Mac users today began experiencing unexpected issues that included apps taking minutes to launch, stuttering and non-responsiveness throughout macOS, and other problems. The issues seemed to begin close to the time when Apple began rolling out the new version of macOS, Big Sur—but it affected users of other versions of macOS, like Catalina and Mojave.
Other Apple services faced slowdowns, outages, and odd behavior, too, including Apple Pay, Messages, and even Apple TV devices.
It didn’t take long for some Mac users to note that
trustd—a macOS process responsible for checking with Apple’s servers to confirm that an app is notarized—was attempting to contact a host named
oscp.apple.com but failing repeatedly. This resulted in systemwide slowdowns as apps attempted to launch, among other things.
Users who opened Console and filtered to find the error encountered numerous successive errors related to
trustd, as pictured below.
The affected hostname (which is really just a pointer to a whole bunch of servers on Apple’s CDN) is responsible for validating all manner of Apple-related cryptographic certificates—including the certificates utilized by app notarization. First introduced in Mojave and made mandatory in Catalina, notarization is an automated process Apple performs on developer-signed software:
The Apple notary service is an automated system that scans your software for malicious content, checks for code-signing issues, and returns the results to you quickly. If there are no issues, the notary service generates a ticket for you to staple to your software; the notary service also publishes that ticket online where Gatekeeper can find it.
The “OCSP” part of the hostname refers to Online Certificate Status Protocol stapling, or just “certificate stapling.” Apple uses certificate stapling to help streamline the process of having millions of Apple devices checking the validity of millions and millions of certificates every day.
When an Apple device can’t connect to the network but you want to launch an app anyway, the notarization validation is supposed to “soft fail”—that is, your Apple device is supposed to recognize you’re not online and allow the app to launch anyway. However, due to the nature of whatever happened today, calls to the server appeared to simply hang instead of soft-failing. This is possibly because everyone’s device could still do a DNS lookup on
oscp.apple.com without any problems, leading the devices to believe that if they could do a DNS lookup, they should be able to connect to the OCSP service. So they tried—and timed out.
The situation lasted for several minutes, and while some temporary workarounds circulated on forums, chat rooms, and Twitter, the problem behavior eventually cleared as Apple presumably resolved the underlying issue.
Apple had previously announced that Big Sur would launch today, and the problems began almost precisely in time with the rollout. We have reached out to Apple for comment and will share any statement if we receive one.