Unfortunately I don’t have a OpenSC compatible USB token to give it a try with, however we are able to use a token with its commercial driver, so it’s likely to be OpenSC related. A couple of points:
If you edit your connection and change the PKCS11 Retrieval option to “Prompt for certificate name” does Viscosity prompt for the name when you connect? If so, this indicates that the provider file is being added correctly by OpenVPN, however a device matching your entered PKCS11 certificate name was not found.
If you’re still stuck, how do you get on if you edit your connection in Viscosity and add “script-security 2” to the commands area under the Advanced tab, Save your changes, and then enable the “Allow unsafe OpenVPN commands to be used” option under Preferences->Advanced?
Are you running the latest beta version (1.5b1 / build 1223)? We’ve seen some similar reports with an older beta build (build 1191), but nothing with the most recent.
Can you try the following to try and submit a crash report?
Use Activity Monitor to ensure that Viscosity isn’t running/stuck in the background. Quit/Force-Quit any copies found.
Make sure that Viscosity 1.5b1 is installed, and that you are using the latest Yosemite Developer Preview (DP6).
Try and open Viscosity. Assuming it still crashes with the same error, try and open it again.
If you are presented with a crash report dialog, please submit it to us. If not, try checking the Console for any crash reports (under the Diagnostic Reports sections to the left) and email it along.
I’d also recommend you try completely uninstalling Viscosity by removing the files listed in the following article (make sure you have a backup of your connections first): http://www.sparklabs.com/support/uninstalling_viscosity/
It appears you are seeing the same issue as hamidp - if you’re able to run through the same instructions as posted above to try and get us a crash report that would be appreciated (as well as see whether an uninstall/install does the trick).
The _NSGlyphTreeInsertGlyphs messages are likely to be a Yosemite issue (they’re not a terminal error), however to be on the safe side: do you know whether the names of any of your connections contain any glyph characters? Glyph characters are typically small picture characters or symbols. Do you run your system in a language other than English?
If you receive an error message stating that Viscosity’s helper tool was unable to be installed/updated under Yosemite please restart your computer or uninstall the old helper tool like so:
You can subscribe to this topic by clicking on the “Subscribe topic” link at the bottom of the page to receive email notifications of new beta versions.
I don’t think there are any glyphs in my connections. I have also removed all viscosity preferences and application support items. So it should be a fresh install.
My system is setup using us-english defaults.
I can do a system report for you if you want
issue persists on 1.5b2
8/22/14 3:30:11.586 PM Viscosity[14108]: !!! _NSGlyphTreeInsertGlyphs glyph index issue 2
8/22/14 3:30:11.586 PM Viscosity[14108]: !!! _NSGlyphTreeInsertGlyphs glyph index issue 2
8/22/14 3:30:11.586 PM Viscosity[14108]: !!! _NSGlyphTreeInsertGlyphs glyph index issue 2
8/22/14 3:30:11.586 PM Viscosity[14108]: !!! _NSGlyphTreeInsertGlyphs glyph index issue 2
8/22/14 3:30:11.587 PM Viscosity[14108]: !!! _NSGlyphTreeInsertGlyphs glyph index issue 2
8/22/14 3:30:11.587 PM Viscosity[14108]: !!! _NSGlyphTreeInsertGlyphs glyph index issue 2
8/22/14 3:30:11.587 PM Viscosity[14108]: !!! _NSGlyphTreeInsertGlyphs glyph index issue 2
8/22/14 3:30:11.587 PM Viscosity[14108]: !!! _NSGlyphTreeInsertGlyphs glyph index issue 2
8/22/14 3:30:11.587 PM Viscosity[14108]: !!! _NSGlyphTreeInsertGlyphs glyph index issue 2
8/22/14 3:30:11.587 PM Viscosity[14108]: !!! _NSGlyphTreeInsertGlyphs glyph index issue 2
8/22/14 3:30:11.587 PM Viscosity[14108]: !!! _NSGlyphTreeInsertGlyphs glyph index issue 2
8/22/14 3:30:11.587 PM Viscosity[14108]: !!! _NSGlyphTreeInsertGlyphs glyph index issue 2
8/22/14 3:30:11.588 PM Viscosity[14108]: !!! _NSGlyphTreeInsertGlyphs glyph index issue 2
8/22/14 3:30:11.588 PM Viscosity[14108]: !!! _NSGlyphTreeInsertGlyphs glyph index issue 2
8/22/14 3:30:11.588 PM Viscosity[14108]: !!! _NSGlyphTreeInsertGlyphs glyph index issue 2
8/22/14 3:30:11.588 PM Viscosity[14108]: !!! _NSGlyphTreeInsertGlyphs glyph index issue 2
8/22/14 3:30:11.588 PM Viscosity[14108]: !!! Suppressing further NSGlyphTree logs
8/22/14 3:30:11.591 PM Viscosity[14108]: *** -[NSBigMutableString _getBlockStart:end:contentsEnd:forRange:stopAtLineSeparators:]: Range {0, 672} out of bounds; string length 670
Thanks for the additional information. We’ve done some serious testing with Yosemite Developer Preview 6, and we’ve been unable to replicate the issue at all, including with clean installs on several hardware models. This leads us to believe it is a bug in Yosemite beta, rather than Viscosity itself (although we’re not ruling anything out).
northisup, you mention in an earlier post that you are using Yosemite build 14A299l, which corresponds to Yosemite Public Beta 1. Do you have any better luck with Yosemite Public Beta 2 (14A329r) which has since been released? I’d also recommend submitting a bug report to Apple if you’re continuing to see the issue with the latest public beta version.
If you have an Apple Developer Account I’d also recommend trying with the latest developer preview rather than the public beta.
No, unfortunately, it doesn’t. But if I pick “Use the certificate name bellow” and “Detect” I do have the list of certificates on my token.
No more luck with this either. Here’s the output:
Aug 26 10:00:34: Viscosity Mac 1.5 (1223)
Aug 26 10:00:34: Viscosity OpenVPN Engine Started
Aug 26 10:00:34: Running on Mac OS X 10.10
Aug 26 10:00:34: ---------
Aug 26 10:00:34: Checking reachability status of connection...
Aug 26 10:00:34: Connection is reachable. Starting connection attempt.
Tue Aug 26 10:00:35 2014 NOTE: debug verbosity (--verb 12) is enabled but this build lacks debug support.
Aug 26 10:00:36: OpenVPN 2.3.4 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [PKCS11] [MH] [IPv6] built on Aug 9 2014
Aug 26 10:00:36: MANAGEMENT: CMD 'state on'
Aug 26 10:00:36: MANAGEMENT: CMD 'hold release'
Aug 26 10:00:36: PKCS#11: Adding PKCS#11 provider '/Library/OpenSC-14.0/lib/opensc-pkcs11.so'
Aug 26 10:00:36: PKCS#11: pkcs11h_addProvider entry version='1.11', pid=3456, reference='/Library/OpenSC-14.0/lib/opensc-pkcs11.so', provider_location='/Library/OpenSC-14.0/lib/opensc-pkcs11.so', allow_protected_auth=0, mask_private_mode=00000000, cert_is_private=0
Aug 26 10:00:36: PKCS#11: Adding provider '/Library/OpenSC-14.0/lib/opensc-pkcs11.so'-'/Library/OpenSC-14.0/lib/opensc-pkcs11.so'
What’s strange is that I can definitely establish a connection using your Openvpn binary and this OpenSC library from the command line !
EDIT: Like hamidp I don’t mind running some tests/debug version on my system if you need it.
If you receive an error message stating that Viscosity’s helper tool was unable to be installed/updated under Yosemite please restart your computer or uninstall the old helper tool like so:
You can subscribe to this topic by clicking on the “Subscribe topic” link at the bottom of the page to receive email notifications of new beta versions.
dirkx’s post above details what is going on, and a probable solution. Unfortunately it’s up to OpenSC to fix/workaround this issue (assuming it doesn’t turn out to be a bug in Yosemite’s PCSC implementation).
The reason why it’s working for detecting certificates from inside the editor (and when you’re kicking off OpenVPN manually from the Terminal) is that it’s running in your local user environment. For an actual connection Viscosity starts OpenVPN with elevated privileges and a secured environment (hence PKCS#11 providers are loaded in the same environment), and it appears OpenSC is failing under these conditions (as well as under other differing environments, such as via SSH).
On Yosemite Public Beta 2 and with the latest beta of Viscosity.
It looks that DNS settings are not applied for GUI applications. From terminal I’m able to ping names, but I can see DNS lookup errors in log when using for example web browsers. Only after manually configuring DNS resolver to network settings Safari starts to load up websites. This is a new issue with Yosemite, while it worked quite fine on Mavericks.
Thank you for being interested in keeping up with the latest news from us! Please double-check your email address below and then click the Subscribe button.
