Paul Haddad
Grabbed a new Mac App Store receipt. They are back to using SHA1 and it now has an expiration date in 2023.pic.twitter.com/HgenGzPLaB
Matt Stevens
@tapbot_paul Wish the creation date field had been documented from the start, we could have avoided the whole thing. https://developer.apple.com/library/mac/releasenotes/General/ValidateAppStoreReceipt/Chapters/ReceiptFields.html#//apple_ref/doc/uid/TP40010573-CH106-DontLinkElementID_1 …
-
-
@mattstevens@tapbot_paul Does that apply to the Mac App Store? It's not mentioned in Apple's sample code. -
@mjtsai@mattstevens two totally diff dates. -
@tapbot_paul@mjtsai It’s like a code signing timestamp. If the signing certificate is trusted, you check if it was valid at signing time. -
@mattstevens So if you don't check it, it won't falsely cause validation to fail? -
@mjtsai You check the creation date (when the cert was used) against the certificate’s validity period, vs checking the current time. -
@mjtsai So if the certificate is trusted and was valid at the time it was used you don’t care if it is expired. -
@mattstevens Right. My question is, does Apple's sample code implicitly use the current date? (Guess: No. So this wouldn't be a problem.) -
@mjtsai Looks like no and you’re right, it’s not an issue if you don’t check the validity period at all. - Show more
-
Michael Tsai
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.