-
Notifications
You must be signed in to change notification settings - Fork 42
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Resolved] Changes to the App Store receipt signing certificate #89
Comments
From the link:
Luckily, AppReceiptValidator ships without intermediate certificate, and instead only hardcodes the the Apple Root certificate. So I'd say we are good, and following what Apple is recommending here. The Apple Root certificate is theoretically valid until 2035, after that, AppReceiptValidator will consider all receipts invalid. It may be interesting to keep this in mind for the longterm future. I consider this issue closed, but will leave it open in case others get interested in the topic and to prevent creation of duplicates. |
I don't know if I should create another thread for this. But another major change (different than the first one) is coming this summer: |
It looks like this is only affecting the intermediate certificates, which are not pinned by AppReceiptValidator, so I wouldn't expect issues with those changes. To be sure we should wait until June 20, 2023 when SHA256 intermediate certificates are introduced for sandbox/debug builds and test them. |
We now unfortunately have cases where signature checks fail because of https://developer.apple.com/documentation/technotes/tn3138-handling-app-store-receipt-signing-certificate-changes Note: The appstore sandbox receipts (running mac debug builds) still return SHA1 signed receipts, so those are not ideal for testing SHA256 compatibility, unlike what Apple mentions in the above article. We are currently evaluating a fix #93 which passes tests (and can also offer this workaround in the meantime: #92) |
#93 should now have official fixed the issues |
Thanks a lot for the fix! |
@john-work-ios Details:
|
Thank you, this is very clear. Much appreciated, same goes for your work! Cheers |
According to this link:
https://developer.apple.com/news/?id=ytb7qj0x
A certificate will change.
Will this impact users of this framework?
The text was updated successfully, but these errors were encountered: