Page 1 of 1

Viscosity 1.7.15 issue with OpenSC

Posted: Wed May 22, 2019 2:47 am
by pethams
2019-05-21 09:33:13: OpenVPN 2.4.7 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [MH/RECVDA] [AEAD] built on May 21 2019
2019-05-21 09:33:13: library versions: OpenSSL 1.0.2r 26 Feb 2019, LZO 2.10
2019-05-21 09:33:26: PKCS#11: Adding PKCS#11 provider '/Library/OpenSC/lib/'
2019-05-21 09:33:26: PKCS#11: Cannot initialize provider '/Library/OpenSC/lib/' 6-'CKR_FUNCTION_FAILED'

It was working fine untill with 1.7.14 version on Mac 10.14.5. I am pretty sure the new update broke it. Can you provide me the URL to download 1.7.14 till you folks figure out the issue/fix?


Re: Viscosity 1.7.15 issue with OpenSC

Posted: Wed May 22, 2019 6:37 am
by James
Hi pethams,

Thanks for the report.

We've pushed out an updated build of 1.7.15 (build 1488) that resolves the issue. You can automatically update to it immediately by going to Preferences->General and clicking the "Check Now" button.

The issue was caused by the OpenSC PKCS#11 library having no code-signing. Apple is cracking down on their code signing requirements in newer macOS versions, and Viscosity 1.7.15 adopts the latest notarisation requirements. However these restrictions also make it difficult to load unsigned libraries, with macOS's Gatekeeper blocking the OpenSC library from being loaded.

We've added a workaround to the latest build which will allow it to load, however the OpenSC library really needs to be code signed by the developers, as it's likely future versions of macOS will be more restrictive with the code signing and runtime requirements.