Mac users started Thursday is facing unexpected issues including minutes of time to launch an app, non-accountability for entire MacOS and other issues. Issues began to be closely observed from the time Apple began rolling out the new version of macOS, Big Sur — but it affected users of other versions of macOS, such as Catalina and Mojave.
Other Apple services suffered recessions, outages, and odd behavior, including Apple Pay, Messaging, and even Apple TV devices.
Some Mac users didn’t take long to note that there’s a trust — a macOS process responsible for checking in with Apple’s servers that confirms an app is notarized — that contacts a host called ocsp.apple.com Attempting to do but failing repeatedly. The result was, among other things, an attempt to launch the app.
Users who opened the console and filtered to find the error found many errors related to trust.
The affected hostname (which is actually an indicator for the entire set of servers on Apple’s CDN) is responsible for validating all methods of Apple-related cryptographic certificates – including certificates used by app notarization. First introduced in Mojave and mandated in Catalina, notarization is an automated process that Apple performs on developer-signed software:
The Apple Notary service is an automated system that scans your software for malicious content, checks code-signing issues, and quickly returns the results to you. If there is no problem, the notary service prepares a ticket for you to staple for your software; The notary service also publishes the ticket online where the gatekeeper can find it.
The “OCSP” part of the hostname refers to online certificate status protocol stapling, or just “certificate stapling”. Apple uses certificate stapling to help streamline the process of millions of Apple devices checking the validity of millions and millions of certificates every day.
When an Apple device cannot connect to the network, but you want to launch an app anyway, the notarization verification is considered a “soft fail” —that is, your Apple device is about to recognize that you’re not online and Allow the server to launch the application anyway. However, due to the nature of what happened today, the call to the server appeared to be hanging instead of just soft-felting. This is probably because every device can still perform a DNS lookup on ocsp.apple.com without any problems, making the devices confident that if they can do a DNS lookup, connecting them to the OCSP service Should be able to So they tried and time ran out.
The situation lasted for several minutes, and when some temporary workarounds circulated on forums, chat rooms, and Twitter, the behavior of the problem eventually cleared up as Apple likely resolved the underlying issue.
Apple previously announced that Big Sur would launch on Thursday, and issues with the rollout began over time. We have reached out to Apple for comment and will share any statement if we get one.
This story originally appeared on Ars Technica.
More great story