Skip navigation
This discussion is archived

ocspd / 10.5.7 and Little Snitch. I'm confused.

43399 Views 17 Replies Latest reply: Aug 10, 2009 9:44 PM by bbulmer RSS
1 2 Previous Next
DCIFRTHS Level 1 Level 1 (20 points)
Currently Being Moderated
May 14, 2009 1:12 AM
After updating to OS X 10.5.7, I started to get messages, from Little Snitch (LS), stating that "ocspd" wants to connect to certinfo.mac.com using TCP Port 80. As I was somewhat confused by this request, I did a quick search, and found out that the OS is checking to see if the the root certificates have been revoked. Is this accurate? Also, based on the information I found, I created a rule to allow this connection FOREVER. Comments please.

What I find strange is that tonight, I started to get a message from LS regarding "ocspd" but this time it wants to connect to "EVIntl-ocsp.verisign.com" (also using TCP 80). The reverse DNS name is "TGV.ANYCAST-FO.CHI.versign.com". What is this connection alert coming from? If Apple has created a method to check for revoked certs, why is "ocspd" attempting to connect to "EVIntl-ocsp.verisign.com" at 199.7.48.72. Any information on this would be greatly appreciated.

Thanks.
Unibody 15" MBP, Mac OS X (10.5.6)
  • schalliol Level 1 Level 1 (0 points)
    Currently Being Moderated
    May 14, 2009 6:34 AM (in response to DCIFRTHS)
    I also wonder the same thing. I've had the same calls as you have. I don't have the answers, but am interested in any info people have.
    MacBook Pro 2.16, Mac Pro 2007, Mac Pro 2008, Mac OS X (10.5.7), Both Mac Pros running RAIDs
  • Barry Hemphill Level 7 Level 7 (33,085 points)
    Currently Being Moderated
    May 14, 2009 6:47 AM (in response to DCIFRTHS)
    Hello d:

    I am not trying to be facetious, but have you ever had a system penetration problem? If not, I would get rid of the _third party_ software (little snitch) and enjoy the Mac. I am assuming, of course, that you have the OS X internal firewall enabled.

    Barry
    iMac 20" 2.4 Ghz Intel-based/2 GB, iMac 17" 1.8 Ghz G5/1 GB, DSL, Firewire HDs, Mac OS X (10.5.7)
  • varjak paw Level 10 Level 10 (167,145 points)
    Currently Being Moderated
    May 14, 2009 7:08 AM (in response to DCIFRTHS)
    ocspd is the "Online Certificate Status Protocol" daemon that processes all certificate validation. This handles both CRL - Certificate Revocation Lists & OCSP - Online Certificate Status Protocol validation of certificates. It's part of both the part of the Keychain and certificate framework. Verisign is one of the common providers of Internet certificates so it's one of the services the ocspd process will contact for certificate updates and verification.

    You do want to allow this process to connect, yes. Only if it were attempting to contact some completely unknown site would it be cause for followup to verify the site.

    Message was edited by: Dave Sawyer
    iMac 2.8 Core 2 Duo 24" 4GB ATI 2600, Mac OS X (10.5.7), PowerMac G5 2.0GHz DP, Dell w/ Windows Vista Unlimited SP1
  • gumsie Level 4 Level 4 (2,075 points)
    Currently Being Moderated
    May 14, 2009 7:11 AM (in response to varjak paw)
    I'll add a thanks here, I was wondering myself what this was.
    PowerMac G6 Alu Cinema HD, Mac OS X (10.5.6), Ctrl, Alt, Del.........AAAaarggghhh!
  • Glynn Level 4 Level 4 (1,375 points)
    Currently Being Moderated
    May 14, 2009 7:27 AM (in response to varjak paw)
    That was a great answer Dave!!! I'm so glad I use this forum!!

    Be reading from your posts soon.

    Cheers,
    Glynn
    iBook 14.1 G3 700mhz OSX 10.4.11, G4 1.33Gz,iMac G5 2.1Gz 2Gm, Macbook 2.3 Gz, Mac OS X (10.5.6), Win XP SP3
  • varjak paw Level 10 Level 10 (167,145 points)
    Currently Being Moderated
    May 15, 2009 7:37 AM (in response to DCIFRTHS)
    I had never seen this request before I upgraded from 10.5.6 to 10.5.7. Has Apple changed the way the OS checks for valid certificates?

    Sorry, I don't know. But as is often the case with updates that involve security patches, it's entirely possible. Or there may be something in Little Snitch that changed/reset due to the update.
    iMac 2.8 Core 2 Duo 24" 4GB ATI 2600, Mac OS X (10.5.7), PowerMac G5 2.0GHz DP, Dell w/ Windows Vista Unlimited SP1
  • garbageman Level 2 Level 2 (365 points)
    Currently Being Moderated
    May 16, 2009 6:23 AM (in response to DCIFRTHS)
    {quote}If anyone else has an answer or thoughts on why I started getting these alerts, after upgrading to 10.5.7{quote}

    I'm pretty sure I started getting the messages after I installed the Little Snitch 2.1.1 update that was released the day before 10.5.7 was released.
    MBP 2.16 GHz 3 GB RAM / 24" iMac 2.4GHz, Mac OS X (10.5.7), 23 inch Cinema Display, 16GB iPod Touch
  • AmplifiedLife Calculating status...
    Currently Being Moderated
    May 18, 2009 9:26 AM (in response to varjak paw)
    this helped me too.

    i had the same question and feel the same way about little snitch. i enjoy seeing all the processes occurring on my mac and what gets in & out, etc.

    peace,

    L
    MacBook Pro - iMac G5 - PowerBook G4, Mac OS X (10.5.7), 16GB iPhone 3G - 1G 2GB Black Nano
  • thirteen53 Calculating status...
    Currently Being Moderated
    May 31, 2009 7:32 PM (in response to DCIFRTHS)
    I am running 10.5.7 and recently upgraded to Little Snitch 2.1.3. The ocspd thing is a Little Snitch problem and not an OS problem. I just looked, and ocspd was listed as Deny Until Quit in Little Snitch Configuration. To fix this, just create a new rule for ocspd and Allow All Connections, or select Allow All Connections when the question box comes up again.

    As for "get[ting] rid of the third party software (little snitch) and enjoy[ing] the Mac," no thank you. I'm a suspenders-and-belt kind of guy, and Little Snitch is a powerful defense against the bad people out there.
    iMac, MacBook, Mac OS X (10.5.7), Mac Since 1984
  • nerowolfe Level 6 Level 6 (13,070 points)
    Currently Being Moderated
    May 31, 2009 8:39 PM (in response to thirteen53)
    Welcome to Apple Discussions:
    Yes, more knowledge is always better than less. An informed user is a good user. Ignorance is not bliss - it is ignorance.
    I use LittleSnitch and have discovered some interesting items such as the regularity with which the Apple time server is accessed, the actual locations of various Apple servers, such as the autosoftware update server, etc.
    Useful?, I don't know; but it is interesting, yes.
    Taking an active interest in things, to me, is much more valuable than a passive shrug
    MacBookPro3,1-17"Core2Duo/VistaUlt64SP1; MacBookPro1,1-15"/XPProSP3; Dual G5/XPP, Mac OS X (10.5.7), Homebrew 3GHz ASUS PC, Dell Inspiron8k, Abacus, Sliderule, HP-50G
  • robogobo Level 2 Level 2 (290 points)
    Barry, network monitors are not just for security. They're also great for diagnosing problems and just being aware of who your machine is talking to. System penetrations are one thing. Sneaky applications are another.
    Mac Pro quad 2.66, 9Gigs, 7300, Mac OS X (10.5.6), 23" ACD, 30" HP LP3065
1 2 Previous Next

Actions

More Like This

  • Retrieving data ...

Bookmarked By (1)

Legend

  • This solved my question - 10 points
  • This helped me - 5 points
This site contains user submitted content, comments and opinions and is for informational purposes only. Apple disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Apple Support Communities Terms of Use.