it directly is difficult,…
Note: I really have absolutely no existing clue about Android development or the Kotlin language, but still decided to have a look if I can add the related functionality. Sadly, it's not as easy…
I thought we already had the discussion - and indeed this is a duplicate of #30 from 3 months ago.
I am not sure what the original rationale for hiding test profiles is. But I think the following two approaches would work while keeping that rationale:
- if the currently enabled profile is a…
I am not sure what the original rationale for hiding test profiles is. But I think the following two approaches would work while keeping that rationale:
- if the currently enabled profile is a…
Normally (only operational profiles), enabling the new eSIM profile would automatically disable the old profile.
However, GSMA SGP.22 v2.5 Sectin 5.7.16 explicitly states "verify ... if the…
Normally (only operational profiles), enabling the new eSIM profile would automatically disable the old profile.
However, GSMA SGP.22 v2.5 Sectin 5.7.16 explicitly states "verify ... if the…
what's odd is that the authoritkeyidentifier / subjectkeyidentifier of the SGP.26 v1 NIST CI certificate i s f54172bdf98a95d65cbeb88a38a1c11d800a85c3 (also in your RootCertificates.kt file) -…
Actually the standard mandates that the first TLS certificate sent is the sender (server) certificate, followed by any other crtificates. See: https://www.rfc-editor.org/rfc/rfc5246#section-7.4.2 …
First of all: Thanks a lot for your effort!
I didn't have a chance to test it until today. However, it doesn't appear to be working, sorry.
I configured smdpp.test.rsp.sysmocom.de to…
I now wonder if it is even necessary for the LPA to verify the TLS cert at all, given that the eUICC is not supposed to accept arbitrary BPP anyway.
I thin it's mostly about privacy /…
It looks like many production SM-DP+ servers do not actually send the full certificate chain, and therefore we cannot verify CERT.DP.TLS against CERT.CI.ECDSA without hard-coding the CI cert.…
An interim solution that can be implemented a bit faster would be an option that allows the user to supply a custom CI public key, or an option to disable the check on the TLS side altogether.
…