Feature: Cert pool
Opened this issue · 1 comments
richzw commented
Create the cert pool from https://www.apple.com/certificateauthority
our recommendation it to use all certs under the Root Certificates section of https://www.apple.com/certificateauthority, this is why when decoding and verifying with the App Store Server Library we accept an array of root certificates. Also, remember to check the appropriate OID values when verifying the certificates in the chain. The full process is described here https://developer.apple.com/videos/play/wwdc2023/10143?time=614
related link https://forums.developer.apple.com/forums/thread/742185