Home - News ( United States | United Kingdom | Italy | Germany ) - Football scores

Showing content from https://github.com/NuGet/Home/issues/11986 below:

macOS's distrust model overrides custom contextual trust · Issue #11986 · NuGet/Home · GitHub

dotnet.exe

.NET 5 SDK+

No response

Other

In March 2022, I confirmed with Apple developer technical support that Apple had recently updated macOS's X.509 distrust model to explicitly distrust the intermediate certificate in the Symantec timestamping certificate chain used to timestamp NuGet.org packages.

When chain building the end certificate using macOS's default system trust store, the certificate chain validates successfully as trusted; however, the built chain terminates at the intermediate instead of the root.

When chain building the end certificate with custom trust anchors (including the timestamping root), macOS's distrust model overrides the implicit, transitive trust on the intermediate conferred by the explicit, contextual trust on the root. The end result is that certificate chain building fails with explicit distrust.

None of the solutions considered is attractive at this time, so we’re postponing macOS support for NuGet signed package verification during restore operations for the foreseeable future. Signed package verification is still possible using the dotnet nuget verify command.

Relevant timestamping certificate chains:

• root: VeriSign Universal Root Certification Authority
• intermediate: Symantec SHA256 TimeStamping CA
• end: Symantec SHA256 TimeStamping Signer - G3, Symantec SHA256 TimeStamping Signer - G2

No response

RetroSearch is an open source project built by @garambo | Open a GitHub Issue

Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo

HTML: 3.2 | Encoding: UTF-8 | Version: 0.7.4