Paul Haddad
Grabbed a new Mac App Store receipt. They are back to using SHA1 and it now has an expiration date in 2023.pic.twitter.com/HgenGzPLaB
-
@mjtsai Looks like no and you’re right, it’s not an issue if you don’t check the validity period at all.
Matt Stevens
Michael Tsai
@mjtsai I was wrong, after testing that code will verify the chain against the current time unless otherwise configured.
-
-
@mattstevens@mjtsai at any rate, that doesn't explain the "damaged" dialog since there the app hasn't run at all. It would affect exit(163) -
@mattstevens@mjtsai oops, exit(173), of course. -
@rbrockerhoff@mjtsai Definitely multiple factors and that one is all Apple. I did see 173 logs in console for “damaged” apps though. -
@rbrockerhoff@mjtsai But finding the path that actually triggers “damaged” requires more framework spelunking than I really care to do. -
@mattstevens@mjtsai in my experience, 'damaged' is triggered by a MAS app without a receipt, or corruption in the receipt or app signature. -
@rbrockerhoff@mjtsai You wouldn’t think rebooting / killing storeagentd would fix it then though. -
@mattstevens@mjtsai well, if that's really checked by storeagentd (not sure) and it had suffered some heap corruption…
-
-
-
@mattstevens curious: how to you tell PKCS7_verify() to check (or not) the creation date? Can't find that in the docs :-( -
@rbrockerhoff Through the X509_STORE’s verification parameters: https://gist.github.com/mattstevens/fa099d99f2fa7247c65e … -
@mattstevens great, thanks a lot. Will try to implement that now. -
@mattstevens OK, my version of OpenSSL doesn't have X509_V_FLAG_NO_CHECK_TIME yet, but no problem; it works now. Thanks again!
-
Rainer Brockerhoff
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.