Openrct2: Still problems (the guy who couldn't run the game on mac)

Nobody? :(

What version are you using?

OpenRCT2 v.0.0.5-HEAD build b568f00

The latest version of macOS is 10.12 ­— 10.7 is five years old, and very outdated.

What kind of Mac are you using? Most Macs can be upgraded for free all the way to 10.12 through the Mac App Store.

You didn't need to open another issue. The old one is still open and you still haven't answered the most important question:

What model of Mac are you using?

I have a very old macbook and the best that I can do is 10.7 :/

2007 Black Macbook - 2,2 GHz Intel Core 2 Duo - 4 Go 667 MHz DDR2 SDRAM - Intel GMA X3100 144 MB

Hmm, I'm sorry to say, but then you're are stuck on 10.7 -- which is a five year old operating system, unsupported by Apple. I'm guessing the version of OpenSSL used is too old to set up an SSL connection.

You could try compiling your own version of OpenRCT2, but I'm afraid the compilers available on OS X 10.7 are too old to even compile the project successfully.

If you're feeling adventurous, you could install a different operating system on your Macbook, like a Linux distro, or indeed even Windows. At any rate, at this point I would advice against using OS X 10.7 on a daily basis, if only from a security standpoint.

Sorry, didn't mean to close, i misclicked.

@AaronVanGeffen we explicitly have support for OS X all the way back to 10.7, at least from technical side of things, but nobody ever tested it.

@LRFLEW given that our _support_ for OS X 10.7 doesn't really work, should we just drop it and set relevant bits for something that was actually tested working? 10.8? 10.9? I know we started when 10.10 was current, so that one is surely supported.

Oh, that's only for SSL.

@Juloow can you access https://servers.openrct2.website in your browser? State your browser and its version.

@janisozaur Yes I can access the servers page, I use Google Chrome Version 49.0.2623.112 (64-bit)

@Juloow can you post output of this:

$ curl -v "https://servers.openrct2.website"

Use http://hastebin.com/ or some such

I'd thought I go ahead and real quick chime in on this.

10.7 is supported, but as you may have noticed, it really isn't tested. 10.7 is still supported by Apple (barely; they are going to drop support for 10.6 soon if they haven't already, so it may only be a year or so until 10.7 is dropped), so I see no reason to try and stop supporting it ourselves. It sounds like it's mostly working as-is anyways, with one issue with SSL.

the library version of cURL we use with OpenRCT2 uses the system's list of root servers to verify the certificates, so It's possible that the list that comes with 10.7 doesn't have the certificate we use. It seems unlikely to me, since you say you can access the site no problem in Chrome, and I think that uses the same system. In addition to the command suggested by @janisozaur, I'd try opening the link in whatever version of Safari you have installed. That should be using the same list as well. I know of a way to whitelist certificates, so if it turns out that is the problem, I can help you get it working.

Actually, scratch that. I did some research, and found that the system I was talking about wasn't being used by cURL until 10.9. This means that it is still using some sort of curl-ca-bundle.crt file (though probably a different name) somewhere on the system. It's likely that it's that file that's out of date. I'm trying to google the problem, but I'm having trouble finding information about 10.7.

EDIT: Found a possible solution. However, I can't tell if it's even worth writing up an explanation without first seeing the result of the command @janisozaur recommended. @Juloow Once you provide us with the output from that command, I can figure out if it's worth attempting the possible fix I found.

EDIT2: While you're at it, the information in curl --version could help as well, as it provides the SSL backend (from what I'm seeing).

Sorry, I'm really a noob, I don't know how to do that command..

Open the 'Terminal' app to run it. You can find it in the Utilities folder from launchpad, or through Spotlight.

I don't know if I did it right ..

MacBook-de-utilisateur-mac:~ utilisateurmac$ $ curl -v "https://servers.openrct2.website"
-bash: $: command not found
MacBook-de-utilisateur-mac:~ utilisateurmac$

^^'

@Juloow $ means prompt itself, so you should only run curl -v "https://servers.openrct2.website"

MacBook-de-utilisateur-mac:~ utilisateurmac$ curl -v "https://servers.openrct2.website"

• About to connect() to servers.openrct2.website port 443 (#0)
• Trying 104.27.163.131... connected
• Connected to servers.openrct2.website (104.27.163.131) port 443 (#0)
• SSLv3, TLS handshake, Client hello (1):
• error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure
• Closing connection #0
  curl: (35) error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure
  MacBook-de-utilisateur-mac:~ utilisateurmac$

error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure

Oh no. I think I know what that means. Unfortunately, it's not the problem with the simple solution.

I did some testing locally with OpenSSL and found that the master server apparently has some significant security restrictions about what it allows in terms of cyphers and protocols. The server is definitely denying SSL3 connections (which are considered insecure), and I have reason to believe it doesn't allow certain algorithms as well (though that was harder to test). This isn't generally much of an issue because it does seem to accept a lot, but remember just how old the version of OpenSSL that comes with macOS is.

If anybody remembers the discussion from #3699, you'll remember that the version of OpenSSL that comes with macOS is 0.9.8zh, and has been that way for a long time. The reason it's stuck on an old version is that the API changed dramatically since then, and applications had been using it directly (which is now deprecated), so upgrading it could break people's applications. However, 0.9.8 of OpenSSL is being used by the system-installed version of libCURL in 10.7 and 10.8, which means it's limited by its limitations. OpenSSL 0.9.8 appears to support TLS 1.0 (but not 1.1 or 1.2) so it's barely fine there, but it appears to support a much smaller range of cyphers, and the server immediately rejects it when it sends it list of supported cyphers.

There are a few ways of approaching this problem, but there's not going to be a simple solution. I'll see if I can get a build up here soon with a build of libCURL that uses the OS's SSL implementation (Secure Transport). It appears that 10.7's version is in a similar situation as OpenSSL, supporting up to TLS 1.0, but not 1.1 or 1.2 (10.8 appears to have been the one to update that), so I don't know if it will work. I'll discuss the options for this with the team. I personally don't want to remove support for 10.7, especially since it's just this one thing that doesn't work right.

EDIT: Well, apparently you can't build libCURL with both 10.7 support and using Secure Transport. There goes that option.

Everything works extremely fine except multiplayer. :(
Hopefully I can still play it on my PC but I would have loved to run it on my mac.
My english is not very good, I didn't understand everything but I hope there will be a solution. :'(

I think I may have found a solution. @Juloow Please perform the following steps, and let me know if it fixes the issue:

Go to the folder ~/Library/Application Support/OpenRCT2 (easiest way is to go to Finder, and use the Go -> Go To Folder... option. Second easiest is to use the Terminal command open ~/Library/Application\ Support/OpenRCT2)
Open the config.ini file. You should have TextEdit to open it with, as it comes with the OS, but any other plain-text editor would work too if you have one.
Find the line that reads master_server_url = ""
Replace that line with master_server_url = "http://servers.openrct2.website"
Save the config.ini file (in the same place as you opened it)
Open OpenRCT2 again and see if you can fetch the server list.
Let me know if that works for you.

Didn't work :(

Yeah, I deleted that comment because I realized after posting it that it wasn't going to work.

Can you do me a favor and test the direct connection feature. It's likely that the multiplayer works just fine, and it's just getting the server list that isn't working.

Yeah, how do I do?

You need to find someone with a server and ask him/her for the IP address.

@LRFLEW I tried it and it doesn't work:

It worked correctly. You're using an ancient version of the client.

It finally works using that method! Thanks to @LRFLEW and everybody. And sorry for my noobiness.

Good to hear!

I will close this since the problem is solved now.