Closed nilsbyte closed 5 years ago
Turns out AutoPkg uses Python at /usr/bin/python
which is
srv-osx:bin admin$ /usr/bin/python
Python 2.7.10 (default, Feb 7 2017, 00:08:15)
[GCC 4.2.1 Compatible Apple LLVM 8.0.0 (clang-800.0.34)] on darwin
with openSSL
>>> print ssl.OPENSSL_VERSION
OpenSSL 0.9.8zh 14 Jan 2016
which is outdated and causes problem with many SSL enabled sites. I don't know how to replace OpenSSL for the system-Python of macOS.
Hello. Same problem here... Have you found how to correct ?
Please upgrade. 10.12 is not a supportable platform anymore. If you cannot, investigate tlsssl explained here: https://clburlison.com/python2-and-tls/
Hello. Thanks for pointing this... I'll try...
My macOS Server is a VM and currently, 10.13 is not supported by the host. Does 10.13 resolve the issues with TLS (outdated OpenSSL version)?
Yes,
Ditching OpenSSL For LibreSSL In High Sierra, Apple has switched SSL libraries from OpenSSL 0.9.8zh to LibreSSL 2.2.7. LibreSSL is a fork of OpenSSL supported by OpenBSD. Secure Transport is Apple’s own API for SSL/TLS but it is primarily used for their first-party software. LibreSSL will serve as the SSL library for third-party software.
If the writer of that snippet didn’t inject stuff into my pasteboard I would link to them, but I DDG’d “high sierra linked ssl”
@arubdesu, can you please update https://github.com/autopkg/arubdesu-recipes/blob/master/2016SuiteSKUless/OfficeSuiteSKULessVersionProvider.py to use the SSL enabled URL https://macadmins.software/latest.xml and the python SSL module or does this make no sense?
I can't find a way to replace system-openSSL on 10.12
I cannot add a non-stdlib import that is only needed on a two-versions-old operating system. (If the vendored project is installed correctly it shouldn’t be necessary, either.) Sorry I can’t be of more help but I hope my reason why is understandable. I can’t promise when I’ll be finally running that recipe and fixing whatever ails it, but PR’s greatly appreciated.
I understand. What do you mean by 'If the vendored project is installed correctly'?
The tlsssl link mentioned earlier goes to Clayton’s ‘vendored’ project https://github.com/clburlison/vendored. Again, thank you for your understanding, this is important to clear up so it won’t be months until I at least update READMEs
Am I ok to close this issue out? I got confused with the other work I need to do (e.g. the naming/versionsing issues, even though it probably still works decent). I'd rather consider this exact symptom not a fault of the code but instead running autopkg on pre-10.13 macOS, which is certainly not recommended.
Please close. I will update my VM to 10.13 and see if it works then.
When running the 2016SuiteSKULess.munki override, I get this:
openSSL version
Python version
Maybe the cause is the automatic redirection to HTTPS (SSL)?
If I try to execute what the script at https://github.com/autopkg/arubdesu-recipes/blob/master/2016SuiteSKUless/OfficeSuiteSKULessVersionProvider.py does, I do not get any error, the file is fetched without problems and can display it with print(xml).
AutoPkg latest running on macOS 10.12.6.