Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Other A proxy to fix HTTPS issues on old versions of OS X
- Thread starter Wowfunhappy
- Start date
- Sort by reaction score
No, but you could maybe use this instead.
Yes, you absolutely can! But since I've never used Squid on a PC I can't tell you exactly what to do, although the squid.conf in my package may be useful as a starting point.
Ok, so I installed MacOS 10.6 and installed the proxy app, and my main use is music but i got this error on itunes
what can I do ?
Because I want to add my Apple account to download artwork
what can I do ?
Because I want to add my Apple account to download artwork
The proxy fixes https connection issues. So if the reason an app can't connect to the internet is because of https incompatibilities, the proxy will fix it.
If there's some other reason the app can't connect (for example if the servers for an old version of an app have been shut down), the proxy isn't going to magically fix it, I'm sorry.
I don't use iTunes but my guess is that Snow Leopard iTunes simply doesn't work anymore.
If there's some other reason the app can't connect (for example if the servers for an old version of an app have been shut down), the proxy isn't going to magically fix it, I'm sorry.
I don't use iTunes but my guess is that Snow Leopard iTunes simply doesn't work anymore.
the proxy seems to be interfering with game center:
the first image is without the proxy, the second one is with the proxy
perhaps it could be configured to exclude *.gc.apple.com?
the first image is without the proxy, the second one is with the proxy
perhaps it could be configured to exclude *.gc.apple.com?
Can you try excluding that domain in System Preferences? This can be done in Network → Advanced → Proxies → "Bypass proxy settings for these Hosts & domains".
Hi, idk if anyone else is having this mistake but Safari 4.0.5 and 5.0.0 aren't even loading https websites anymore. i get this error:
"Internal Error: Missing Template ERR_DNS_FAIL"
Furthermore, iTunes 9.2.1 (Which had been working up until today for me) complains about the store not being available. Is there an issue with the proxy, or have all the websites updated their certificates at the same time?
"Internal Error: Missing Template ERR_DNS_FAIL"
Furthermore, iTunes 9.2.1 (Which had been working up until today for me) complains about the store not being available. Is there an issue with the proxy, or have all the websites updated their certificates at the same time?
OK yeah i don't even know how to install this. I've downloaded the .go file from https://gist.github.com/Wowfunhappy/61dd39eab3df18ee53b39f3447e9e204 and uhhh. yeah that's all i've done. I support the decision of having the proxy move over to the go model if the pkg file makes installation dummy friendly.
Just FYI, I'm still hoping to replace Squid with a Go-based Proxy. Stuff is happening: https://github.com/Wowfunhappy/legacy-mac-proxy-go/tree/master
It's based off of the code that @f54da recommended, and then (because I still don't know Go) I had an AI help me:
It's based off of the code that @f54da recommended, and then (because I still don't know Go) I had an AI help me:
- Add AIA Chasing
- Add CPU profiling (so I could figure out how to improve performance)
- Add certificate caching (improves performance)
- Make RSA key generation asynchronous (improves performance)
- Fixed websites that use a single TLS connection for multiple requests (I don't really understand this one, but without it many websites don't work properly, such as The New York Times.)
Post in thread 'Safari & Other Browsers Not Responding Issue...'
https://forums.macrumors.com/thread...rs-not-responding-issue.2449776/post-33789134
https://forums.macrumors.com/thread...rs-not-responding-issue.2449776/post-33789134
>Fixed websites that use a single TLS connection for multiple requests
Don't most websites do that, since HTTP 1.1 can reuse the same tcp connection? I don't know much about Go or else I'd help with code review, but Go should have a good profiler as you've already noted so you should be able to optimize out any hot loops.
Also for bonus points you should see if you can integrate this with es-build go package to transpile requested JS files down to ecmascript15 or something. That should get things working with Safari I think, or at least allow it to work with older browsers.
Don't most websites do that, since HTTP 1.1 can reuse the same tcp connection? I don't know much about Go or else I'd help with code review, but Go should have a good profiler as you've already noted so you should be able to optimize out any hot loops.
Also for bonus points you should see if you can integrate this with es-build go package to transpile requested JS files down to ecmascript15 or something. That should get things working with Safari I think, or at least allow it to work with older browsers.
Last edited:
I think I did! There's no one thing that's clearly consuming most CPU time, and as I said, just from watching Activity Monitor it's pretty good on resource usage overall. I still think it's a little more CPU hungry than Squid but it's really hard to tell since I'm not doing a particularly scientific test here. It's definitely not heavy.
No clue. What happened was that with the original code, I noticed that parts of various websites were broken, and on the New York Times in particular, if you tried to load more than one web page without restarting the proxy in between, subsequent pages would be completely blank. This commit fixes it.
I told the AI (Claude Code) to add logging to figure out what was going on, and "we" went through many rounds where it would make changes and add additional logging until suddenly everything worked. I asked it to explain what the problem was, and it said something about how the proxy previously didn't support reusing requests.
Do you happen to have the transcript and can paste exactly what Claude said? Looking at it I think the bug had something to do with use of oneShotDialer.
Also that copyData func looks like it could be optimized further, IIRC golang has some inbuilt primitive to copy data between channels. But I don't know if it works with net.Conn type. Try asking Claude if that can be optimized?
Also if you haven't already could always copy-paste the thing to Gemini 2.5 and ask it for optimization possibilities.
Also that copyData func looks like it could be optimized further, IIRC golang has some inbuilt primitive to copy data between channels. But I don't know if it works with net.Conn type. Try asking Claude if that can be optimized?
Also if you haven't already could always copy-paste the thing to Gemini 2.5 and ask it for optimization possibilities.
Unfortunately, I didn't save that Terminal session. I did ask a fresh session of Claude to explain the commit just now:
Yep, that worked!
Use io.Copy · Wowfunhappy/legacy-mac-proxy-go@84ac731
A mitm proxy which can be used to fix https connection issues in legacy versions of Mac OS X. - Use io.Copy · Wowfunhappy/legacy-mac-proxy-go@84ac731
github.com
Now that the proxy is trusting certificates based on Keychain Access instead of shipping its own CA store, it will fail to connect if Keychain Access has outdated root certificates. This is a good problem to have, but it means the installer will need to be responsible for adding some root certificates to Keychain Access in order for things to work.
I want to do this carefully, adding only the minimum number of certificates needed for 99% of websites to work.
We definitely need to add ISRG Root X1. Some quick browsing around indicated we may also need GlobalSign Root R6. Are there others? Not sure how to best go about this.
Also, at uninstall time, I'm probably going to leave all the certificates in place since I won't know if they came from our installer or the user or something else... I think that's reasonable, right?
I want to do this carefully, adding only the minimum number of certificates needed for 99% of websites to work.
We definitely need to add ISRG Root X1. Some quick browsing around indicated we may also need GlobalSign Root R6. Are there others? Not sure how to best go about this.
Also, at uninstall time, I'm probably going to leave all the certificates in place since I won't know if they came from our installer or the user or something else... I think that's reasonable, right?
Here's a bunch of them!!! Installing most of these on iOS 6 fixed iCloud. I don't remember which they are, though...
http://tlsroot.litten.ca/>Some quick browsing around indicated we may also need GlobalSign Root R6
Didn't know about this one, it seems extremely recent? I have a Systems cert bundle copied over from Catalina and it doesn't include it. Looking at https://forums.macrumors.com/thread...i-try-to-access-forums-macrumors-com.2418642/ it seems Monterey was the first to have it. That's extremely recent, basically everything before 2020 is "obsolete"? On the flipside I haven't actually noticed any websites missing.
And according to https://support.globalsign.com/ssl/general-ssl/removal-tls-trust-bit-roots-r1-and-r3-mozilla R6 itself will be untrusted by Mozilla on 2029, which I guess implies that they'll move to Root R46. Wtf this seems way too fast.
Edit: I think for now most (all?) sites are serving R6 cross-signed with R1 as the intermediate.
Didn't know about this one, it seems extremely recent? I have a Systems cert bundle copied over from Catalina and it doesn't include it. Looking at https://forums.macrumors.com/thread...i-try-to-access-forums-macrumors-com.2418642/ it seems Monterey was the first to have it. That's extremely recent, basically everything before 2020 is "obsolete"? On the flipside I haven't actually noticed any websites missing.
And according to https://support.globalsign.com/ssl/general-ssl/removal-tls-trust-bit-roots-r1-and-r3-mozilla R6 itself will be untrusted by Mozilla on 2029, which I guess implies that they'll move to Root R46. Wtf this seems way too fast.
Edit: I think for now most (all?) sites are serving R6 cross-signed with R1 as the intermediate.
Thank you very much for your strength with this proxy, it has helped me use my favorite system as almost main.
Would you have a scheduled release date for this new Legacy-MAC-Proxy?
No promises but I'm officially on summer break, and the plan from now until September is to catch up on all the OS X projects I've been putting off.