Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CSSMERR_TP_CERT_REVOKED #1257

Closed
riccoyu opened this issue Jul 10, 2023 · 5 comments
Closed

CSSMERR_TP_CERT_REVOKED #1257

riccoyu opened this issue Jul 10, 2023 · 5 comments
Labels
bug Something isn't working

Comments

@riccoyu
Copy link

riccoyu commented Jul 10, 2023 

❯ spctl -a -v /Applications/V2rayU.app
/Applications/V2rayU.app: CSSMERR_TP_CERT_REVOKED

证书吊销了,不是过期了。@yanue 应该检查一下自己的apple开发者账户或者来自apple的邮件。有可能有违规行为(例如证书类型?)被apple给ban了,或者其他原因被ko了

v3.4.0-preview版本虽然更新了证书的有效期,但今日(2023-07-10)用spctl检查的时候,仍然CSSMERR_TP_CERT_REVOKED
@riccoyu riccoyu added the bug Something isn't working label Jul 10, 2023
@riccoyu
Copy link
Author

riccoyu commented Jul 10, 2023

看这个事件的表现(标记malware & 吊销证书),跟Downie app在2020年被误杀的事件类似

如果事件的性质完全相同,需要 @yanue 积极的去跟apple沟通来解决自己的账号和证书问题

@yanue
Copy link
Owner

yanue commented Jul 11, 2023

用了2台设备登陆同一个账户,然后就被相互吊销了

@riccoyu
Copy link
Author

riccoyu commented Jul 11, 2023

用了2台设备登陆同一个账户,然后就被相互吊销了

在两台甚至多台mac上的xcode里登录同一个开发者账号是常有的事,这不应成为证书被revoke的因由,除非apple真的告知你是这个原因封的账号😱

@riccoyu
Copy link
Author

riccoyu commented Jul 11, 2023

参考 Protecting against malware in macOS 中的 XProtect 章节:

How Apple responds when new malware is discovered

When new malware is discovered, a number of steps may be performed:

  • Any associated Developer ID certificates are revoked.

  • Notarization revocation tickets are issued for all files (apps and associated files).

  • XProtect signatures are developed and released.

These signatures are also applied retroactively to previously notarized software, and any new detections can result in one or more of the previous actions occurring.

Ultimately, a malware detection launches a series of steps over the next seconds, hours, and days that follow to propagate the best protections possible to Mac users.

来捋一捋(我的猜测)V2rayU app这次事件的顺序:

  1. 不知何故,V2rayU app被XProtect或者其它手段标记为恶意软件并知晓给apple
  2. 你的开发者证书被吊销,这个结果会殃及到你这个账号的其它app
  3. 一个XProtect签名(标记V2rayU app是恶意软件)生成并分发给mac用户们
  4. 然后大家尝试运行V2rayU app时,都会弹恶意软件告警的窗了

@riccoyu
Copy link
Author

riccoyu commented Jul 18, 2023

这个issue可以关了,mark一下:

  • v3.2.0 证书A是过期的,但是未被标记恶意软件,app运行不需要重签名来hack
  • v3.3.0 证书A被吊销,app被标记为恶意软件,需要 应用程序“V2rayU.app”无法打开的解决办法 #1234 所列方法来hack
  • v3.4.0-preview 证书A更新了有效期,但是又被吊销了,app还是被标记为恶意软件
  • v3.5.0 换了一张证书B,终于没有恶意软件弹窗了
  • v3.6.0 证书A再次更新了有效期,终于正常了
  • v3.7.0 由于没有证书问题了,继续使用v3.6.0的证书A

@riccoyu riccoyu closed this as completed Jul 18, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@riccoyu @yanue