setting up apache2 (or squid) to serve as an SSL/TLS proxy for older systems? ==> Works Great!

Ken Cunningham ken.cunningham.webuse at gmail.com
Fri Dec 18 22:26:22 UTC 2020


and as an added bonus, I see you’ve fixed the weather widget too!

Ken

> On Dec 18, 2020, at 2:09 PM, Ken Cunningham <ken.cunningham.webuse at gmail.com> wrote:
> 
> I installed your DMG version of the setup on a clean 10.6.8 machine I had sitting.
> 
> It works just great! That is exactly the kind of fix I was wondering about, and you’ve put together a great little installer.
> 
> 
> With your squid proxy running, the old original Safari browser registers as showing all current SSL capability at <https://howsmyssl.com>.
> 
> MacPorts’ port command can download software from high-security SSL sites like github without any trouble:
> 
> eg.
> 
> sudo port clean —all ninja
> sudo port -d fetch —no-mirror ninja
> 
> now works perfectly with the squid proxy enabled,
> 
> --->  Fetching distfiles for ninja
> DEBUG: elevating privileges for fetch: euid changed to 0, egid changed to 0.
> DEBUG: dropping privileges: euid changed to 503, egid changed to 501.
> DEBUG: Executing org.macports.fetch (ninja)
> --->  ninja-1.10.2.tar.gz does not exist in /opt/local/var/macports/distfiles/ninja
> --->  Attempting to fetch ninja-1.10.2.tar.gz from https://github.com/ninja-build/ninja/archive/v1.10.2
>  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
>                                 Dload  Upload   Total   Spent    Left  Speed
>  0   126    0     0    0     0      0      0 --:--:--  0:00:01 --:--:--     0
> 126   126  126   126    0     0     85      0  0:00:01  0:00:01 --:--:--   264
> 100  208k  100  208k    0     0    98k      0  0:00:02  0:00:02 --:--:—   98
> 
> 
> and fails as always when it is not enabled.
> 
> --->  Fetching distfiles for ninja
> DEBUG: elevating privileges for fetch: euid changed to 0, egid changed to 0.
> DEBUG: dropping privileges: euid changed to 503, egid changed to 501.
> DEBUG: Executing org.macports.fetch (ninja)
> --->  ninja-1.10.2.tar.gz does not exist in /opt/local/var/macports/distfiles/ninja
> --->  Attempting to fetch ninja-1.10.2.tar.gz from https://github.com/ninja-build/ninja/archive/v1.10.2
> 
>  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
>                                 Dload  Upload   Total   Spent    Left  Speed
>  0     0    0     0    0     0      0      0 --:--:--  0:00:01 --:--:--     0DEBUG: Fetching distfile failed: error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version
> Error: Failed to fetch ninja: error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version
> 
> 
> 
> I don’t 100% understand all the inner workings — I noticed that calling the old curl in /usr/bin did not work to download the same file for some reason:
> 
> $ /usr/bin/curl -O https://github.com/ninja-build/ninja/archive/v1.10.2/ninja-1.10.2.tar.gz
> 
> curl: (35) error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version
> 
> 
> 
> But that is looking like minor stuff.
> 
> We’ve been struggling for a while now to provide a capable port command (and other commands) to software that will allow a current SSL to work. Looks like you’ve really hit the ball out of the park with this one.
> 
> Thanks,
> 
> Ken
> 
> 



More information about the macports-users mailing list