Here's what's happening with the Mac App Store and 'damaged' apps | iMore In order to fix the current problem, Apple will need to roll back the MAS certificate to SHA-1 or developers will need to update their receipt validation to use OpenSSL that supports SHA-2. Obviously a roll back on Apple's side would be faster, a developer update better in the long run. Hopefully we'll get both.

I'm not sure this is a good description of the problem. In my case, we were testing for the authenticity of the "Mac App Store Receipt Signing" certificate by testing the SHA1 fingerprint of the certificate. Obviously, when the certificate expired (30 years would have been a good length for that vert), the new certificate would have failed the test, yet still be an authentic Apple cert.

This particular test was part of Tighten's "most restrictive" or "paranoid" receipt validation. Less stringent validation (such as code generated by Tighten App) was not affected in the same way.

Labels: mac app store, mac app store receipt validation