Apple SSL CA cert Fail (MacOS 10.5.7)

Robert E. Seastrom rs at seastrom.com
Mon Jun 15 21:20:09 UTC 2009


Hi foks,

Ordinarily I wouldn't send reports of operating system bugs that pose
no security risk to this list, but I'm making an exception in this
case due to the following conditions:

   1) There are a lot of Mac users in the NANOG community.
   2) There is a preponderance of folks here who run their own CAs
   3) CA software, particularly OpenSSL, is byzantine enough that
      upon running into a problem, one is likely to think he is the
      faulty party.
   4) I just burned three evenings last week chasing this bug.  I
      don't have sufficient extra hair to be spending my evenings
      tearing it out and you might not either.

Summary: MacOSX's keychain access application mishandles importing
root CA certs.  This only happens under 10.5.7; other versions are
fine.  There is a workaround using command line tools.

Details at http://support.apple.com/kb/TS2747

-r





More information about the NANOG mailing list