With the introduction of Catalina version a year ago I started experiencing some new issues on my MacBook laptop when working with my existing instances of SAP HANA, express edition. These issues were consequences of the OS changes in the security area to protect casual users.
I see other users running into similar issues, so I would like to share with fixes I am using. If you have other tips, then please let me know in the comments!
In Chromium-based web browsers (like Vivaldi, Brave, Chrome...)
The SAP HANA, express edition, is using self-signed certificate, but up to macOS 10.14 the page would be
The reason for this behavior on macOS are the new security requirements for TLS server certificates in macOS 10.15: https://support.apple.com/en-us/HT210176
The solution might be to move to another browser, like Firefox, where you still can get a link to accept the risk and to move on.
But if you do not want to switch a browser and feel geeky (plus know what you are doing!), then there is a
The current sequence is
Please note that:
If you download an executable file from the Internet using a web browser, then you may run into that message trying to run it: "... cannot be opened because the developer cannot be verified. macOS cannot verify that this app is free from malware."
It happens e.g. when downloading SAP HANA Client install from https://tools.hana.ondemand.com/#hanatools.
This happens because the macOS adds an extended attribute
You can spot files with extended attributes by
If you trust the files you downloaded, then the quarantine tag can be removed using
These extra attributes are not assigned when downloading files using e.g.
Please note that:
Since Catalina was released, different Python programs have been crashing with "Abort trap: 6" if there programs use encrypted communication.
Detailed stack would mention:
I did not find the single comprehensive explanation. I relied on this one: https://bugs.python.org/issue38814#msg356779.
There were many different solutions proposed involving manual re-links. The one I found working for me was:
Obviously you can skip openSSL installation, if it is already available in your OS.
...if ran into any of these issues.
And if you have any further details or different solutions, then please share them in the comments.
Stay healthy ❤️
-Vitaliy (aka @Sygyzmundovych)
I see other users running into similar issues, so I would like to share with fixes I am using. If you have other tips, then please let me know in the comments!
NET::ERR_CERT_INVALID in Chromium-based web browsers
In Chromium-based web browsers (like Vivaldi, Brave, Chrome...)
NET::ERR_CERT_INVALID is displayed, when opening any SAP HANA web application, like https://hxehost:39030.The SAP HANA, express edition, is using self-signed certificate, but up to macOS 10.14 the page would be
NET::ERR_CERT_AUTHORITY_INVALID. On Windows these web browsers still show NET::ERR_CERT_AUTHORITY_INVALID and you can see the link that allows you to accept the risk and to proceed to the page.The reason for this behavior on macOS are the new security requirements for TLS server certificates in macOS 10.15: https://support.apple.com/en-us/HT210176
The solution might be to move to another browser, like Firefox, where you still can get a link to accept the risk and to move on.
But if you do not want to switch a browser and feel geeky (plus know what you are doing!), then there is a
BYPASS_SEQUENCE built-in into the Chromium. This allows certificate errors "to be skippped by typing a secret phrase into the page.": https://chromium.googlesource.com/chromium/src/+/refs/heads/master/components/security_interstitials...The current sequence is
dGhpc2lzdW5zYWZl, which is Base64 decoded. After encoding it says thisisunsafe. And this is what you need to type on the keyboard to get pass the certificate error message in the browser.Please note that:
- this bypass sequence is changing between different versions of Chromium, and
- with great power comes great responsibility!
“file” cannot be opened because the developer cannot be verified
If you download an executable file from the Internet using a web browser, then you may run into that message trying to run it: "... cannot be opened because the developer cannot be verified. macOS cannot verify that this app is free from malware."
It happens e.g. when downloading SAP HANA Client install from https://tools.hana.ondemand.com/#hanatools.
This happens because the macOS adds an extended attribute
com.apple.quarantine to files.You can spot files with extended attributes by
@ character that follows permission flags when using ls -l. You can see these extended attributes using ls -l@.If you trust the files you downloaded, then the quarantine tag can be removed using
xattr -d command, likexattr -d com.apple.quarantine hanaclient-latest-macosx-x64.tar.gzThese extra attributes are not assigned when downloading files using e.g.
curl, like:curl "https://tools.hana.ondemand.com/additional/hanaclient-latest-macosx-x64.tar.gz" \
--output "hanaclient-latest-macosx-x64.tar.gz" \
--header "Cookie: eula_3_1_agreed=tools.hana.ondemand.com/developer-license-3_1.txt"Please note that:
- by using command line tool this way you agree to the SAP Developer License Agreement: https://tools.hana.ondemand.com/developer-license-3_1.txt.
"Abort trap: 6", or "Invalid dylib load"
Since Catalina was released, different Python programs have been crashing with "Abort trap: 6" if there programs use encrypted communication.
Detailed stack would mention:
Invalid dylib load. Clients should not load the unversioned libcrypto dylib as it does not have a stable ABI.I did not find the single comprehensive explanation. I relied on this one: https://bugs.python.org/issue38814#msg356779.
There were many different solutions proposed involving manual re-links. The one I found working for me was:
brew install openssl
export DYLD_FALLBACK_LIBRARY_PATH=/usr/local/opt/openssl/libObviously you can skip openSSL installation, if it is already available in your OS.
I hope you find these fixes helpful...
...if ran into any of these issues.
And if you have any further details or different solutions, then please share them in the comments.
Stay healthy ❤️
-Vitaliy (aka @Sygyzmundovych)
- SAP Managed Tags:
5 Comments
