Safari insists on installing and using expired WWDR certificate, breaking Extension Builder
| Originator: | peter.maurer | ||
| Number: | rdar://24672726 | Date Originated: | 02/16/2016 |
| Status: | Duplicate of 24657061 | Resolved: | |
| Product: | Safari | Product Version: | Safari 9.0.3 (11601.4.4) running on OS X 10.11.3 (15D21) |
| Classification: | Reproducible: | Always |
SUMMARY: Safari installs an expired version of the WWDR certificate, and then claims there's "no Safari extensions certificate" because of the broken chain of trust. STEPS TO REPRODUCE: 1. Open Extension Builder in Safari 2. Check an extension's certificate status line EXPECTED RESULTS: My Safari extensions certificate is acknowledged. ACTUAL RESULTS: I get a "no Safari extensions certificate" message. Opening the keychain reveals that Safari has re-installed an expired WWDR certificate and then insist on using that instead of the newer valid WWDR certificate, which is also in my keychain. Deleting the expired certificate doesn't help, because Safari caches it. Re-launching Safari and re-opening Extension Builder after deleting the expired certificate re-installs the expired certificate. NOTES: Considering the number of emails Apple sent reminding everyone to update their WWDR certificates, this is somewhat amusing.
Comments
Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!
Close as duplicate of 24657061, which is still open.
Fixed in OS X 10.11.4 beta 3, according to https://forums.developer.apple.com/thread/37551