Subscribe to
Posts
Comments
NSLog(); Header Image

Safari 7.0 in Mavericks Cannot Load iBooks Store, Twitter.com, PayPal.com

So I've got this unusual problem. Safari on my Mac Pro will not load twitter.com (or twitter.com/iacas, or any other twitter.com URL).

Twitter, Safari, and Mavericks

  • It's not the computer (and a messed up Hosts file or something), because other browsers work.
  • It's not the installation of Safari or the OS, because a guest user account can access twitter.com.
  • It's not the contents of ~/Library/Safari/ because I deleted it and Safari still couldn't visit the site.
  • I also fully "Reset" Safari, repaired permissions, and restarted the computer.
  • My keychains are fine. Keychain First Aid" is fine.

What can I try next?

2013-10-24 Update: I also cannot load PayPal or, seemingly, any secure site. I've moved the contents of my ~/.ssh folder. I've deleted com.apple.security* from my ~/Library/Preferences/. I've turned on and off the Firewall. Other browsers and other users on the same machine continue to work fine. I can access my online banking, which uses https of course.

  • Changing the MTU didn't work (I don't have Rapport).
  • Parental controls are not enabled. I've chown -R iacas my ~/Library folder.
  • Safari in Recovery mode (cmd-R at boot up) works fine.
  • Trashing my entire ~/Library does NOT fix the problem (I did so on a duplicate startup drive). I even logged out and back in when trying this.

22 Responses to "Safari 7.0 in Mavericks Cannot Load iBooks Store, Twitter.com, PayPal.com"

  1. PayPal and Twitter both have SSL certificates issued by Verisign, and signed by the VeriSign Class 3 Extended Validation SSL CA (the chain also includes the VeriSign Class 3 Public Primary Certification Authority - G5). Maybe the System Roots keychain has one or both of those VeriSign CA certificates marked as revoked, invalidated, or otherwise untrusted?

    1. Paul said on October 24, 2013:

      PayPal and Twitter both have SSL certificates issued by Verisign, and signed by the VeriSign Class 3 Extended Validation SSL CA (the chain also includes the VeriSign Class 3 Public Primary Certification Authority - G5). Maybe the System Roots keychain has one or both of those VeriSign CA certificates marked as revoked, invalidated, or otherwise untrusted?

      This would indicate that the certificates are okay, correct? http://cl.ly/image/3z0e3w0t3h2J They're all marked as trusted or valid.

      Also, I added a bit to the post above in the second unordered list.

  2. That's the place I was thinking, but you're right, it looks like that's not the problem.

  3. Thanks Paul. Any other ideas?

    This is frustrating. I feel I've done just about everything I can do.

  4. I almost had a theory about a rogue OpenSSL installation on your user account, but that wouldn't explain why other browsers are unaffected. Given that the problem persisted when you deleted ~/Library, you've ruled out Safari Extensions installed in your user account, as well as most of the fixes that came out when Lion started breaking in a similar way back at the beginning of 10.7.2 (most of the examples I've seen in searches this afternoon were due to a captive portal and/or an ISP that redirected nonexistent hostnames to their own search site).

    The only idea I have left is that maybe there's something in your ~/.profile that's somehow only affecting Safari. It's a shot in the dark, but only takes a minute or so to check (rename file, log out/in, test). Beyond that, I haven't a clue, and if it were happening to me I might be tempted to just format & reinstall, or create a new user account and switch to it.

    1. Paul said on October 24, 2013:

      The only idea I have left is that maybe there's something in your ~/.profile that's somehow only affecting Safari. It's a shot in the dark, but only takes a minute or so to check (rename file, log out/in, test). Beyond that, I haven't a clue, and if it were happening to me I might be tempted to just format & reinstall, or create a new user account and switch to it.

      I deleted my entire library AND all of the hidden files in my home directory, and logged out and back in, and was still unable to get this to work.

      I'm not going to format and reinstall. Far too much work, and because it's clearly something in my user account (all other users work, and when I boot from my nightly backed up hard disk, it too fails), copying the data back will likely produce issues again.

      Creating another user sounds like a tremendous pain in the ass. Plus, I have the username I like right now. 🙂

      Screenshot of Network Requests in the Error Console: http://cl.ly/image/443g3a1p3200 .

      Keychain First Aid screenshot (no problems): http://cl.ly/image/1f0U1T2g3H0a .

  5. This is an interesting one. Everything I would have guessed initially, Paul has already suggested.

    The ocspd (daemon that fetches and caches Certificate Revocation Lists (CRLs) and Online Certificate Status Protocol (OCSP) responses) may have a corrupted database. Try removing these files and rebooting.

    /private/var/db/crls/crlcache.db
    /private/var/db/crls/ocspcache.db

    You might try temporarily disabling using OCSP and CRL in Keychain -> Preferences -> Certificates. Change both the combo boxes to off (this probably won't require a reboot either, but if it doesn't work immediately, then reboot).

    1. Aaron Linville said on October 24, 2013:

      Try removing these files and rebooting.

      /private/var/db/crls/crlcache.db
      /private/var/db/crls/ocspcache.db

      I deleted the entire crls directory but didn't reboot. (FWIW I still had the errors). I'll reboot later.

      I'll also try disabling OCSP and CRL. Turning those off without rebooting (but re-launching Safari) resulted in errors as well.

      Remember, too, that other browsers work on the same computer. Chrome and Firefox don't have any issues. Safari under another user doesn't have issues. So it seems unlikely to be something system-wide.

      Edit: Rebooted and… nope. No change. Still fails.

  6. Well maybe it's time to try the new devtools shipping with firefox.

    1. Ludo said on October 25, 2013:

      Well maybe it's time to try the new devtools shipping with firefox.

      Firefox sucks. 🙂 No thanks.

      (But seriously, no, I won't be switching to Firefox. It's never felt very good. I won't be switching to Chrome either, because of Google.)

  7. Aaron Linville said on October 24, 2013:

    Remember, too, that other browsers work on the same computer. Chrome and Firefox don't have any issues. Safari under another user doesn't have issues. So it seems unlikely to be something system-wide.

    Edit: Rebooted and… nope. No change. Still fails.

    Firefox is mostly self contained and doesn't use many of the system services. Chrome, less so than Firefox, I think it at least uses Keychain but I wasn't sure about the ocspd service.

    Looks like you're not the only one with this problem.

  8. Aaron Linville said on October 25, 2013:

    Looks like you're not the only one with this problem.

    Good (the more people that have this problem the better as far as solving it goes).

    I too cannot connect to the iBooks Store! That's a plus, and a new thing. I'll edit the title of this post to reflect that.

    http://cl.ly/image/3Q0T04353m0C

  9. Reinstalling the OS didn't work (over top of the existing one). I also passed on the dialog box to install Java and got the version from the App Store app (probably the same exact bits). No change. Safari still errors out, iBooks Store still cannot be reached.

  10. 10/27/2013 12:12:30.058 pm bookstoreagent[2612]: NSURLConnection/CFURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9813)

    I was getting one of those per second in Console until I killed bookstore agent.

    Additionally, clicking the magnifying glass in Safari's downloads list to show a download in the Finder fails in my user account, but works in a guest user account. Nothing appears in the console when I try to do this. The Finder comes forward but nothing else happens.

    I was using the Safari 6.1 betas on Mountain Lion, but I don't think that's related.

  11. […] I'm still working on the problems explained in this post: Safari 7.0 in Mavericks Cannot Load iBooks Store, Twitter.com, PayPal.com. […]

  12. There is a solution for the iBookstore-problem here: https://discussions.apple.com/message/23759965?ac_cid=tw123456#23759965

    1. rudlab said on November 12, 2013:

      There is a solution for the iBookstore-problem here: https://discussions.apple.com/message/23759965?ac_cid=tw123456#23759965

      Yes, thank you. You'll notice that I posted the solution seven or eight posts earlier in that same thread. I made note of this in the follow-up post here on my blog.

  13. I'm having the same problems can't load Twitter or Paypal no matter how I do it - tho sharpened ever since I updated software to Mavericks OS X 10.9.1 (13B42) ....

  14. Same problem her with twitter.com and safari. Anyone?

    1. Martijn said on February 27, 2014:

      Same problem her with twitter.com and safari. Anyone?

      Did you read this page: nslog.com/2013/10/27/ still_attempting_to_fix_safari_ibooks_store_in_mavericks ?

  15. Yes but what is solution?

    1. Martijn said on February 28, 2014:

      Yes but what is solution?

      Read this comment (currently the last one on the page) for the solution.

      Basically:

      • "Get Info" on ALL the certificates on my computer in both my "System" and "local" keychains.
      • If they say "Always Trust," change them to "Use System Defaults."

Trackback URI | Comments RSS

Leave a Reply

Please abide by the comment policy. Valid HTML includes: <blockquote><p>, <em>, <strong>, <ul>, <ol>, and <a href>. Please use the "Quote Me" functionality to quote comments.