Month: September 2022

Posted on

How to fix “CRL has expired” openvpn error on pfSense

In case of this error you need to apply a system patch called “Fix for CRL expiration lifetime default and maximum values” (a3c1589086ea67d25a28ec14ab95d7fd9ab25fa2).

Error example

VERIFY ERROR: depth=0, error=CRL has expired: C=XX, ST=XX, L=XX, O=XX, emailAddress=XX, CN=XX, serial=3
OpenSSL: error:1417C086:SSL routines:tls_process_client_certificate:certificate verify failed
TLS_ERROR: BIO read tls_read_plaintext error
TLS Error: TLS object -> incoming plaintext read error
TLS Error: TLS handshake failed

Fix

Patch example

If “System > Patches” is not available, you need to install a package called “System Patches” from “System > Package, Available package”.

Posted on

How to unlock the bootloader on Huawei P20-PRO CLT-L09 without code

This is a note on how to unlock the bootloader on a Huawei P20-PRO, in my case CLT-L09, equipped with HiSilicon Kirin 970 CPU without having a valid unlock code and without disassembling it.

But before, this is the short and sad story

A long time ago, the unlock code, necessary to do whatever the fuck you want with your device, was official given by Huawei if you request it. As of 25th July 2018, Huawei has closed this official channel.

Since you paid for your device, you have every right to tell Huawei to fuck off.

Unofficial methods

For Kirin 620, 650, 655, 658, 659, 925, 935, 950 and 960 there is the Open Source tool PotatoNV, but for the Kirin 710, 710F, 970 and 980 it doesn’t work.

Currently, the only working solution is to use DC Phoenix & HCU Client which costs 19$ for 3 days access.

If in doubt, see this app.

  1. DC Phoenix sets the phone in software “testpoint” mode.
  2. With device in “software testpoint” HCU Client can read and toggle the state of “Bootloader lock” and “FRP lock”.
  3. After unlock, DC Phoenix can remove the “testpoint” mode.
DC Phoenix
HCU Client