It noted that the simple HTML get-requests performed by OCSP were unencrypted.
The post Your Computer Isn’t Yours was one of the catalysts for the mass concern. Soon, social media was awash in claims that the macOS app-vetting process was turning Apple into a Big Brother that was tracking the time and location whenever users open or reopen any app not downloaded from the App Store. Normally, that would have been the end of the issue, but it wasn’t. The result was huge numbers of Mac users left in limbo.Īpple fixed the problem with the availability of, presumably by adding more server capacity. The server couldn’t provide the all clear, but it also didn’t return an error that would trigger the soft fail.
Somehow, the mass number of people upgrading to Big Sur on Thursday seems to have caused the servers at to become overloaded but not fall over completely.
#Get logs for mac app software
To guard against this hazard, OCSP defaults to what’s called a “soft fail.” Rather than block the website or software that’s being checked, OCSP will act as if the certificate is valid in the event that the server doesn’t respond.
#Get logs for mac app install
Servers sometimes go down, and when they do, OCSP server outages have the potential to paralyze millions of people trying to do things like visit sites, install apps, and check email. OCSP, it turned out, had its own drawbacks. CRL gave way to OCSP, which performed the check on remote servers. The initial means was use of certificate revocation lists, but as the lists grew, their size prevented them from working effectively. To make sure the certificate hasn’t been revoked, macOS uses OCSP-short for the industry standard Online Certificate Status Protocol-to check its validity.Ĭhecking the validity of a certificate-any certificate-authenticating a website or piece of software sounds simple enough, but it has long presented problems industrywide that aren’t easy to solve. Users can configure the macOS feature known as Gatekeeper to allow only these approved apps, or they can choose a setting that also allows the installation of third-party apps, as long as these apps are signed with a developer certificate issued by Apple. Meet OCSPīefore Apple allows an app into the App Store, it must first pass a review that vets its security. More about that later-first, let’s back up and provide some background. Just to be sure, though, Apple on Monday published a support article that should quell any lingering worries.
#Get logs for mac app upgrade
The mass upgrade to Big Sur, it seems, caused the Apple servers responsible for these checks to slow to a crawl.Īpple quickly fixed the slowdown, but concerns about paralyzed Macs were soon replaced by an even bigger worry-the vast amount of personal data Apple, and possibly others, can glean from Macs performing certificate checks each time a user opens an app that didn’t come from the App Store.įor people who understood what was happening behind the scenes, there was little reason to view the certificate checks as a privacy grab. The cause: online certificate checks Apple performs each time a user opens an app not downloaded from the App Store. Last Thursday afternoon, Mac users everywhere began complaining of a crippling slowdown when opening apps.
0 kommentar(er)
