'OS X Mavericks breaks OpenConnect with Cisco AnyConnect Secure Desktop (CSD)'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openconnect-devel
Subject:    OS X Mavericks breaks OpenConnect with Cisco AnyConnect Secure Desktop (CSD)
From:       sakutz () gmail ! com (Andrew Kutz)
Date:       2013-10-23 21:21:18
Message-ID: 17B2C9CA-4101-4B0E-9B05-53B62C3D1DAB () gmail ! com
[Download RAW message or body]

Technically Apple simply replaced the SSL engine on which libcurl depends. \
Unfortunately this broke the Cisco cstub binary. Below is what I reported to Cisco. \
I?m happy to say that the workaround I provided also allows OpenConnect to connect to \
AnyConnect with CSD once again. 


-~= The Problem(s)=~-

1. CSD refuses to load from within Safari because of the new sandboxing rules.
 
java(67861) deny file-write-data /Users/akutz/.cisco/hostscan/bin/cstub 

Process: java [67861]
Path: /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/bin/java
Load Address: 0x106dd3000
Identifier: java
Version: ??? (???)
Code Type: x86_64 (Native)
Parent Process: PluginProcess [67853]

Date/Time: 2013-10-23 13:00:43.513 -0500
OS Version: Mac OS X 10.9 (13A603)
Report Version: 8
 
2. Using Firefox (since Chrome still isn't 64-bit and compatible with Java plugins), \
I run into an issue seemingly related to Apple changing the SSL engine on which \
libcurl depends. The Cisco Secure Desktop client stub binary, cstub stud, cannot load \
libcurl because cstub claims libcurl doesn't support SSL because I'm betting it's \
trying to assert that it support openssl (which it no longer does -- by design).


 
-~= The Workaround =~-

I was able to get it to work by copying /usr/lib/libcurl.4.dylib from my wife's 10.8 \
system and placing it in /usr/lib on mine (after backing up the distribution copy of \
course).  
I also copied /usr/bin/curl and /usr/bin/curl-config over from her system, but I \
don't think that was necessary since as you can see both curl binaries report the \
same, now working, version of libcurl:  
[0]akutz at b3dg:.vpn$ /usr/bin/curl --version
curl 7.24.0 (x86_64-apple-darwin12.0) libcurl/7.24.0 OpenSSL/0.9.8y zlib/1.2.5
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp \
                smtp smtps telnet tftp 
Features: AsynchDNS GSS-Negotiate IPv6 Largefile NTLM NTLM_WB SSL libz 
 
[0]akutz at b3dg:.vpn$ /usr/bin/curl.dist --version
curl 7.30.0 (x86_64-apple-darwin13.0) libcurl/7.24.0 OpenSSL/0.9.8y zlib/1.2.5
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp \
                smtp smtps telnet tftp 
Features: AsynchDNS GSS-Negotiate IPv6 Largefile NTLM NTLM_WB SSL libz
 
I posted the files to http://files.lostcreations.com/curl-libcurl-os-x-10.8.tgz. The \
MD5 checksum of the tarball is 15c79f5b061503ccc56e745761ebffbc.

-- 
-a

"I wonder if procrastinators realize that they're not putting off work, just putting \
it off onto other people?" 


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic