(lapcatsoftware.com)

361 points robenkleene | 1 comments | 23 May 20 09:42 UTC | HN request time: 0.001s | source

Show context

usmannk ◴[23 May 20 16:27 UTC] No.23284235[source]▶

There is so much confusion here. The OP and most others are missing one of the biggest points: Look at the packet trace. There is _no data_, not even a hash, being sent. It's a TLS negotiation and then the connection ends. I have to suspect it's a bug...

replies(6): >>23284309 #>>23284481 #>>23284891 #>>23285137 #>>23285544 #>>23287368 #

_qulr ◴[23 May 20 18:21 UTC] No.23285137[source]▶

>>23284235 #

I'm not sure what you're seeing, but that's not what I'm seeing. When I Wireshark both app notarization and script notarization, I see 2 packets of encrypted Application Data sent to Apple (567 and 101 bytes), and 1 packet of Application Data (varying length) returned from Apple, in each case. What do you see when you trace a regular app notarization check?

replies(1): >>23285209 #

usmannk ◴[23 May 20 18:29 UTC] No.23285209[source]▶

>>23285137 #

This is odd, my proxy doesn't seem to show this. I will try to load my root cert into Wireshark and check.

Edit: Checked and double checked: When I run a new shell script, syspolicyd just makes a connection with no application data

replies(2): >>23285662 #>>23287587 #

1. ◴[23 May 20 23:30 UTC] No.23287587{3}[source]▶

>>23285209 #

↑

Catalina is checking notarization of unsigned executables