[prev in list] [next in list] [prev in thread] [next in thread]
List: openconnect-devel
Subject: OS X Mavericks breaks OpenConnect with Cisco AnyConnect Secure Desktop (CSD)
From: sakutz () gmail ! com (Andrew Kutz)
Date: 2013-10-23 21:21:18
Message-ID: 17B2C9CA-4101-4B0E-9B05-53B62C3D1DAB () gmail ! com
[Download RAW message or body]
Technically Apple simply replaced the SSL engine on which libcurl depends. \
Unfortunately this broke the Cisco cstub binary. Below is what I reported to Cisco. \
I?m happy to say that the workaround I provided also allows OpenConnect to connect to \
AnyConnect with CSD once again.
-~= The Problem(s)=~-
1. CSD refuses to load from within Safari because of the new sandboxing rules.
java(67861) deny file-write-data /Users/akutz/.cisco/hostscan/bin/cstub
Process: java [67861]
Path: /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/bin/java
Load Address: 0x106dd3000
Identifier: java
Version: ??? (???)
Code Type: x86_64 (Native)
Parent Process: PluginProcess [67853]
Date/Time: 2013-10-23 13:00:43.513 -0500
OS Version: Mac OS X 10.9 (13A603)
Report Version: 8
2. Using Firefox (since Chrome still isn't 64-bit and compatible with Java plugins), \
I run into an issue seemingly related to Apple changing the SSL engine on which \
libcurl depends. The Cisco Secure Desktop client stub binary, cstub stud, cannot load \
libcurl because cstub claims libcurl doesn't support SSL because I'm betting it's \
trying to assert that it support openssl (which it no longer does -- by design).
-~= The Workaround =~-
I was able to get it to work by copying /usr/lib/libcurl.4.dylib from my wife's 10.8 \
system and placing it in /usr/lib on mine (after backing up the distribution copy of \
course).
I also copied /usr/bin/curl and /usr/bin/curl-config over from her system, but I \
don't think that was necessary since as you can see both curl binaries report the \
same, now working, version of libcurl:
[0]akutz at b3dg:.vpn$ /usr/bin/curl --version
curl 7.24.0 (x86_64-apple-darwin12.0) libcurl/7.24.0 OpenSSL/0.9.8y zlib/1.2.5
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp \
smtp smtps telnet tftp
Features: AsynchDNS GSS-Negotiate IPv6 Largefile NTLM NTLM_WB SSL libz
[0]akutz at b3dg:.vpn$ /usr/bin/curl.dist --version
curl 7.30.0 (x86_64-apple-darwin13.0) libcurl/7.24.0 OpenSSL/0.9.8y zlib/1.2.5
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp \
smtp smtps telnet tftp
Features: AsynchDNS GSS-Negotiate IPv6 Largefile NTLM NTLM_WB SSL libz
I posted the files to http://files.lostcreations.com/curl-libcurl-os-x-10.8.tgz. The \
MD5 checksum of the tarball is 15c79f5b061503ccc56e745761ebffbc.
--
-a
"I wonder if procrastinators realize that they're not putting off work, just putting \
it off onto other people?"
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic