Apple


Due to openssl 1.0.1 introducing TLS v1.2 as the default for SSL connections you can find yourself facing an error like this:

Connection reset by peer - SSL_connect (Errno::ECONNRESET)

This will happen if you’re using macports with openssl 1.0.1 (latest one right now is 1.0.1c) and try to either use curl or ruby (no matter if it’s 1.8 or 1.9). OpenSSL 1.0.1 introduces support for TLS v1.2 which is not yet supported by most code, unfortunately it’s used as default and it’ll break your code with bizarre error messages about certificate trust.

The recommended resolution so far is to simply downgrade openssl, thanks to macports running svn this can be easily done by running the following lines into your terminal:

svn checkout -r 90715 http://svn.macports.org/repository/macports/trunk/dports/devel/openssl
cd openssl
sudo port install

This will install the last 1.0.0 version of OpenSSL available on macports (1.0.0h) so your problematic code can work again. If you’re writing your own code in ruby you can also add this option before pulling your https connection:

https = Net::HTTP.new(request_url.host, request_url.port)
https.instance_eval { @ssl_context = OpenSSL::SSL::SSLContext.new(:TLSv1) }

If you don’t have Mac OS X Leopard server you have a Samba implementation limited mostly to home directories and a lot of borking around, if you’re a typical Unix Admin as I am you’ll want to take things in your hands and add the shares you want yourself in the command line.

Leopard uses Samba 3 and its own authentication and locking methods connected to its auth layer and afp locking so a typical samba config file won’t work, it also has a dynamically modificable part which is configured via System Preferences.

This is not the smartest method neither prepared for faint hearted people, but it’ll work if you’re used to Linux.

If you had samba already working on Tiger the changes are only at locking, vfs and user auth, which is what enables all the new Leopard system to work properly.

This are the exact changes from Tiger to Leopard


# Changes affecting user mapping and authentication
passdb backend = odsam
idmap domains = default
idmap config default: default = yes
idmap config default: backend = odsam
idmap alloc backend = odsam
idmap negative cache time = 5
obey pam restrictions = yes
security = USER
auth methods = guest odsam
ntlm auth = yes
lanman auth = no
use kerberos keytab = yes
com.apple: lkdc realm = LKDC:SHA1.xxx
realm = LKDC:SHA1.xxx


# Changes affecting the FS interaction and locks
vfs objects = darwinacl,darwin_streams
use sendfile = yes
ea support = yes
darwin_streams:brlm = yes
enable core files = yes
max smbd processes = 10
log level = 1
map to guest = Bad User

You want to take a look at the realm SHA1 strings since they’re dependant on your installation, you can always check the new /etc/smb.conf in Mac OS X Leopard and then merge it up with your previous config, or replace the config as I did and just add this.

The Leopard samba configuration is brilliant, but at the same time limited to push you to buy the Server version, at the same time it’s interesting to play with the includes it adds too, but this at least will get your previous samba config out and running fine.