By now, most software development teams have discontinued support for 10.5. Getting an updated browser on an Intel Mac with 10.5 Leopard is difficult, since you cannot get to many websites due to SSL errors. You cannot even get to brew.sh to download brew and try to compile your own browser (brew install –build-from-source firefox)! Additionally, curl will not accept the pem file from the SSL warning tips page (http://curl.haxx.se/docs/sslcerts.html) shown by the curl command that would install brew. This article covers all of the roadblocks you will hit. Getting TenFourFox (via another computer as shown below) is rather easy, but working around or solving the overall certificate issue (and installing brew) is very difficult to impossible. Getting Developer Tools is not difficult (see last section, “Getting Xcode and Xcode Developer Tools“). As for browser updates, the best possible outcome may be creating a .command script that can update TenFourFox by downloading and compiling the source. If you just want a one-time browser update, scroll down to the “Getting TenFourFox on Intel” section further down.
Initial Roadblocks
If you want to install brew such as to install a browser other than that Intel build of TenFourFox, there are some things you have to overcome. I’ll include all the errors you may see in this section, so people with the problem can find this page.
You may have deleted your expired certificates as a quick fix, but you will still have an unsafe, severely outdated browser (the video below is by Gandi.net on YouTube):
The steps below assume you haven’t done that, but still will work (fewer steps may be required if you did that).
Even if you manage to download cacert.pem fromhttps://curl.haxx.se/docs/caextract.html, it is in the wrong format for 10.5 (won’t import with keychain or curl):
Trying to double-click the pem file (to open it with keychain) results in the following error: “An error has occurred. Unable to import an item. The contents of this item cannot be retrieved.”
If you try to force curl to use the pem file, it doesn’t work since it only accepts crt files:
/usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install --cacert ~/Downloads/cacert.pem)"
results in:
curl: (60) SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed More details here: http://curl.haxx.se/docs/sslcerts.html
curl performs SSL certificate verification by default, using a "bundle" of Certificate Authority (CA) public keys (CA certs). The default bundle is named curl-ca-bundle.crt; you can specify an alternate file using the --cacert option. If this HTTPS server uses a certificate signed by a CA represented in the bundle, the certificate verification probably failed due to a problem with the certificate (it might be expired, or the name might not match the domain name in the URL). If you'd like to turn off curl's verification of the certificate, use the -k (or --insecure) option.
…and you can’t use curl to get certs because you don’t have certs:
curl --remote-name --time-cond cacert.pem https://curl.haxx.se/ca/cacert.pems
results in:
Warning: Illegal date format for -z/--timecond (and not a file name). Warning: Disabling time condition. See curl_getdate(3) for valid date syntax.
curl: (35) error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version
The –insecure option, or converting the pem to a crt for use by curl, doesn’t work either (see “Installing the GlobalSign Root CA” section further down).
…and you can’t download https://raw.githubusercontent.com/curl/curl/master/lib/mk-ca-bundle.pl with curl because you don’t have certs.
…and if you could download open it in the intel build of TenFourFox and do File, Save Page As, and run it from Terminal:
cd ~ && chmod +x ./Downloads/mk-ca-bundle.pl && ./Downloads/mk-ca-bundle.pl
results in:
SHA256 of old file: 0 Downloading certdata.txt ... Get certdata with curl! curl: option --proto: is unknown curl: try 'curl --help' or 'curl --manual' for more information Failed downloading via HTTPS with curl Falling back to HTTP URLs other than HTTPS are disabled by default, to enable use -k
…and if you don’t have Xcode, you can’t bundle your own using mk-ca-bundle because you can’t get that command from macports because Xcode is required to install macports.
Getting TenFourFox on Intel
A special user-contributed Intel build of TenFourFox can be used on an Intel Mac with OS X 10.5 (Leopard). You can install TenFourFox and also use it as a springboard to get more tools and browsers, since it will allow you to get to brew.sh and other sites that Safari (or Firefox 14, also dangerously outdated, which also works on 10.5) will not open due to certificate errors.
Get TenFourFox Intel on a different computer, then upload it to your Google Drive or somewhere else if you’re using a mobile device, or use a flash drive to transfer it.
Getting Xcode and Xcode Developer Tools
If you have developer tools installed, you can also use macports to build TenFourFox on your Intel mac. However, macports requires Developer Tools. If you do not have Developer Tools, you can use your Apple ID to login and download it: You need Xcode 3.0 from the Apple developer website.
Download & open the dmg file (opening it will mount the disk image, showing the contents in Finder). The file may be hidden behind your browser (Click the Finder face icon, usually the first icon on the dock, to see the mounted disk image window so you can see the packages). Double-click XcodeTools.mpkg (macports says to make sure that during install you check the box for “UNIX Development”, “System Tools”, “Command Line Tools”, or “Command Line Support”, but that was already checked for me in “Customize”–the option is called UNIX Development in the case of Xcode 3.0). If you lose the install window and it is still installing, you can click the silver hard drive icon with a down arrow, usually the last icon in the dock.
Using a similar process as above you can download and install Xcode 3.1.x Developer Tools or other version which says it will work on 10.5), also from the Apple developer website (see also http://tenfourfox.blogspot.com/2018/10/its-baaaaa-aaack-tenfourfox-intel.html), but you have to install Xcode 3.0 as described above first.
After doing the steps above to install Xcode 3.0, and Xcode 3.1.3 Developer Tools, macports can be installed successfully.
Then you can do: sudo port install curl-ca-bundle (if it says, “sudo: port: command not found,” make sure you do Terminal, Quit Terminal after installing macports, then try again)
You still can’t install Homebrew:
/usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"
results in:
curl: (60) SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed More details here: http://curl.haxx.se/docs/sslcerts.html
curl performs SSL certificate verification by default, using a "bundle" of Certificate Authority (CA) public keys (CA certs). The default bundle is named curl-ca-bundle.crt; you can specify an alternate file using the --cacert option. If this HTTPS server uses a certificate signed by a CA represented in the bundle, the certificate verification probably failed due to a problem with the certificate (it might be expired, or the name might not match the domain name in the URL). If you'd like to turn off curl's verification of the certificate, use the -k (or --insecure) option.
Installing brew didn’t work, and I didn’t think compiling TenFourFox was worth the trouble. I’ll update this article if anything changes, but I don’t have an Intel mac with 10.5 Leopard computer to continue this test. Donated macs are welcome (if say, you give up on yours, I’ll do these steps for free if you provide return shipping, and I’ll also try to finish getting an automatic update working via compiling from the web, and mail it back to you).
Building TenFourFox on Intel is not supported, but the steps above may help you get to where you can compile TenFourFox, which seems the only way to get further updates beyond the user-contributed Intel Leopard build.
Installing the GlobalSign Root CA
Installing the GlobalSign Root CA didn’t help much for me, but it is possible to do and may solve certain problems. Comment below if you know any benefits to doing this, or if you know why it didn’t help with the issues above.
You can use the openssl command in Terminal to convert the pem file (downloaded using the instructions in the “Initial Roadblocks” section above) to a crt file:
openssl x509 -outform der -in ~/Downloads/cacert.pem -out ~/Downloads/cacert.crt
Open your downloads folder and double-click cacert.crt and you should now have the GlobalSign Root CA:
Safari still will not load brew.sh:
‘Safari can’t open the page. Safari can’t open the page “https://brew.sh/” because Safari can’t establish a secure connection to the server “brew.sh”.’
If you try to force curl to use your crt file that you converted from the pem file using the instructions above, it still doesn’t work:
/usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install --cacert ~/Downloads/cacert.crt)"
results in:
"curl: (77) error setting certificate verify locations:
CAfile: /Users/JLO/Downloads/cacert.crt
CApath: none"
In case you were wondering, the –insecure option mentioned by the error in the “Initial Roadblocks” section above doesn’t help either:
/usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install --insecure)"
results in:
-e:222: syntax error, unexpected '.', expecting $end
.map { |d| File.join(HOMEBREW_PREFIX, d) }
^
This seems to indicate that the version of ruby in 10.5.8 is too old to parse the syntax in the Homebrew installer.
/usr/bin/ruby --version
says:
ruby 1.8.6 (2009-06-08 patchlevel 369) [universal-darwin9.0]
If you know how to get further, let me know in the comments below. TenFourFox “Feature Parity Release 10” is the latest user-contributed Intel build as of February 2019.
You could try building TenFourFox to get a newer version: https://github.com/classilla/tenfourfox/wiki/HowToBuild38