Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Other A proxy to fix HTTPS issues on old versions of OS X
- Thread starter Wowfunhappy
- Start date
- Sort by reaction score
When proxy is fully turned on now after I rebooted everything works okay just as before that. Except that proxy or not, I for some reason have to always enter my password to sync the fruux address book. Which never happens on High Sierra. I'm not even sure whether this issue has anything to do with the proxy.
Not sure whether I have answered your question though. Feel free to ask whatever might be helpful.
Not sure whether I have answered your question though. Feel free to ask whatever might be helpful.
Okay, so then it's not an issue with the proxy. OS X's caldav/carddav support is a bit funky. You might actually try reaching out to fruux, since the extensive compatibility table on their website makes me think they might be open to supporting an old operating system.
It so happens that I was recently having an issue similar to yours with my self-hosted caldav/carddav server. In my case, it was caused by an uppercase letter in my username. When I made my username (on the server) all lower-case, everything worked. It's probably not the same issue, but I thought I'd share.
I have an older mac mini and recently wiped and reinstalled Mountain Lion on it. I have not been able to get Messages (iMessage) to set up correctly, and get an error every time that I try and sign in to my Apple ID. In searching around, I found this thread and your proxy solution has fixed a number of other issues on the machine...thanks!
But, I still cannot log into iMessage using my Apple ID.
The message in the UI is: The server encountered an error processing registration. Please try again later.
The error I see in the Console is:
[Warning] FTMessageDelivery failed! (HTTP Status Code: 0) Error (NSURLErrorMondain:-1200): An SSL error has occurred and a secure connection to the server cannot be made. https://profile.ess.apple.com/WebObjects/VCProfileService.woa/wa/authenticateUser
If you have any pointers, that would be great.
But, I still cannot log into iMessage using my Apple ID.
The message in the UI is: The server encountered an error processing registration. Please try again later.
The error I see in the Console is:
[Warning] FTMessageDelivery failed! (HTTP Status Code: 0) Error (NSURLErrorMondain:-1200): An SSL error has occurred and a secure connection to the server cannot be made. https://profile.ess.apple.com/WebObjects/VCProfileService.woa/wa/authenticateUser
If you have any pointers, that would be great.
So, unfortunately, although this is the type of error the proxy would normally resolve, in this case Apple won't let us fix it! Apple uses what's called "Certificate Pinning" for iMessage, which means they will not accept any SSL certificates other than the original one. So, if we were to intercept the traffic between the iMessage app and Apple's servers, iMessage would see that the traffic was signed with a different certificate and refuse to use it.
To avoid this, the proxy is set up to not modify any traffic to and from ess.apple.com. This allows iMessage to work on 10.9 and above, where the OS's native HTTPS capabilities are advanced enough for iMessage, but it means it can't do anything about Mountain Lion.
The only way to fix this would be to inject code into the iMessage app directly to tell it to use the Squid certificate. Unfortunately, attempting something like this is too much work for me, for an OS I don't use myself (I'm on Mavericks).
If you can upgrade by just one version to get to Mavericks, iMessage should work perfectly! (It does for me.)
Last edited:
...so, uh, that is a great question! For some reason Apple made Lion and Mountain Lion available last year, but Mavericks got left out. I'm kind of annoyed about it, because I consider Mavericks the best release of its era, and people are being led astray by the fact that it's the hardest to come by...
I have a DMG I've been sending out to people who PM or email me. Others have also had success with the Internet Archive, although I can't personally vouch for it: https://archive.org/details/install-os-x-mavericks_202105
Last edited:
@Wowfunhappy The Weather widget bug happened again, on the latest version of Squid. It was fine for a couple of days and this morning it's only working as I disable proxy in Network settings.
And of course there's no longer /Library/Squid/squid.pid present in the folder
And of course there's no longer /Library/Squid/squid.pid present in the folder
Last edited:
Curious. Eight years ago, I installed Mavericks on top of a 2009 machine that had Snow Leopard on it. During the short period I tried to mess around with it I found it very clumsy, especially all that stuff with the App store, login to get updates etc., basically all those things where Apple decides what's good for you and your only option is to accept it. It ended up with the second security update pushed by Apple turning the installation into something completely unrecoverable, and there was nothing left to do but reformat and re-install... Snow Leopard. Which I've been happy with ever since.
A brief addition. Recently I was subjected, quite against my will, to having to use Catalina instead of my faithful 10.6.8. Twelve days of torture.
I've talked about this in other threads, and I don't want to veer too off topic here. Put simply, however, Mavericks became a lot more stable by its final release (not unlike Snow Leopard, which erased people's hard drives early on), and if you're using it in 2022 there aren't any future updates to worry about. A lot of default settings are stupid out of the box, but you can set up the system to behave very similarly to Snow Leopard, except with significantly better app compatibility. And, I'm not even currently logged into the App Store.
Snow Leopard is also a great release, particularly if you use Rosetta, and when I say "of the era" I'm mostly comparing to Lion and Mountain Lion, because I see Mavericks as the final and most polished iteration of that trio of releases. I'll also always attempt to support 10.6 – 10.9 in my own software where I can, although I do use and recommend 10.9 myself.
Last edited:
OK, thanks, it's all noted. Maybe I'll look into it again. Could I get the dmg by PM? As long as it's not through Ggl Drive, which I can't seem to get to work on my machine anymore.
Does anyone know how to make Calibre.app work with this proxy? It's failing all connections when downloading ebook metadata. I've tried excluding it's server from the proxy's System Preferences and pointing it's own SSL cert file to the squid.pem but it's still not working.
I've been perusing the Mobileread Calibre forum for suggestions but can't find any that work. Any ideas would be appreciated!
I've been perusing the Mobileread Calibre forum for suggestions but can't find any that work. Any ideas would be appreciated!
Attachments
Last edited:
You need to set a --no-proxy-server flag for chrome so it uses the keychain, then install the 'ISRG Root X1' certificate separately.
Last edited:
I'd hate to reinstall the system from the scratch.
When I tried to send an iMessage to someone it wouldn't get through and wouldn't duplicate on the iPhone.
Checked Console -
2/15/22 12:20:35.962 AM identityservicesd[204]: [Warning] FTMessageDelivery failed! (HTTP Status Code: 0) Error (kCFErrorDomainCFNetwork:310): There was a problem communicating with the secure web proxy server (HTTPS). https://query.ess.apple.com/WebObjects/QueryService.woa/wa/query?uri=mailto:doctor@icloud.com
2/15/22 12:20:41.965 AM identityservicesd[204]: [Warning] FTMessageDelivery failed! (HTTP Status Code: 0) Error (kCFErrorDomainCFNetwork:310): There was a problem communicating with the secure web proxy server (HTTPS). https://query.ess.apple.com/WebObjects/QueryService.woa/wa/query?uri=tel:+972538889885
2/15/22 12:20:45.864 AM identityservicesd[204]: [Warning] FTMessageDelivery failed! (HTTP Status Code: 0) Error (kCFErrorDomainCFNetwork:310): There was a problem communicating with the secure web proxy server (HTTPS). https://query.ess.apple.com/WebObjects/QueryService.woa/wa/query?uri=mailto:mavericksuser@me.com
2/15/22 12:20:45.965 AM com.apple.SecurityServer[15]: Killing auth hosts
2/15/22 12:20:45.965 AM com.apple.SecurityServer[15]: Session 100114 destroyed
After I had unchecked HTTPS Proxy in Network Settings everything went through. Is there a chance I need an older version of Squid to have everything work as it should? Is there one archived?
Or my system is permanently screwed somehow?
When I tried to send an iMessage to someone it wouldn't get through and wouldn't duplicate on the iPhone.
Checked Console -
2/15/22 12:20:35.962 AM identityservicesd[204]: [Warning] FTMessageDelivery failed! (HTTP Status Code: 0) Error (kCFErrorDomainCFNetwork:310): There was a problem communicating with the secure web proxy server (HTTPS). https://query.ess.apple.com/WebObjects/QueryService.woa/wa/query?uri=mailto:doctor@icloud.com
2/15/22 12:20:41.965 AM identityservicesd[204]: [Warning] FTMessageDelivery failed! (HTTP Status Code: 0) Error (kCFErrorDomainCFNetwork:310): There was a problem communicating with the secure web proxy server (HTTPS). https://query.ess.apple.com/WebObjects/QueryService.woa/wa/query?uri=tel:+972538889885
2/15/22 12:20:45.864 AM identityservicesd[204]: [Warning] FTMessageDelivery failed! (HTTP Status Code: 0) Error (kCFErrorDomainCFNetwork:310): There was a problem communicating with the secure web proxy server (HTTPS). https://query.ess.apple.com/WebObjects/QueryService.woa/wa/query?uri=mailto:mavericksuser@me.com
2/15/22 12:20:45.965 AM com.apple.SecurityServer[15]: Killing auth hosts
2/15/22 12:20:45.965 AM com.apple.SecurityServer[15]: Session 100114 destroyed
After I had unchecked HTTPS Proxy in Network Settings everything went through. Is there a chance I need an older version of Squid to have everything work as it should? Is there one archived?
Or my system is permanently screwed somehow?
Last edited:
It sounds to me like the proxy is not working on your machine at all. You said in another thread that Dashboard widgets also don't work when it's turned on. Chromium works, but Chromium is set to bypass the proxy. CalDav, CardDav and IMAP email sometimes don't use https at all, depending on the provider.
Is Squid running according to Activity Monitor? Is there anything which works which you can be sure uses the proxy? My go-to test is loading Wikipedia in the Dictionary app—does that work?
Other than the Dictionary patch, which only affects the Dictionary, there's nothing this package does which won't be undone by the uninstaller, so there's no need for a full reinstall. But I don't know what's wrong with your machine...
Last edited:
@Wowfunhappy Wikipedia in the Dictionary app is working only when HTTPS Proxy is enabled in Network preferences, otherwise not. The Weather widget is working no matter whether HTTPS Proxy on or off. Both versions of Translation widget wouldn't work either way. And last night iMessage failed with Proxy on. Squid is running in Activity Monitor all the time. There are two instances of it.
Once Wikipedia of the Dictionary app is working with Secure Proxy enabled then it means that the proxy is working, right?
There are some other errors in Console I can't understand -
2/15/22 11:26:29.285 PM com.apple.preference.network.remoteservice[4447]: *** WARNING: -[NSImage compositeToPoint
peration:fraction:] is deprecated in MacOSX 10.8 and later. Please use -[NSImage drawAtPoint:fromRectperation:fraction:] instead.
2/15/22 11:28:29.542 PM com.apple.preference.network.remoteservice[4456]: Bogus event received by listener connection:
<error: 0x7fff7812bb50> { count = 1, contents =
"XPCErrorDescription" => <string: 0x7fff7812be60> { length = 18, contents = "Connection invalid" }
}
2/15/22 11:28:40.000 PM kernel[0]: flow_divert_kctl_disconnect (0): disconnecting group 1
2/15/22 11:37:33.795 PM Console[4478]: Persistent UI failed to open file file:///Users/mavericksuser/Library/Saved%20Application%20State/com.apple.Console.savedState/window_1.data: No such file or directory (2)
This is what happens when I enable HTTPS Proxy in Network Settings-
2/15/22 11:56:19.706 PM xpcproxy[4566]: assertion failed: 13F1911: xpcproxy + 3438 [D559FC96-E6B1-363A-B850-C7AC9734F210]: 0x2
When I put the checkmark off the proxy I get
2/15/22 11:26:40.448 PM configd[18]: network changed: v4(en1:10.0.0.10) DNS Proxy! SMB
2/15/22 11:26:28.420 PM cfprefsd[155]: CFPreferences: error renaming file /Users/mavericksuser/Library/Preferences/ByHost/com.apple.loginwindow.C80B02D4-74FC-5053-98E2-7440D4FC2ACF.plist.qfiBri1 to /Users/mavericksuser/Library/Preferences/ByHost/com.apple.loginwindow.C80B02D4-74FC-5053-98E2-7440D4FC2ACF.plist.
And this is when I successfully check something on Wikipedia in a Dictionary app with proxy on -
2/15/22 11:58:08.843 PM Dictionary[4575]: Persistent UI failed to open file file:///Users/mavericksuser/Library/Saved%20Application%20State/com.apple.Dictionary.savedState/window_1.data: No such file or directory (2)
2/16/22 12:00:20.009 AM Messages[1240]: CoreAnimation: warning, deleted thread with uncommitted CATransaction; set CA_DEBUG_TRANSACTIONS=1 in environment to log backtraces.
Those are not one after the other in the raw, just the ones that caught my eye. Just in case I have Saved Application State folder empty and locked. The one in the ~/Library folder. It was made in order to not let the Mail app open its window on every reboot. In case it may mean anything.
Please let me know if you would like to check the whole log file in PM. I obviously changed usernames here in public. As I mentioned, two instances of Squid are running in Activity Monitor all the time.
It seems that the older version worked smoother although I seem to be the only one having this kind of problem. I wonder if it could be the Saved Application State folder locked.
upd: For some reason those idiot smileys appear here when there is a colon before the word operation
Once Wikipedia of the Dictionary app is working with Secure Proxy enabled then it means that the proxy is working, right?
There are some other errors in Console I can't understand -
2/15/22 11:26:29.285 PM com.apple.preference.network.remoteservice[4447]: *** WARNING: -[NSImage compositeToPoint
peration:fraction:] is deprecated in MacOSX 10.8 and later. Please use -[NSImage drawAtPoint:fromRectperation:fraction:] instead.2/15/22 11:28:29.542 PM com.apple.preference.network.remoteservice[4456]: Bogus event received by listener connection:
<error: 0x7fff7812bb50> { count = 1, contents =
"XPCErrorDescription" => <string: 0x7fff7812be60> { length = 18, contents = "Connection invalid" }
}
2/15/22 11:28:40.000 PM kernel[0]: flow_divert_kctl_disconnect (0): disconnecting group 1
2/15/22 11:37:33.795 PM Console[4478]: Persistent UI failed to open file file:///Users/mavericksuser/Library/Saved%20Application%20State/com.apple.Console.savedState/window_1.data: No such file or directory (2)
This is what happens when I enable HTTPS Proxy in Network Settings-
2/15/22 11:56:19.706 PM xpcproxy[4566]: assertion failed: 13F1911: xpcproxy + 3438 [D559FC96-E6B1-363A-B850-C7AC9734F210]: 0x2
When I put the checkmark off the proxy I get
2/15/22 11:26:40.448 PM configd[18]: network changed: v4(en1:10.0.0.10) DNS Proxy! SMB
2/15/22 11:26:28.420 PM cfprefsd[155]: CFPreferences: error renaming file /Users/mavericksuser/Library/Preferences/ByHost/com.apple.loginwindow.C80B02D4-74FC-5053-98E2-7440D4FC2ACF.plist.qfiBri1 to /Users/mavericksuser/Library/Preferences/ByHost/com.apple.loginwindow.C80B02D4-74FC-5053-98E2-7440D4FC2ACF.plist.
And this is when I successfully check something on Wikipedia in a Dictionary app with proxy on -
2/15/22 11:58:08.843 PM Dictionary[4575]: Persistent UI failed to open file file:///Users/mavericksuser/Library/Saved%20Application%20State/com.apple.Dictionary.savedState/window_1.data: No such file or directory (2)
2/16/22 12:00:20.009 AM Messages[1240]: CoreAnimation: warning, deleted thread with uncommitted CATransaction; set CA_DEBUG_TRANSACTIONS=1 in environment to log backtraces.
Those are not one after the other in the raw, just the ones that caught my eye. Just in case I have Saved Application State folder empty and locked. The one in the ~/Library folder. It was made in order to not let the Mail app open its window on every reboot. In case it may mean anything.
Please let me know if you would like to check the whole log file in PM. I obviously changed usernames here in public. As I mentioned, two instances of Squid are running in Activity Monitor all the time.
It seems that the older version worked smoother although I seem to be the only one having this kind of problem. I wonder if it could be the Saved Application State folder locked.
upd: For some reason those idiot smileys appear here when there is a colon before the word operation
Last edited:
Okay, now I'm even more confused! Yes, the proxy is clearly working!
I really want to offer a suggestion but I since I can't replicate the problem... I don't know how to debug something like this without the computer in front of me. (Those console messages are completely unrelated to the proxy.)
When you uninstall the proxy, does everything seem to be actually getting deleted? No Squid folder? No certificate in Keychain Access?
You're welcome to try an older version. My site is hosted on Github Pages so the version history for everything I've ever uploaded there is public. I can't imagine why an older version would work better, but I also have no idea what's going on. (I do ask you don't post in this thread about problems you encounter with an old version, as that could get very confusing for me!)
I haven't checked the certificate when I was uninstalling but there were messages in Terminal that Wowfunhappy receipts were missing while I was uninstalling through your script. As I was checking the Activity Monitor there were no instances of Squid after removal.
No prob, no posting about problems with the older version. And thank you for the link.
So the locked Saved Application State folder unrelated to this issue, what do you think?
That's normal!
It shouldn't be, but I have no idea what's happening on your machine at this point.
Most of my issues seem to have been resolved by changing Location from Automatic to a generic one in Network Preferences. Translation widget still fails for some reason but I can live without it as long as everything else works properly.
And this article I found somewhere for sure has given me problems
After unlocking the file I could switch back to Automatic location in Network settings and everything was back to normal.
My bad.
And this article I found somewhere for sure has given me problems
1. Close all windows and quit all apps.
2. In Finder, hold down the Option key and click ‘Go’ in the menu bar at the top.
3. Choose ‘Library’ (you have to have the Option key held down to see Library in the menu).
4. Navigate to Library > Preferences > ByHost > com.apple.loginwindow.[xxxxxxxxx].plist
The [xxxxxxxx] represent some interminable string of numbers and letters. Don’t mistake it for the similarly entitled Unix executable file. What you need to check is that its ‘loginwindow’ and ‘.plist’ at the end.
5. When you’re sure you’ve identified the right file, select it and press Cmd-i to show the ‘Get Info’ window. Click the ‘Locked’ option.
6. Now, test that it works. Close the ‘Get info’ window and the finder window. Open up Safari, Preview and a couple of windows. Do a restart and behold — if you followed the instructions correctly — a clean desktop!
Now, a small word of caution. One thing this trick won’t do is stop your apps like Safari and Preview from re-opening the last page/file when you manually fire them up after restart. In order to get them to forget your last opened page/file, you also need to do this:
7. Go to the ~/Library/ Saved Application State folder.
8. Select all the contents inside and send them to Trash.
9. Right-click on the Saved Application State folder’s icon and choose ‘Get Info’ (or press cmd-i).
10. Click the ‘Locked’ option. If it’s greyed out, go down to the padlock at the bottom, click on that and enter your password. You should now be able to check the ‘Locked’ option.
And finally, after those ten (phew…) steps…no more Resume!
2. In Finder, hold down the Option key and click ‘Go’ in the menu bar at the top.
3. Choose ‘Library’ (you have to have the Option key held down to see Library in the menu).
4. Navigate to Library > Preferences > ByHost > com.apple.loginwindow.[xxxxxxxxx].plist
The [xxxxxxxx] represent some interminable string of numbers and letters. Don’t mistake it for the similarly entitled Unix executable file. What you need to check is that its ‘loginwindow’ and ‘.plist’ at the end.
5. When you’re sure you’ve identified the right file, select it and press Cmd-i to show the ‘Get Info’ window. Click the ‘Locked’ option.
6. Now, test that it works. Close the ‘Get info’ window and the finder window. Open up Safari, Preview and a couple of windows. Do a restart and behold — if you followed the instructions correctly — a clean desktop!
Now, a small word of caution. One thing this trick won’t do is stop your apps like Safari and Preview from re-opening the last page/file when you manually fire them up after restart. In order to get them to forget your last opened page/file, you also need to do this:
7. Go to the ~/Library/ Saved Application State folder.
8. Select all the contents inside and send them to Trash.
9. Right-click on the Saved Application State folder’s icon and choose ‘Get Info’ (or press cmd-i).
10. Click the ‘Locked’ option. If it’s greyed out, go down to the padlock at the bottom, click on that and enter your password. You should now be able to check the ‘Locked’ option.
And finally, after those ten (phew…) steps…no more Resume!
My bad.
Last edited:
Jonathan,
With the latest version of your proxy, I am unable to use the proxy in an regular non-administrator account. You fixed this bug earlier but it looks like it has resurfaced.
I.E. I installed the proxy on my Mac running Lion in an Admin account. It works great! But When I log out and log into a regular non-admin account, the proxy no longer runs. I tried reinstalling the proxy. It does not fix the issue.
I hope you can fix it.
With the latest version of your proxy, I am unable to use the proxy in an regular non-administrator account. You fixed this bug earlier but it looks like it has resurfaced.
I.E. I installed the proxy on my Mac running Lion in an Admin account. It works great! But When I log out and log into a regular non-admin account, the proxy no longer runs. I tried reinstalling the proxy. It does not fix the issue.
I hope you can fix it.
Like before... When logged into an admin account, the output of the following shows squid listening:
But the minute I log out and log into a non-admin account, squid appears to stop and disappear. When I open a Terminal and "su" into an admin account, the output of the following is nothing!
Code:
sudo lsof -i tcp -stcp:listen | grep squidBut the minute I log out and log into a non-admin account, squid appears to stop and disappear. When I open a Terminal and "su" into an admin account, the output of the following is nothing!
Code:
sudo lsof -i tcp -stcp:listen | grep squid?
??
?
Code:
2022/04/26 19:34:31| FATAL: failed to open /tmp/squid.pid: (13) Permission denied
exception location: File.cc(190) open?
Thanks, I'll have to fix that later this week.
Last edited:
Thanks. I need the proxy running so I can access my files stored in the sync.com cloud.
By the way, the Sync.com legacy client for Mac OS X 10.6 to 10.10 still works great but it will not work without your squid proxy running. Looks like the sync.com cloud requires newer SSL/TLS than that provided by legacy Mac OS X.
The legacy client can be found here:
P.S. If anyone wants to create a free account with sync.com, please use the following link (which will give me more storage space for the referral):
www.sync.com
By the way, the Sync.com legacy client for Mac OS X 10.6 to 10.10 still works great but it will not work without your squid proxy running. Looks like the sync.com cloud requires newer SSL/TLS than that provided by legacy Mac OS X.
The legacy client can be found here:
P.S. If anyone wants to create a free account with sync.com, please use the following link (which will give me more storage space for the referral):
Sync | Secure Cloud Storage, File Sharing and Document Collaboration
Secure file storage and collaboration that helps you stay safe, secure and connected in the cloud.
www.sync.com