Check for updates on https results in Certificate error in Mac OS X 10.8.5

[Martin Koob]

When I try to check for updates in the standalone with the update folder that has an https URL I get an error.

error -Error with certificate at depth: 2  issuer   = /C=BE/O=GlobalSign nv-sa/OU=Root CA/CN=GlobalSign Root CA  subject  = /C=BE/O=GlobalSign nv-sa/OU=Root CA/CN=GlobalSign Root CA  err 10:certificate has expired

I have checked with my certificate provider and the certificate for the site is valid.

I have found on the forums this may be an issue with certificates with LiveCode and Mac OS X 10.8.5.  They report the same error I get.

http://ftp.runrev.com/forums/viewtopic.php?f=9&t=17174&sid=9cca3b025b2157bd59b3ebe82ba00a0b

There is a bug reported.

http://quality.runrev.com/show_bug.cgi?id=11211

The bug report has a suggested a workaround 

Put the following command before the call to the the command connecting to the https url

libUrlSetSSLVerificition false

However that is done in the framework so not sure how to do that to test this.

In the IDE it does not appear to be an issue because in the message box I put 

put url "http://www.mydomain.com/.../update.txt and the text from the update file was returned with no error in the result.

So not sure what is going on here.

Any help would be appreciated.

thanks.

Martin

[Martin Koob]

I just realized that when I tried the line below in the message box  in the IDE and it worked I was using LC 6.7.0 DP2.  

put url "http://www.mydomain.com/.../update.txt

It seems the bug #11211 may be resolved.

Will test it with GLX updater tomorrow.

Martin

[Trevor DeVore]

On Mon, Apr 21, 2014 at 5:23 PM, Martin Koob <mk...@rogers.com> wrote:

When I try to check for updates in the standalone with the update folder that has an https URL I get an error.

... 

The bug report has a suggested a workaround 

Put the following command before the call to the the command connecting to the https url

libUrlSetSSLVerificition false

libUrlSetSSLVerificition is a global setting so you can set it in glxapp_initializeApplication. I don't recommend using libUrlSetSSLVerificition in a shipping application, however. When you set it to false then the certificate is no longer being verified and another server can get between your app and the real server as there is no verification to ensure authenticity.

-- 

Trevor DeVore

Blue Mango Learning Systems

www.screensteps.com    -    www.clarify-it.com 

[David Bovill]

I'm having an https problem with a webservice I am calling. Here is the url (which works in the browser but not from the IDE):

https://api.dreamhost.com/?key=6SHU5P2HLDAYECUM&cmd=user-list_users_no_pw&unique_id=4082432&format=perl

I've tried libUrlSetSSLVerificition false and made a stab at debugging it. I get the following error:

httpproxyforurl for host 'api.dreamhost.com': 
Proxy for URL: 
socket selected: api.dreamhost.com:443|6924
GET /?key=6SHU5P2HLDAYECUM&cmd=user-list_users_no_pw&unique_id=4082432&format=perl HTTP/1.1
Host: api.dreamhost.com
User-Agent: curl/7.30.0
Accept: */*
socket timeout api.dreamhost.com:443|6924

And the following headers sent (as you can see I tried changing the user agent as curl works fine):

GET /?key=6SHU5P2HLDAYECUM&cmd=user-list_users_no_pw&unique_id=4082432&format=perl HTTP/1.1
Host: api.dreamhost.com
User-Agent: curl/7.30.0
Accept: */*

And returned:

 

HTTP/1.1 200 OK
Set-Cookie: 60gpBAK=R1224191420; path=/; expires=Mon, 07-Apr-2014 18:14:08 GMT
Date: Mon, 07 Apr 2014 17:06:53 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: 60gp=R477302024; path=/; expires=Mon, 07-Apr-2014 18:08:19 GMT
Server: Apache
X-Powered-By: PHP/5.2.17
Vary: Cookie,Accept-Encoding
Composed-By: SPIP 2.1.24 @ www.spip.net + images(1.0.1), msie_compat(1.0.0), porte_plume(1.7.9), safehtml(1.3.7), vertebres(1.0.0), guestbook(2.22), compresseur(1.0.2)
X-Spip-Cache: 86400
Last-Modified: Mon, 07 Apr 2014 17:06:53 GMT

Any thoughts?

 

--
You received this message because you are subscribed to the Google Groups "GLX Application Framework" group.
To unsubscribe from this group and stop receiving emails from it, send an email to glxapp+un...@googlegroups.com.
To post to this group, send email to glx...@googlegroups.com.
Visit this group at http://groups.google.com/group/glxapp.
For more options, visit https://groups.google.com/d/optout.

[Martin Koob]

Hi Trevor

I have found that with LC 6.7.0 DP-2 there is not a need to set the verification to false as the bug with SSL on Mac OS X has been fixed as of LC 6.6

http://quality.runrev.com/show_bug.cgi?id=11211

So then checking for update worked in the IDE but in the standalone I got an error message.

"An error occurred while checking for updates (Cannot load SSL Library)."

I then realized that I had to select the 'SSL & Encryption Library, in the Standalone Application Settings.

Then I had to build a new standalone in the glxApplicationProperties plugin in the 'General' tab

Now checking for updates works in both the IDE and standalone.

Martin

[Martin Koob]

Sorry I jumped the gun.  

What was working was when I clicked on the application in the project folder with the launcher and the components folder. It properly checks for updates.

When I build a standalone with glxApplicationPackager the standalone still returns the 'Cannot load SSL Library"

Do I still need to put something in the externals folder in the components folder.

Martin  

[Martin Koob]

My guess as to what is happening is that glxApplicationPackager is not loading the library revsecurity.dylib.

This file first appears in LC 6.6 and is in the Application package contents/MacOS

I thought perhaps I could manually add it as a standalone resource.  I copied revSecurity.dylib to the externals folder of the components folder of my app then added it as a resource.

->this had no effect.

I deleted that from the standalone resources

Then I tried to add it as an external and linking that to file I had copied -- components/externals/revsecurity.dylib 

->bad idea! my project  would not open saying it could not find the library.  I had to open the application stack on its own and delete that external reference manually.

So am I on the right track here?   Does something have to be done to incorporate the new rev security library into a GLX application?

Thanks

Martin

[Trevor DeVore]

On Tue, Apr 22, 2014 at 2:01 PM, Martin Koob <mk...@rogers.com> wrote:

My guess as to what is happening is that glxApplicationPackager is not loading the library revsecurity.dylib.

This file first appears in LC 6.6 and is in the Application package contents/MacOS

glxApplicationPackager just copies over your .app bundle and everything in it. revsecurity.dylib is added by the LiveCode standalone builder to the Contents/MacOS folder so it should just come across during the app packaging process (I just tested and it worked as expected for me).

Here is what I suggest:

1) Build your standalone from the GLX App plugin.

2) Confirm that the revsecurity.dylib files is in the ./Contents/MacOS folder

3) Package up the app.

4) Report back whether or not revsecurity.dylib is in the packaged .app ./Contents/MacOS folder.

[Trevor DeVore]

On Tue, Apr 22, 2014 at 10:14 AM, David Bovill <david....@gmail.com> wrote:

I'm having an https problem with a webservice I am calling. Here is the url (which works in the browser but not from the IDE):

https://api.dreamhost.com/?key=6SHU5P2HLDAYECUM&cmd=user-list_users_no_pw&unique_id=4082432&format=perl

I've tried libUrlSetSSLVerificition false and made a stab at debugging it. I get the following error:

...

socket timeout api.dreamhost.com:443|6924

Hi David,

I'm not sure I understand. Above you are getting a socket timeout error...

And returned:

 

HTTP/1.1 200 OK
Set-Cookie: 60gpBAK=R1224191420; path=/; expires=Mon, 07-Apr-2014 18:14:08 GMT
Date: Mon, 07 Apr 2014 17:06:53 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: 60gp=R477302024; path=/; expires=Mon, 07-Apr-2014 18:08:19 GMT
Server: Apache
X-Powered-By: PHP/5.2.17
Vary: Cookie,Accept-Encoding
Composed-By: SPIP 2.1.24 @ www.spip.net + images(1.0.1), msie_compat(1.0.0), porte_plume(1.7.9), safehtml(1.3.7), vertebres(1.0.0), guestbook(2.22), compresseur(1.0.2)
X-Spip-Cache: 86400
Last-Modified: Mon, 07 Apr 2014 17:06:53 GMT

And here you are getting back a 200 OK response. Are both of these requests with LiveCode? Or is second one with curl?

Have you tried using a newer version of LiveCode that uses a newer version of OpenSSL? I know some servers have stopped accepting requests from old versions of the library (Dropbox for example).

[David Bovill]

On 23 April 2014 14:36, Trevor DeVore <glx...@gmail.com> wrote:

Hi David,

I'm not sure I understand. Above you are getting a socket timeout error...

And returned:

 

HTTP/1.1 200 OK
Set-Cookie: 60gpBAK=R1224191420; path=/; expires=Mon, 07-Apr-2014 18:14:08 GMT
Date: Mon, 07 Apr 2014 17:06:53 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: 60gp=R477302024; path=/; expires=Mon, 07-Apr-2014 18:08:19 GMT
Server: Apache
X-Powered-By: PHP/5.2.17
Vary: Cookie,Accept-Encoding
Composed-By: SPIP 2.1.24 @ www.spip.net + images(1.0.1), msie_compat(1.0.0), porte_plume(1.7.9), safehtml(1.3.7), vertebres(1.0.0), guestbook(2.22), compresseur(1.0.2)
X-Spip-Cache: 86400
Last-Modified: Mon, 07 Apr 2014 17:06:53 GMT

And here you are getting back a 200 OK response. Are both of these requests with LiveCode? Or is second one with curl?

They are both with Livecode - either v6.61 or the 7.x dev releases. I tried with some earlier versions as well.

With regard to the 200 OK response - this is simply what libURLLastRHHeaders() returns, and i guess it could well be from some older successful HTTP call? I tried debugging with EavesDrop - but as the trafic is encrypted it's not very helpful.

This simple HTTPS request works in the browser and with curl - but all the info posted is from liveCode 6.6.1

The script I use is:

on mouseUp
   -- libUrlSetSSLVerification false
   -- answer file "Select .pem file"
   -- put it into certFile
   -- put certFile
   
   put "/Users/fortyfoxes/Desktop/Certificates.pem" into certFile
   set the sslCertificates to certFile
   
   put the long id of fld "Result" into someField
   libUrlSetLogField someField
   
   lock screen
   put empty into fld "Error"
   put empty into fld "Result"
   put empty into fld "API URL"
   unlock screen
   
   set the sockettimeoutinterval to 10000
   set the httpheaders to "User-Agent: curl/7.30.0" & CR & "Accept: */*"
   
   put dreamhost_ConstructApiURL() into apiUrl
   put apiUrl into fld "API URL"
   put CR & CR & url apiURL after fld "Result"
   put the result into fld "Error"
   
   put CR & CR & libURLLastHTTPHeaders() after fld "Error"
   put CR & CR & libURLLastRHHeaders() after fld "Error"
   -- answer "OK"
end mouseUp

 

[Trevor DeVore]

On Wed, Apr 23, 2014 at 9:46 AM, David Bovill <david....@gmail.com> wrote:

They are both with Livecode - either v6.61 or the 7.x dev releases. I tried with some earlier versions as well.

I'm not sure what the problem is. I get the same timeout as well.

[Martin Koob]

Hi Trevor

Thanks for this.

I tried this

- built the standalone with GXL App plugin using LC 6.7.0-DP2

- checked ./Contents/MacOS folder

- there was no revSecurity.dylib file in the contents folder

I thought It may be the fact that  there was an existing Standalone was causing problem so tried the following.

-moved the standalone to a temp folder

- built the standalone with GXL App plugin using LC 6.7.0-DP2

- checked ./Contents/MacOS folder

- there was no revSecurity.dylib file in the contents folder

If I just create a new stack and select SSL & security in the standalone application settings and then create a standalone using the 

"Save as Standalone application…" in the File menu of LiveCode the revSecurity.dylib file is copied to ./Contents/MacOS folder

To test whether the GLX app plugin was moving the file property 

- I manually copy the revSecurity.dylib file to the  ./Contents/MacOS folder of the standalone application in the project folder and then

- build the application with glxApplicationPackager 

- the revSecurity.dylib file is copied to the application bundle.

- launch built application 

- check for updates

-  I don't get the can't load SSL library error but I get a "An error occurred while checking for updates (404 not found)."

The odd thing is that I don't get any errors when checking in the IDE or when running the standalone in the project folder, even without revSecurity.dylib installed.

-I don't get the can't load SSL library error

-I dont' get the 404 not found error

-The dialog shows the expected message "you are running the most current version" with the appropriate version into.

So for some reason the GLX App plugin is not copying the revSecurity.dylib file to the standalone when building it.

Any ideas as to why that is or what I can try next?

Thanks

Martin

[Trevor DeVore]

On Thu, Apr 24, 2014 at 11:12 AM, Martin Koob <mk...@rogers.com> wrote:

I tried this

- built the standalone with GXL App plugin using LC 6.7.0-DP2

- checked ./Contents/MacOS folder

- there was no revSecurity.dylib file in the contents folder

You have to configure the standalone settings for the glxappLauncher stack and check the "SSL & Security" box. The GLX App plugin uses the LiveCode routine for building the standalone so there isn't anything special going on. If you don't check the security box then the file won't be included.

[Martin Koob]

Thanks Trevor

I was configuring the standalone settings of the program stack not the glxappLauncher stack.  

Thanks for your help.

Martin