SSL and Frontier

36 views
Skip to first unread message

h4ns...@gmail.com

unread,
Mar 10, 2015, 3:01:56 PM3/10/15
to fronti...@googlegroups.com
Hi all,

I have to run an old Frontier 7 install on a Mac with system 9.2 with SSL.

So far I only found TLS.root to get it done, but it needs a license 350 $ to run it - sold by defunct Userland.

My installation only returns:
"TLS Server: No License
No valid license for the TLS server has been found. See http://tls.macrobyte.net/ for information on purchasing and installing licenses."

So gather that I am stuck here, right? Are there other options get SSL on Mac 9.2?

Yes, I know I am 10 or so years late to the party. Or are there options to run a SSL server for OS X?

Best regards,
Hans

Ted Howard

unread,
Mar 10, 2015, 4:47:23 PM3/10/15
to fronti...@googlegroups.com

Take a look at this link:

http://worknotes.scripting.com/october2012/101312ByDw/tlsrootOnWindows

I realize that the language is Windows specific, but if memory serves, this also includes a PPC Mac version. The OS X workaround mentioned on the blog post was because we didn’t have the source to the TLS dll and couldn’t rebuild it for Intel.


Ted


h4ns...@gmail.com

unread,
Mar 11, 2015, 6:47:53 AM3/11/15
to fronti...@googlegroups.com
Thanks, Ted - tried it on our PPC Mac before posting.

Install ran fine, tls.dll is in the appropriate folder, but tls.licensing.checkLicense() fails to run - seems that the httpsServer won't work without one, the httpsClients works.

on checkLicense( ) {
    local( dllPath = file.folderFromPath( Frontier.getProgramPath( ) ) + "DLLs" + file.getPathChar( ) + "tls.dll" );
    return boolean( dll.call( dllPath, "checkLicense" ) )}

I re-ran the install, deleted everything before: TLS Server: No License...

Just tried to check http://tls.macrobyte.net , but the site is offline today.

Is there a way to "generate" a license or re-use an existing one?

Dave Winer

unread,
Mar 11, 2015, 9:49:38 AM3/11/15
to fronti...@googlegroups.com
This is for you...


Dave

--
You received this message because you are subscribed to the Google Groups "frontier-user" group.
To unsubscribe from this group and stop receiving emails from it, send an email to frontier-use...@googlegroups.com.
Visit this group at http://groups.google.com/group/frontier-user.
For more options, visit https://groups.google.com/d/optout.


--
Typed on an iPad with fat fingers.

h4ns...@gmail.com

unread,
Mar 11, 2015, 10:31:21 AM3/11/15
to fronti...@googlegroups.com, da...@smallpicture.com
 Dave Winer:
This is for you...

Thanks Dave, I already tried OPML. Is the OPML verb kernel(webserver.server) able to de/encrypt SSL traffic?

How would I configure OPML to handle https connections?

h4ns...@gmail.com

unread,
Mar 11, 2015, 1:55:51 PM3/11/15
to fronti...@googlegroups.com
Plan B:  OPML behind Apache with SSL

Might that be a solution?
http://serverfault.com/questions/25423/apache-virtualhost-with-mod-proxy-and-ssl

Will test it, but lacking resources (and know-how) today.

Jake Savin

unread,
Mar 11, 2015, 2:21:02 PM3/11/15
to fronti...@googlegroups.com
Running behind an Apache proxy is probably your best bet if SSL/TLS is a must-have for you.

-Jake


h4ns...@gmail.com

unread,
Mar 11, 2015, 6:05:24 PM3/11/15
to fronti...@googlegroups.com
Jake, you are right for OPML.

If a TLS.root licence fell from the skies, it would make things easier. Swithing machines, updating .roots, changing to a new OS X database app etc. is much more work than I had anticipated.

Ted Howard

unread,
Mar 12, 2015, 9:24:28 AM3/12/15
to fronti...@googlegroups.com, h4ns...@gmail.com
On March 11, 2015 at 5:05:27 PM, h4ns...@gmail.com (h4ns...@gmail.com) wrote:
Jake, you are right for OPML.

If a TLS.root licence fell from the skies, it would make things easier. Swithing machines, updating .roots, changing to a new OS X database app etc. is much more work than I had anticipated.

Another option is to run Apache with mod_proxy on a different machine. My understanding is that it can proxy requests to other machines, so you could stand up a linux or OS X box with Apache that just forwards the requests on to your OS 9.2 machine.


Ted


h4ns...@gmail.com

unread,
Mar 12, 2015, 10:23:31 AM3/12/15
to fronti...@googlegroups.com, h4ns...@gmail.com
Ted,

that would be the first think to test. The Apache manuals show an option to additionally have mod_ssl encrypt the relayed request. My hypothesis is, that a request would be decrypted by Apache before it gets relayed to the target server.

Plan A: have Apache proxy the request to my remote Mac 9.2 / Frontier 7
Plan B: swap servers and run OPML on Mac OS X behind Apache
Plan C: look/hunt/pray for TLS.root licence

Will know more in the coming days... If anyone tried A or B, I would be happy to hear about it.
Reply all
Reply to author
Forward
0 new messages