TurboActivate TLS/SSL Ca Certificates on macOSAnswered

Hi,

We have updated in our software TA from 4.0.9.6 to 4.1.9.0, which was released only few days after a new 4.2.0 release of TA. Note, we are using static TA only (without TF).

However, we are receiving a lot of errors with Connection timed/out with TLS/SSL CA-Certificates from our customers, mostly on macOS 10.13, 10.14 and 10.15.

We have not been able to reproduce this behaviour in our environment (using any of the mentioned macOS version).

We have created FAQ using Wyday answers, but customers are still unable to activate our software, even if they can smoothly access wyday.com from native (Safari) browsers.

We will test the latest 4.2.0 version, but there seems to be nothing changed for this error, or are we mis-reading your changelog?

Does anyone have the same problem? Are there other required steps?

TA 4.2.0 contains a lot of fixes for connections on everything except macOS. (Although you should *always* use the latest version -- it has bug fixes and improvements).

If using the latest version doesn't fix the problem for these customers, next step is to use the dynamic version of TurboActivate. Or, at the very least, ensure you're linking to the latest libCurl version on macOS (don't link to old versions).

Also, provide exact error codes. And tell them to disable firewalls, "private VPN" garbage, and other "cleaner" junk that creates more problems than it solves.

Hi Wyatt,

We have tried to update TA to the latest 4.2.0, but no success on our testing machine.

We are linking and deploying libCurl together with the application, and each curl-related things are working in our application, and this same application is working on some macOS and not working on another macOS machines.We have reported issues with macOS 10.11, 10.14, and 10.15. And moreover, we have been able to activate on each of these macOS version this same application.

We have disabled any firewall, garbage, VPN, etc. Still we cannot activate 🙁

The exact error code is:

/* MessageId: TA_E_INET_TLS Message code (in Hex): 0x24 Message code (in Decimal): 36

MessageText:

The secure connection to the activation servers failed due to a TLS or certificate error. This is most often caused by MITM (man-in-the-middle) attempts on corporate networks or, if on Unix operating systems (macOS, Linux, BSD, etc.), it's caused by out-of-date or missing "CA certificates". This means either keeping your system itself up-to-date, or manually updating the CA certs.

More information here: https://wyday.com/limelm/help/faq/#internet-error*/#define TA_E_INET_TLS ((HRESULT)0x00000024L)

Answer

>> "We are linking and deploying libCurl together with the application"

Ah, OK. That's likely the problem. Use the dynamic version of TurboActivate -- it links directly with the system version of libcurl (and uses system cacerts).

Hi Wyatt,

What CURL is inside static TA/TF libraries? Or none? We are not able to link our application only with TA/TF and without -lcurl, fails to link curl functions.

Also, your dylib are not codesigned anymore. Is there any chance to use static TA and curl functions?

We weak-link libcurl. So, yes, if you use the static library you’ll need to link it (Covered in the docs).

We don’t code-sign mac binaries anymore. Apple requires us to jump through too many hoops. You can sign them if you want.

Reply
Discard post