Re: WoSign still trusted somehow on Mac even after manual distrust of StartCom

https://support.apple.com/en-us/HT204132 The source code for how Apple has implemented such blocks is available at https://opensource.apple.com/ Specifically https://opensource.apple.com/source/Security/Security-57337.60.2/OSX/libsecurity_apple_x509_tp/lib/tpCertAllowList.c.auto.html as called

Re: WoSign still trusted somehow on Mac even after manual distrust of StartCom

Yeah, I suspected so but I didn't find it in the security content (https://support.apple.com/en-ca/HT207275). I remember when Gerv discussed the idea on whitelisting intermediate cert, he mentioned that firefox didn't want to undermine user sovereignty by overriding the user's trust choice. I

Re: WoSign still trusted somehow on Mac even after manual distrust of StartCom

On Tue, Nov 8, 2016 at 2:23 PM, Percy wrote: > You can see from image1 that all StartCom roots are marked distrust > systemwide. No WoSign roots are included on Mac. > > However when I'm accessing https://www.schrauger.com/ in Chrome, the HTTPS > connection is marked as