But users aren’t going to figure that out on their own. The fix is pretty simple: manually delete the spurious entries in the login keychain (so that the system entries are used instead). The problem seems to be triggered by Mavericks security update 2015-004 (released last week). Symptoms are the App Store refuses to load, MacOS software updates won’t get installed, Chrome refuses to load websites and Safari throws errors. Affected Macs can no longer verify Verisign-signed SSL certs in any application. However, the certificates old versions of Cyberduck wrote to the Keychain are now causing fairly serious problems with MacOS. This behavior is documented in ticket #8741 and the code was changed to no longer do that. Prior to version 4.7, Cyberduck had code where it wrote some SSL certificates to the user login keychain. That may explain why 2015-004 changed things.įor the search engines: one of the two bad certificates placed on my keychain by Cyberduck was “VeriSign Class 3 Public Primary Certification Authority – G5” Apparently it’s a key that is weakly signed and various software is deciding it’s no longer valid as they update to stricter requirements. Update: this AWS discussion contains complaints about S3’s SSL certificate. Were they verifying it was a valid cert first? If so, then why is it no longer a valid cert? And why did MacOS security update 2015-004 break it? I’m content to let that all remain a mystery, but I’m curious. Cyberduck says they were taking a certificate offered by the server Amazon S3, in this case. I also don’t understand the root cause of the problem. We now have a bug report on file, my report text below. I’m not sure the Cyberduck authors understand the magnitude of the problem though, or that users of old versions now have broken Macs. There was a reported and fixed bug in Cyberduck. Version 4.7 (17432) is the latest version of Cyberduck. It doesn’t cause the problem any more. (For completeness I should add Cyberduck also complains about an SSL hostname mismatch when connecting to S3, but I think that’s a legitimate and expected error and unrelated to the Verisign certs.) I also manually verified the login keychain entries show up again as soon as I run Cyberduck after deleting them. It’s just the right kind of unusual application that would cause a bug like this that some small group of users on the Internet finds but not everyone.Ĭyberduck 4.6.3 placed a bunch of errors in the console, including the smoking gun “4/27/15 3:42:05.621 PM Cyberduck: Error adding certificate to Keychain”. I use it sporadically to browse S3 buckets. The system Console helped me narrow it down to the application Cyberduck, version 4.6.3. So here I am, using both FileZilla and Cyberduck today, just wishing for the best of both in one app.I figured out what put the rogue SSL certificate on my system, the one that breaks MacOS Mavericks. I'm not really sure what is so different between Fetch and Cyberduck though. The Fetch developer is easy to reach, and responsive. And my trial period has long since expired. I have a support request out in their Twitter messaging system (which they recommended for quick replies) since the end of October. Support, as I mentioned, for Transmit seems to be pretty unresponsive. Support for FileZilla, via their online community, is really responsive. Support for Cyberduck seems to be basically non-existent though. If it doesn't, you can quit, run this in the terminal, and start Cyberduck again and it will offer to import the bookmarks, if they are available:ĭefaults delete ch.sudo.cyberduck .filezilla Oh, Cyberduck will also import your FileZilla bookmarks automatically. I just wish, as I wrote in my opening post, that there was an easy way to link a remote server with a local Finder folder. Every time I save changes, a notification pops up telling me when the file is saved remotely. I'm quite enjoying using Cyberduck this afternoon because I'm remotely editing a file, and it seems especially easy via Cyberduck. And automatic refreshes of the transfer panes. So it would be nice to have a dual pane FTP client that also allowed for non-cumbersome editing of remote files (and comparing with the local file) as well as drag-and-drop from the Finder.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |