In my /etc/hosts file I've got this line
0.0.0.0 ocsp.apple.com
It works a charm, apps on MacOS start nearly instantly, even cold. Mostly noticeable with my own cocoa apps. So I'd like to keep it that way.
That said, it also seems to break the appstore. If I load the appstore app, it complains about "We could not complete your purchase. Cancelled", which works fine if I don't block ocsp.
Has anyone got a solution for this?
My first thought is running a proxy that would make the difference and allow or deny...
@Apple for god sakes let advanced users turn off this security feature.
Certificate validation The first time a user opens an app, the distribution certificate is validated by contacting Apple’s OCSP server. If the certificate has been revoked, the app won’t launch. To verify the status, the device must be able to reach ocsp.apple.com.
The OCSP response is cached on the device for the period of time specified by the OCSP server—currently, between 3 and 7 days. The validity of the certificate isn’t checked again until the device has restarted and the cached response has expired. If a revocation is received at that time, the app won’t launch.
Also: ```echo "127.0.0.1 oscp.apple.com" | sudo tee -a /etc/hosts```
https://gist.github.com/nathanhleung/2ceeda4c743f2a1cf3d670c...