10.5.7 MobileMe sync failure and Verisign

Thursday, June 4. 2009

Posted by Sean Chittenden in Tech at 10:00 | Comments (0) | Trackbacks (0)

On an idle afternoon, I did whate very other sane computer user did: pushed update to upgrade my laptop to OS-X 10.5.7. Peachy. As per every other upgrade in the last 3 years, everything just worked as expected. Except MobileMe sync'ing. Grr...

Turns out Apple was sold a bill of goods from Verisign and in 10.5.7 Apple made the mistake of using Verisign's "Online Certificate Status Protocol" service. If I weren't using bfilter, I would've never noticed this bit of pseudo-evilness. Every time you sync with MobileMe, Verisign gets a series of connections to either evintl-ocsp.verisign.com or evsecure-ocsp.verisign.com. This is only an issue if you 1) don't want Verisign to know when you connect to MobileMe, or 2) you happen to use BFilter along with MobileMe, in which case you'll have noticed syncing suddenly stopped working.

There are two solutions: bypass bfilter and let Verisign receive these connections, or deadend requests to Verisign before bfilter has a chance to mangle the response. I'm including the /etc/hosts entry below (my preferred alternative). Add the following to /etc/hosts and you should be good to go:

127.0.0.1    evintl-ocsp.verisign.com
127.0.0.1    evsecure-ocsp.verisign.com

Eff Verisign.

Defined tags for this entry: MobileMe, darwin

Related entries by tags:

10.6 mac ports - Sept 3rd

Vote for articles fresher than 30 days!

Current karma: none, 0 vote(s)

Trackbacks

Trackback specific URI for this entry

No Trackbacks

Comments

Display comments as (Linear | Threaded)

No comments

Add Comment

Name
Email
Homepage
In reply to
Comment	Enclosing asterisks marks text as bold (word), underscore are made via _word_. Standard emoticons like :-) and ;-) are converted to images. E-Mail addresses will not be displayed and will only be used for E-Mail notifications. To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly. Enter the string from the spam-prevention image above:
	Remember Information? Subscribe to this entry
Submitted comments will be subject to moderation before being displayed.

Quicksearch

Twitter

@UWSportsNews Remaining in the 3rd quarter, not game. (PS we all knew you meant punt, not point) *grin*1 day ago
Speaking of funny, I hope the irony that MySQL was used as the poster child of durability wasn't lost link2 days ago
Friday fun fact: I used to use ruby&php. I enrolled in a 12 step program and have kicked the habits. link2 days ago
@lindvall Very jealous. Have fun!4 days ago
@loganb Go become an opensrs reseller. If you're in a pinch, LMK and I can reg something for you. Well worth the extra buck per domain.4 days ago
@loganb Wanna bet many/most people will a psychological immunity against behavioral game theory in the next few years?4 days ago
New slogan for @RunKeeper, "RunKeeper or it didn't happen."4 days ago
New Dick's Drivin-In, voting for location? North Seattle, plz. link #fb5 days ago
@loganb State machines and synchronization are the the hard concepts in computing... everything else is an implementation technicality.$0.026 days ago
Congratulation to rails users for rails 3.0... you're now almost as advanced as django was several years ago.6 days ago

Follow me

Tagged Entries

video

10.5.7 MobileMe sync failure and Verisign

Personal Musings for Public Consumption

Polls

Bookmarks

Calendar

Categories

Thursday, June 4. 2009

10.5.7 MobileMe sync failure and Verisign

Quicksearch

Twitter

Archives

Tagged Entries

Syndicate This Blog