Mac Developer: Apple apologizes to developers for Mac App Store certificate flap, explains fix
Apple apologizes to developers for Mac App Store certificate flap, explains fix The caching issue was compounded by apps running receipt validation code containing "very old versions" of OpenSSL not compatible with SHA-2 certificates. Apple replaced the SHA-2 certificate with a SHA-1 certificate last Thursday.
Well, the recommendations from the Apple Developer site were to use a static version of OpenSLL compiled into the application binary. And that would be whatever was available at the time the binary was uploaded. Not everyone yearns to rabidly update their applications every 2 weeks. Some of us have a software engineering ethic. Just keep that in mind next time you call strstr() which was first specified in the 60s.
Labels: software engineering