- Forum
- Marble Blast Modifications Zone
- Marble Blast Platinum & PlatinumQuest
- For players on a very old macOS (like 10.11 old): Accessing Online
×
Marble Blast Platinum Support
We encourage you first of all to find solutions to your problem in this section's threads. If you do not thus find any solution, please take account of the following:
If you have a problem which prevents you from playing Marble Blast Platinum, please create a new thread on this board with a description of your problem as title. In your post please indicate the computer involved (Mac/PC, operating system).
If in playing Marble Blast Platinum you discover a bug, please post in the Community found Bugs/Mistakes sub-board.
If you need hints for the Marble Blast Platinum game, please post in the Hints, Videos and other Tips sub-board.
We encourage you first of all to find solutions to your problem in this section's threads. If you do not thus find any solution, please take account of the following:
If you have a problem which prevents you from playing Marble Blast Platinum, please create a new thread on this board with a description of your problem as title. In your post please indicate the computer involved (Mac/PC, operating system).
If in playing Marble Blast Platinum you discover a bug, please post in the Community found Bugs/Mistakes sub-board.
If you need hints for the Marble Blast Platinum game, please post in the Hints, Videos and other Tips sub-board.
For players on a very old macOS (like 10.11 old): Accessing Online
- HiGuy
-
Topic Author
- Offline
- Lead Developer
-
- PQ Developer Emeritus
Less
More
09 Apr 2020 04:47 - 02 Dec 2022 08:11 #1
by HiGuy
Ask RandomityGuy about floating point, bonus points if you tell him "x87".
For players on a very old macOS (like 10.11 old): Accessing Online was created by HiGuy
On old versions of macOS, PQ cannot verify the HTTPS/TLS for marbleblast.com because the system's root cert for Cloudflare (who do our TLS) is expired. Basically this means that you cannot play online because the game cannot verify that our server is legit.
If you experience this, you can add the following to the end of platinum/client/mbpPrefs.cs:
This will make your game stop trying to check that marbleblast.com is verified and connect anyway. Note this opens you to man-in-the-middle attacks on your network, but if you're still running macOS 10.9 you've got bigger security problems...
If you experience this, you can add the following to the end of platinum/client/mbpPrefs.cs:
$pref::SSL::VerifyPeer = 0;This will make your game stop trying to check that marbleblast.com is verified and connect anyway. Note this opens you to man-in-the-middle attacks on your network, but if you're still running macOS 10.9 you've got bigger security problems...
Ask RandomityGuy about floating point, bonus points if you tell him "x87".
function clientcmd12dothepq() {
commandToClient(LocalClientConnection, '34onthedancefloor');
}
Last edit: 02 Dec 2022 08:11 by HiGuy. Reason: What year is it
The following user(s) said Thank You: NF, Myrus
Please Log in or Create an account to join the conversation.
- krackers
-
- Offline
- New Marbler
-
Less
More
- Posts: 3
- Thank you received: 0
23 May 2020 07:16 - 31 May 2020 04:44 #2
by krackers
Replied by krackers on topic For players on a very old macOS (like 10.9 old): Accessing Online
I don't think it's a root cert issue per se since Baltimore CyberTrust is indeed present in keychain and works fine in Chrome (which uses the native certs, unlike Firefox which bundles its own). Interestingly though Safari doesn't validate the chain despite the cert appearing to validate fine in the info pane as mentioned in [1]. Native curl doesn't like the chain either.
Aside from your mentioned workaround, you might consider shipping openssl with its own cert bundle and a libcurl built against that.
[1] community.cloudflare.com/t/safari-6-0-3-cant-verify-the-identity-of-the-website-on-https-site-version-but-other-browsers-works-fine/48534
Edit: Chrome seems to have a more robust implementation of certificate verification [2] that also accounts for some flaws in OS X/Security.framework. The only special case for Baltimore certs is about one cross-signed by GTE CyberTrust (which did expire in 2018). Cloudflare only sends up to the ECC CA-3 intermediate though so that issue shouldn't apply (and validation still fails even with GTE deleted), so I'm still not quite sure why curl (and safari) don't validate. Curl & Safari seem to use apple's native secure transport implementation over openssl, so I'm guessing the issue lies somewhere there – looking at curl source as an example, it directly calls into secure transport's SSLHandshake() and relies on the system's cert verification rather than manually verifying the cert chain via the SecTrust* apis as Chrome does.
[2] chromium.googlesource.com/chromium/chromium/+/trunk/net/cert/cert_verify_proc_mac.cc#442
Edit: Oh that chromium source code is long out of date. The newer version of cert verification [3] has a much better comment
Again, none of those conditions seem to apply directly; it'd still be quite interesting to find out why these chains in particular fail.
[3] chromium.googlesource.com/chromium/src/+/master/net/cert/cert_verify_proc_mac.cc
Aside from your mentioned workaround, you might consider shipping openssl with its own cert bundle and a libcurl built against that.
[1] community.cloudflare.com/t/safari-6-0-3-cant-verify-the-identity-of-the-website-on-https-site-version-but-other-browsers-works-fine/48534
Edit: Chrome seems to have a more robust implementation of certificate verification [2] that also accounts for some flaws in OS X/Security.framework. The only special case for Baltimore certs is about one cross-signed by GTE CyberTrust (which did expire in 2018). Cloudflare only sends up to the ECC CA-3 intermediate though so that issue shouldn't apply (and validation still fails even with GTE deleted), so I'm still not quite sure why curl (and safari) don't validate. Curl & Safari seem to use apple's native secure transport implementation over openssl, so I'm guessing the issue lies somewhere there – looking at curl source as an example, it directly calls into secure transport's SSLHandshake() and relies on the system's cert verification rather than manually verifying the cert chain via the SecTrust* apis as Chrome does.
[2] chromium.googlesource.com/chromium/chromium/+/trunk/net/cert/cert_verify_proc_mac.cc#442
Edit: Oh that chromium source code is long out of date. The newer version of cert verification [3] has a much better comment
OS X lacks proper path discovery; it will take the input certs and never
// backtrack the graph attempting to discover valid paths.
// This can create issues in some situations:
// - When OS X changes the trust store, there may be a chain
// A -> B -> C -> D
// where OS X trusts D (on some versions) and trusts C (on some versions).
// If a server supplies a chain A, B, C (cross-signed by D), then this chain
// will successfully validate on systems that trust D, but fail for systems
// that trust C. If the server supplies a chain of A -> B, then it forces
// all clients to fetch C (via AIA) if they trust D, and not all clients
// (notably, Firefox and Android) will do this, thus breaking them.
// An example of this is the Verizon Business Services root - GTE CyberTrust
// and Baltimore CyberTrust roots represent old and new roots that cause
// issues depending on which version of OS X being used.
//
// - A server may be (misconfigured) to send an expired intermediate
// certificate. On platforms with path discovery, the graph traversal
// will back up to immediately before this intermediate, and then
// attempt an AIA fetch or retrieval from local store. However, OS X
// does not do this, and thus prevents access. While this is ostensibly
// a server misconfiguration issue, the fact that it works on other
// platforms is a jarring inconsistency for users.
//
// - When OS X trusts both C and D (simultaneously), it's possible that the
// version of C signed by D is signed using a weak algorithm (e.g. SHA-1),
// while the version of C in the trust store's signature doesn't matter.
// Since a 'strong' chain exists, it would be desirable to prefer this
// chain.
//
// - A variant of the above example, it may be that the version of B sent by
// the server is signed using a weak algorithm, but the version of B
// present in the AIA of A is signed using a strong algorithm. Since a
// 'strong' chain exists, it would be desirable to prefer this chain.
//
// - A user keychain may contain a less desirable intermediate or root.
// OS X gives the user keychains higher priority than the system keychain,
// so it may build a weak chain.
//
// Because of this, the code below first attempts to validate the peer's
// identity using the supplied chain. If it is not trusted (e.g. the OS only
// trusts C, but the version of C signed by D was sent, and D is not trusted),
// or if it contains a weak chain, it will begin lopping off certificates
// from the end of the chain and attempting to verify. If a stronger, trusted
// chain is found, it is used, otherwise, the algorithm continues until only
// the peer's certificate remains.
//
// If the loop does not find a trusted chain, the loop will be repeated with
// the keychain search order altered to give priority to the System Roots
// keychain.
//
// This does cause a performance hit for these users, but only in cases where
// OS X is building weaker chains than desired, or when it would otherwise
// fail the connection.Again, none of those conditions seem to apply directly; it'd still be quite interesting to find out why these chains in particular fail.
[3] chromium.googlesource.com/chromium/src/+/master/net/cert/cert_verify_proc_mac.cc
Last edit: 31 May 2020 04:44 by krackers.
Please Log in or Create an account to join the conversation.
- NF
-
- Offline
- Senior Marbler
-
Less
More
- Posts: 889
- Thank you received: 401
17 Jul 2022 19:42 #3
by NF
Replied by NF on topic For players on a very old macOS (like 10.9 old): Accessing Online
I believe this is now required for any version of macOS before 10.12. I have a 2014 Mac mini running macOS 10.10, and I can't get online in PQ. So I tried this fix, but then when I clicked online the game froze, so even this wouldn't work. Is there any way to fix this or do I have to upgrade to 10.12? I really don't want to do that because that Mac mini is so dumb that it will run incredibly slowly on anything higher than 10.10 (or 10.11 at a stretch).
I mean, the real solution would be to just get a 2018 Mac mini, but that costs money and I don't want to do that. I just want to play PQ online on my Mac mini, since that's where I play MBG right now.
I mean, the real solution would be to just get a 2018 Mac mini, but that costs money and I don't want to do that. I just want to play PQ online on my Mac mini, since that's where I play MBG right now.
Please Log in or Create an account to join the conversation.
- HiGuy
-
Topic Author
- Offline
- Lead Developer
-
- PQ Developer Emeritus
20 Jul 2022 07:49 #4
by HiGuy
Ask RandomityGuy about floating point, bonus points if you tell him "x87".
Replied by HiGuy on topic For players on a very old macOS (like 10.9 old): Accessing Online
That could very well be the case. I can't confirm anything myself as my 10.9 machine was the Thistle server and it's no longer running. If you try opening a terminal and running "curl marbleblast.com" does it print the homepage correctly? That should be a good indicator if curl works, and PQ uses curl to do networking internally.
It could be a different bug since the build process has changed since I was the one uploading versions. I'm not sure if RandomityGuy is targeting 10.7 with the same compiler as I did, so that could have introduced incompatibilities in the process. If you've got an old copy <= 2.4.1, try that and see if it crashes in a similar manner.
It could be a different bug since the build process has changed since I was the one uploading versions. I'm not sure if RandomityGuy is targeting 10.7 with the same compiler as I did, so that could have introduced incompatibilities in the process. If you've got an old copy <= 2.4.1, try that and see if it crashes in a similar manner.
Ask RandomityGuy about floating point, bonus points if you tell him "x87".
function clientcmd12dothepq() {
commandToClient(LocalClientConnection, '34onthedancefloor');
}Please Log in or Create an account to join the conversation.
- NF
-
- Offline
- Senior Marbler
-
Less
More
- Posts: 889
- Thank you received: 401
20 Jul 2022 20:38 #5
by NF
Replied by NF on topic For players on a very old macOS (like 10.9 old): Accessing Online
Running "curl
marbleblast.com
" works properly, but running "curl marbleblast.com" does not. Maybe that has something to do with it.
Pretty sure I'm just going to get a 2018 Mac mini soon anyway, but if that doesn't happen then am I out of luck? I think it did used to work before 2.4.1 though. I can't test it since I don't have an old version, but it was relatively recently that it broke.
Pretty sure I'm just going to get a 2018 Mac mini soon anyway, but if that doesn't happen then am I out of luck? I think it did used to work before 2.4.1 though. I can't test it since I don't have an old version, but it was relatively recently that it broke.
Please Log in or Create an account to join the conversation.
- subtract
-
- Offline
- Novice Marbler
-
Less
More
- Posts: 21
- Thank you received: 2
20 Jul 2022 20:48 #6
by subtract
The thing above is 100% true
Replied by subtract on topic For players on a very old macOS (like 10.9 old): Accessing Online
I could send you my 2.3.34 copy but I’m pretty sure you have to have pq at the latest edition for it to run online functions.
The thing above is 100% true
Please Log in or Create an account to join the conversation.
- NF
-
- Offline
- Senior Marbler
-
Less
More
- Posts: 889
- Thank you received: 401
28 Nov 2022 00:57 - 28 Nov 2022 01:02 #7
by NF
Replied by NF on topic For players on a very old macOS (like 10.9 old): Accessing Online
I guess it didn't display correctly—in Terminal, runningworks properly, but runningdoes not. Also I'm currently typing this on macOS 10.10 on that same Mac mini, with Safari 10.1.2, so this version loads the website just fine but still can't play PQ online? I don't know what that's about, but I hope there's a fix somehow, because playing on WINE is murder (6 FPS on Winterfest levels today), so I'd greatly prefer something to work with the Mac mini.
Furthermore, due to the behavior where the game slows down if the frame rate is below 20 FPS, the multiplayer games I was hosting which were supposed to be only 5 minutes long ended up being 8–9 minutes long because of my low frame rate. To me, that feels like behavior that shouldn't happen.
curl https://marbleblast.comcurl marbleblast.comFurthermore, due to the behavior where the game slows down if the frame rate is below 20 FPS, the multiplayer games I was hosting which were supposed to be only 5 minutes long ended up being 8–9 minutes long because of my low frame rate. To me, that feels like behavior that shouldn't happen.
Last edit: 28 Nov 2022 01:02 by NF. Reason: Added the second paragraph
Please Log in or Create an account to join the conversation.
- HiGuy
-
Topic Author
- Offline
- Lead Developer
-
- PQ Developer Emeritus
30 Nov 2022 07:17 - 30 Nov 2022 07:17 #8
by HiGuy
Ask RandomityGuy about floating point, bonus points if you tell him "x87".
Replied by HiGuy on topic For players on a very old macOS (like 10.9 old): Accessing Online
What version of curl? Try curl --version
Also try curl -v https://marbleblast.com and copy anything that comes before the <!doctype html> etc
If you check the console, do you get any error messages in the form(s):
* Request <number> finished with <success/failure>
* HTTP Response code: <number>
* Error info: Code <number>: <text>
* curl_multi_perform failed (<number>): <text>
* curl_easy_perform failed (<number>): <text>
* Could not download <file>: error opening stream.
Also yes, low framerate leading to longer game is known and expected behavior. Just one of the tradeoffs of limiting the tick rate to _something_ so the physics doesn't break.
Also try curl -v https://marbleblast.com and copy anything that comes before the <!doctype html> etc
If you check the console, do you get any error messages in the form(s):
* Request <number> finished with <success/failure>
* HTTP Response code: <number>
* Error info: Code <number>: <text>
* curl_multi_perform failed (<number>): <text>
* curl_easy_perform failed (<number>): <text>
* Could not download <file>: error opening stream.
Also yes, low framerate leading to longer game is known and expected behavior. Just one of the tradeoffs of limiting the tick rate to _something_ so the physics doesn't break.
Ask RandomityGuy about floating point, bonus points if you tell him "x87".
function clientcmd12dothepq() {
commandToClient(LocalClientConnection, '34onthedancefloor');
}
Last edit: 30 Nov 2022 07:17 by HiGuy. Reason: forums pls stop eating my url scheme
The following user(s) said Thank You: NF
Please Log in or Create an account to join the conversation.
- NF
-
- Offline
- Senior Marbler
-
Less
More
- Posts: 889
- Thank you received: 401
30 Nov 2022 15:12 #9
by NF
Replied by NF on topic For players on a very old macOS (like 10.9 old): Accessing Online
Well for some reason, at least on 10.10, the trick of addingworks now. I don't know why! Also the website loads properly in Safari 10.1.2, with the https and everything, so I wonder why it can't verify the SSL connection in-game anyway. If I can, I'll test it on 10.7–10.9 and we'll see if the same fix works.
I'm using curl version 7.43.0, and I assume there are no error messages in the console because the game is actually connecting now. I guess the next thing to try is to host a dedicated server on this OS and see if it works.
$pref::SSL::VerifyPeer = 0;I'm using curl version 7.43.0, and I assume there are no error messages in the console because the game is actually connecting now. I guess the next thing to try is to host a dedicated server on this OS and see if it works.
Please Log in or Create an account to join the conversation.
- HiGuy
-
Topic Author
- Offline
- Lead Developer
-
- PQ Developer Emeritus
01 Dec 2022 07:27 #10
by HiGuy
Ask RandomityGuy about floating point, bonus points if you tell him "x87".
Replied by HiGuy on topic For players on a very old macOS (like 10.9 old): Accessing Online
Neat that it Just Worked. Maybe the setting just got reset somehow, I wouldn't be surprised. Safari probably gets updated certs from Apple somehow that aren't being stored in a way that libcurl (in PQ) knows about them. I don't know.
Also, dedicated servers use an entirely different system (game servers are UDP and torque's wacky custom netcode, lbs are TCP/HTTPS). The only stuff dedicated servers use curl for is verifying login sessions (which you can turn off btw, $Server::Offline = true; or something). If your port forward works, then hosting should generally Just Work.
Also, dedicated servers use an entirely different system (game servers are UDP and torque's wacky custom netcode, lbs are TCP/HTTPS). The only stuff dedicated servers use curl for is verifying login sessions (which you can turn off btw, $Server::Offline = true; or something). If your port forward works, then hosting should generally Just Work.
Ask RandomityGuy about floating point, bonus points if you tell him "x87".
function clientcmd12dothepq() {
commandToClient(LocalClientConnection, '34onthedancefloor');
}
The following user(s) said Thank You: NF
Please Log in or Create an account to join the conversation.
- NF
-
- Offline
- Senior Marbler
-
Less
More
- Posts: 889
- Thank you received: 401
02 Dec 2022 01:11 - 02 Dec 2022 01:13 #11
by NF
Replied by NF on topic For players on a very old macOS (like 10.9 old): Accessing Online
Well, one thing I did just realize is that the Custom Levels button, and therefore the ability to download and play levels from Marbleland in-game, doesn't work on this old macOS. Unless there's a way to fix it, I guess I'm just going to have to use the dumb WINE version, which gives me 6 FPS when I'm near cannons/scenery, or wait for someone to make a level pack so that I can download it directly from Marbleland.
Also, I recommend you change the title of this topic to "[...] (like 10.11 old) [...]", since 10.12 is the oldest version that can still go online without having to do that fix that you talked about in the first post.
Also, I recommend you change the title of this topic to "[...] (like 10.11 old) [...]", since 10.12 is the oldest version that can still go online without having to do that fix that you talked about in the first post.
Last edit: 02 Dec 2022 01:13 by NF. Reason: Added suggestion for topic title change
Please Log in or Create an account to join the conversation.
- HiGuy
-
Topic Author
- Offline
- Lead Developer
-
- PQ Developer Emeritus
02 Dec 2022 08:10 #12
by HiGuy
Oh whoops i bet the code for that just needs to check the variable. Should be in marbleland.cs somewhere if you're bold enough to go looking. Or ask any of the current dev people, they could find it easily.
And sure I'll change the thread title. It feels weird calling 10.11 old now, even if that was like 7 years ago. I think my mind is permanently stuck in 2017 or something...
Ask RandomityGuy about floating point, bonus points if you tell him "x87".
Replied by HiGuy on topic For players on a very old macOS (like 10.9 old): Accessing Online
NF wrote:
Well, one thing I did just realize is that the Custom Levels button, and therefore the ability to download and play levels from Marbleland in-game, doesn't work on this old macOS
Oh whoops i bet the code for that just needs to check the variable. Should be in marbleland.cs somewhere if you're bold enough to go looking. Or ask any of the current dev people, they could find it easily.
And sure I'll change the thread title. It feels weird calling 10.11 old now, even if that was like 7 years ago. I think my mind is permanently stuck in 2017 or something...
Ask RandomityGuy about floating point, bonus points if you tell him "x87".
function clientcmd12dothepq() {
commandToClient(LocalClientConnection, '34onthedancefloor');
}Please Log in or Create an account to join the conversation.
- NF
-
- Offline
- Senior Marbler
-
Less
More
- Posts: 889
- Thank you received: 401
02 Dec 2022 15:58 #13
by NF
Replied by NF on topic For players on a very old macOS (like 10.11 old): Accessing Online
Maybe it feels weird calling 10.11 old because it has the same UI as 10.15? But for me too—it feels like only yesterday that I was installing the brand new macOS 10.11 on my 2014 Mac mini. Or maybe it's because I jumped straight from 10.4 to 10.10, so 10.10 has always felt "new" to me. I don't know.
I'll ask the dev people about it later today or tomorrow when I have more time. Thanks for all your help though!
I'll ask the dev people about it later today or tomorrow when I have more time. Thanks for all your help though!
Please Log in or Create an account to join the conversation.
Moderators: Doomblah