Safari 7.0 in Mavericks Cannot Load iBooks Store, Twitter.com, PayPal.com
Posted October 23rd, 2013 @ 08:36pm by Erik J. Barzeski
So I've got this unusual problem. Safari on my Mac Pro will not load twitter.com (or twitter.com/iacas, or any other twitter.com URL).
- It's not the computer (and a messed up Hosts file or something), because other browsers work.
- It's not the installation of Safari or the OS, because a guest user account can access twitter.com.
- It's not the contents of ~/Library/Safari/ because I deleted it and Safari still couldn't visit the site.
- I also fully "Reset" Safari, repaired permissions, and restarted the computer.
- My keychains are fine. Keychain First Aid" is fine.
What can I try next?
2013-10-24 Update: I also cannot load PayPal or, seemingly, any secure site. I've moved the contents of my ~/.ssh folder. I've deleted com.apple.security* from my ~/Library/Preferences/. I've turned on and off the Firewall. Other browsers and other users on the same machine continue to work fine. I can access my online banking, which uses https of course.
- Changing the MTU didn't work (I don't have Rapport).
- Parental controls are not enabled. I've
chown -R iacasmy ~/Library folder. - Safari in Recovery mode (cmd-R at boot up) works fine.
- Trashing my entire ~/Library does NOT fix the problem (I did so on a duplicate startup drive). I even logged out and back in when trying this.
Donate Life
Posted 24 Oct 2013 at 11:25am #
PayPal and Twitter both have SSL certificates issued by Verisign, and signed by the VeriSign Class 3 Extended Validation SSL CA (the chain also includes the VeriSign Class 3 Public Primary Certification Authority - G5). Maybe the System Roots keychain has one or both of those VeriSign CA certificates marked as revoked, invalidated, or otherwise untrusted?
Posted 24 Oct 2013 at 1:19pm #
[quote comment="81531"]PayPal and Twitter both have SSL certificates issued by Verisign, and signed by the VeriSign Class 3 Extended Validation SSL CA (the chain also includes the VeriSign Class 3 Public Primary Certification Authority - G5). Maybe the System Roots keychain has one or both of those VeriSign CA certificates marked as revoked, invalidated, or otherwise untrusted?[/quote]
This would indicate that the certificates are okay, correct? http://cl.ly/image/3z0e3w0t3h2J They're all marked as trusted or valid.
Also, I added a bit to the post above in the second unordered list.
Posted 24 Oct 2013 at 1:33pm #
That's the place I was thinking, but you're right, it looks like that's not the problem.
Posted 24 Oct 2013 at 1:59pm #
Thanks Paul. Any other ideas?
This is frustrating. I feel I've done just about everything I can do.
Posted 24 Oct 2013 at 2:40pm #
I almost had a theory about a rogue OpenSSL installation on your user account, but that wouldn't explain why other browsers are unaffected. Given that the problem persisted when you deleted ~/Library, you've ruled out Safari Extensions installed in your user account, as well as most of the fixes that came out when Lion started breaking in a similar way back at the beginning of 10.7.2 (most of the examples I've seen in searches this afternoon were due to a captive portal and/or an ISP that redirected nonexistent hostnames to their own search site).
The only idea I have left is that maybe there's something in your ~/.profile that's somehow only affecting Safari. It's a shot in the dark, but only takes a minute or so to check (rename file, log out/in, test). Beyond that, I haven't a clue, and if it were happening to me I might be tempted to just format & reinstall, or create a new user account and switch to it.
Posted 24 Oct 2013 at 3:32pm #
[quote comment="81538"]The only idea I have left is that maybe there's something in your ~/.profile that's somehow only affecting Safari. It's a shot in the dark, but only takes a minute or so to check (rename file, log out/in, test). Beyond that, I haven't a clue, and if it were happening to me I might be tempted to just format & reinstall, or create a new user account and switch to it.[/quote]
I deleted my entire library AND all of the hidden files in my home directory, and logged out and back in, and was still unable to get this to work.
I'm not going to format and reinstall. Far too much work, and because it's clearly something in my user account (all other users work, and when I boot from my nightly backed up hard disk, it too fails), copying the data back will likely produce issues again.
Creating another user sounds like a tremendous pain in the ass. Plus, I have the username I like right now. 🙂
Screenshot of Network Requests in the Error Console: http://cl.ly/image/443g3a1p3200 .
Keychain First Aid screenshot (no problems): http://cl.ly/image/1f0U1T2g3H0a .
Posted 24 Oct 2013 at 10:16pm #
This is an interesting one. Everything I would have guessed initially, Paul has already suggested.
The ocspd (daemon that fetches and caches Certificate Revocation Lists (CRLs) and Online Certificate Status Protocol (OCSP) responses) may have a corrupted database. Try removing these files and rebooting.
/private/var/db/crls/crlcache.db
/private/var/db/crls/ocspcache.db
You might try temporarily disabling using OCSP and CRL in Keychain -> Preferences -> Certificates. Change both the combo boxes to off (this probably won't require a reboot either, but if it doesn't work immediately, then reboot).
Posted 25 Oct 2013 at 9:31am #
[quote comment="81544"]Try removing these files and rebooting.
/private/var/db/crls/crlcache.db
/private/var/db/crls/ocspcache.db[/quote]
I deleted the entire crls directory but didn't reboot. (FWIW I still had the errors). I'll reboot later.
I'll also try disabling OCSP and CRL. Turning those off without rebooting (but re-launching Safari) resulted in errors as well.
Remember, too, that other browsers work on the same computer. Chrome and Firefox don't have any issues. Safari under another user doesn't have issues. So it seems unlikely to be something system-wide.
Edit: Rebooted and… nope. No change. Still fails.
Posted 25 Oct 2013 at 9:32am #
Well maybe it's time to try the new devtools shipping with firefox.
Posted 25 Oct 2013 at 9:48am #
[quote comment="81559"]Well maybe it's time to try the new devtools shipping with firefox.[/quote]
Firefox sucks. 🙂 No thanks.
(But seriously, no, I won't be switching to Firefox. It's never felt very good. I won't be switching to Chrome either, because of Google.)
Posted 25 Oct 2013 at 12:23pm #
[quote comment="81558"][quote comment="81544"]
Remember, too, that other browsers work on the same computer. Chrome and Firefox don't have any issues. Safari under another user doesn't have issues. So it seems unlikely to be something system-wide.
Edit: Rebooted and… nope. No change. Still fails.[/quote]
Firefox is mostly self contained and doesn't use many of the system services. Chrome, less so than Firefox, I think it at least uses Keychain but I wasn't sure about the ocspd service.
Looks like you're not the only one with this problem.
Posted 25 Oct 2013 at 3:38pm #
[quote comment="81564"]Looks like you're not the only one with this problem.[/quote]
Good (the more people that have this problem the better as far as solving it goes).
I too cannot connect to the iBooks Store! That's a plus, and a new thing. I'll edit the title of this post to reflect that.
http://cl.ly/image/3Q0T04353m0C
Posted 26 Oct 2013 at 11:19pm #
Reinstalling the OS didn't work (over top of the existing one). I also passed on the dialog box to install Java and got the version from the App Store app (probably the same exact bits). No change. Safari still errors out, iBooks Store still cannot be reached.
Posted 27 Oct 2013 at 12:15pm #
10/27/2013 12:12:30.058 pm bookstoreagent[2612]: NSURLConnection/CFURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9813)I was getting one of those per second in Console until I killed bookstore agent.
Additionally, clicking the magnifying glass in Safari's downloads list to show a download in the Finder fails in my user account, but works in a guest user account. Nothing appears in the console when I try to do this. The Finder comes forward but nothing else happens.
I was using the Safari 6.1 betas on Mountain Lion, but I don't think that's related.
Posted 27 Oct 2013 at 12:53pm #
[…] I'm still working on the problems explained in this post: Safari 7.0 in Mavericks Cannot Load iBooks Store, Twitter.com, PayPal.com. […]
Posted 12 Nov 2013 at 4:37pm #
There is a solution for the iBookstore-problem here: https://discussions.apple.com/message/23759965?ac_cid=tw123456#23759965
Posted 12 Nov 2013 at 6:58pm #
[quote comment="82025"]There is a solution for the iBookstore-problem here: https://discussions.apple.com/message/23759965?ac_cid=tw123456#23759965%5B/quote%5D
Yes, thank you. You'll notice that I posted the solution seven or eight posts earlier in that same thread. I made note of this in the follow-up post here on my blog.
Posted 09 Feb 2014 at 4:18pm #
I'm having the same problems can't load Twitter or Paypal no matter how I do it - tho sharpened ever since I updated software to Mavericks OS X 10.9.1 (13B42) ....
Posted 27 Feb 2014 at 6:43pm #
Same problem her with twitter.com and safari. Anyone?
Posted 27 Feb 2014 at 10:07pm #
[quote comment="91898"]Same problem her with twitter.com and safari. Anyone?[/quote]
Did you read this page: nslog.com/2013/10/27/ still_attempting_to_fix_safari_ibooks_store_in_mavericks ?
Posted 28 Feb 2014 at 4:05am #
Yes but what is solution?
Posted 28 Feb 2014 at 9:20am #
[quote comment="91911"]Yes but what is solution?[/quote]
Read this comment (currently the last one on the page) for the solution.
Basically: