El Capitan and the evils of OpenSSL

Are you having trouble with SSL on El Capitan (OS X 10.11)?

Me too.

Here are the things I know about it right now:

  1. OS X’s OpenSSL is ancient (0.9.8-ish).
  2. OS X’s preferred SSL library is SecureTransport which is modern and secure.
  3. Some programs compiled with OpenSSL seem to use SecureTransport unless an OpenSSL-specific feature is requested (e.g. SSL_CERT_FILE or SSL_CERT_DIR is set).
  4. SecureTransport (OS X’s replacement for OpenSSL) may fall back to using OpenSSL if the environment variable SSL_CERT_FILE is set.
  5. Lots of places are cross-signing” their intermediate certs to upgrade from SHA-1 to SHA-2 for security reasons.
  6. OS X’s OpenSSL cannot handle the intermediate cross-signing and report that it cannot verify certificates. SecureTransport handles this just fine.
  7. HomeBrew applications usually don’t support SecureTransport and instead use HomeBrew’s OpenSSL.
  8. /usr/bin/curl uses SecureTransport directly, unless you set SSL_CERT_FILE (see above).

Continue reading

Busting cached 301 redirects in Chrome.

Chrome icon in a Latte

The Chrome browser caches HTTP 301 permanent redirects very aggressively. This is normally a good thing, unless you’re the one setting up the 301 and you make a mistake…

There is no obvious place in chrome to refresh that cache, but there is a nifty trick.

Go to the URL:


This causes Chrome to recheck the page and will update any cached 301 rules.

Ciao! Continue reading

40days – Simple isn’t easy

Screenshot of 40days

I wrote a simple one-page web application called 40days. It shows you what the date is for 40 days in the future. I say simple” but really, simple isn’t easy. It never is.

I wrote 40days because my orthodontist would schedule my appointments 40 days apart and it was a hassle for me and secretary to figure out exactly what date that was.

It’s written with coffeescript and scss and is licensed under the MIT LICENSE.

This actually was harder than I thought. I created a really crappy-but-works version quickly. But I always forget that polishing things is so hard.
Continue reading