Hi folks - I've mentioned this before .. and I've been bugging it to
RADAR on a fairly regular basis since October (although the problem
has been going on for much longer).
When I set up my DUAL QUAD last February, I had a keychain already
started on the DUAL but a few months thereafter, imported a keychain
full of secure notes that I had had on my PB17.
I think my crash problems began around that time. In general, the
crashes seemed to coincide with authentication. Today, my machine
locked up when trying to access my account at eSellerate.
Virtually every time I check the log, I see /usr/sbin/ocspd starting
up.
I gathered my machine was having problems with my keychain setup.
(BTW: I wanted to import all my secure notes - a couple of hundred of
them into the ONE main keychain for the DUAL, but there doesn't seem
to be a way to do that other than manually addressing each secure
note .. and manually updating the main keychain. So, I've kept both
keychains running).
Question is - am I'm risking anything by blowing away the following
two db caches?
FILES
/private/var/db/crls/crlcache.db CRL cache
/private/var/db/crls/ocspcache.db OCSP response cache
probably will just blow away this one, actually:
/private/var/db/crls/ocspcache.db OCSP response cache
kevins-mac-pro:~ kevin$ cd /private/var/db/crls/
kevins-mac-pro:crls kevin$ ls
crlcache.db ocspcache.db
kevins-mac-pro:crls kevin$ ls -l
total 48
-rw-r--r-- 1 root wheel 14116 Mar 1 2008 crlcache.db
-rw-r--r-- 1 root wheel 6396 Dec 24 12:22 ocspcache.db
ocspd(1) BSD General Commands Manual
ocspd(1)
NAME
ocspd -- OCSP and CRL Daemon
SYNOPSIS
ocspd
DESCRIPTION
ocspd performs caching and network fetching of Certificate
Revocation Lists (CRLs) and Online Certifi-cate Certificate
cate Status Protocol (OCSP) responses. It is used by
Security.framework during certificate verifica-tion. verification.
tion. Security.framework communicates with ocspd via a private
RPC interface. When Security.framework
determines that a CRL is needed, or that it needs to perform an
OCSP transaction, it performs an RPC to
ocspd which then examines its cache to see if the appropriate
CRL or OCSP response exists and is still
valid. If so, that entity is returned to Security.framework. If
no entry is found in cache, ocspd
obtains it from the network, saving the result in cache before
returning it to Security.framework.
This command is not intended to be invoked directly.
FILES
/private/var/db/crls/crlcache.db CRL cache
/private/var/db/crls/ocspcache.db OCSP response cache
HISTORY
ocspd was first introduced in Mac OS X version 10.4 (Tiger).
AUTHORS
Doug Mitchell
Darwin April 2,
2008 Darwin
_______________________________________________
OSX-Nutters mailing list | [email protected]
http://lists.tit-wank.com/mailman/listinfo/osx-nutters
List hosted at http://cat5.org/
