I run the keychain command-line app that allows me to fast-sleep my Mac or quickly lock a keychain. However, it seems to think that I have many crlcache keychains:
When I search for crlcache on my system, the only file I find is:
[Dance ~ 11:09:48]$ locate crlcache
/private/var/db/crls/crlcache.db
[Dance ~ 11:09:56]$ ls -l /private/var/db/crls/crlcache.db
-rw-r--r-- 1 root wheel 138216 Feb 16 18:18 /private/var/db/crls/crlcache.db
[Dance ~ 11:10:09]$ ls -l /private/var/db/crls/
total 385868
-rw-r--r-- 1 root wheel 156633946 Feb 15 13:51 00EB0CCCF4716CBA4623A3D52F98D43DF630A91D.crl
-rw-r--r-- 1 root wheel 3193 Feb 15 13:51 00EB0CCCF4716CBA4623A3D52F98D43DF630A91D.pem
-rw-r--r-- 1 root wheel 64915907 Feb 15 13:53 00EB0CCCF4716CBA4623A3D52F98D43DF630A91D.revoked
-rw-r--r-- 1 root wheel 25 Feb 15 13:52 00EB0CCCF4716CBA4623A3D52F98D43DF630A91D.update
-rw-r--r-- 1 root wheel 349557 Jan 17 10:14 02B8F639D67DE595D5B990C7365B227EEF2147CA.crl
-rw-r--r-- 1 root wheel 4127 Jan 17 10:14 02B8F639D67DE595D5B990C7365B227EEF2147CA.pem
-rw-r--r-- 1 root wheel 245330 Jan 17 10:14 02B8F639D67DE595D5B990C7365B227EEF2147CA.revoked
-rw-r--r-- 1 root wheel 25 Jan 17 10:14 02B8F639D67DE595D5B990C7365B227EEF2147CA.update
-rw-r--r-- 1 root wheel 17010447 Jan 17 09:41 048F69989050838246F359F3747684F066F55F89.crl
-rw-r--r-- 1 root wheel 3160 Jan 17 09:41 048F69989050838246F359F3747684F066F55F89.pem
-rw-r--r-- 1 root wheel 5412268 Jan 17 09:41 048F69989050838246F359F3747684F066F55F89.revoked
-rw-r--r-- 1 root wheel 25 Jan 17 09:41 048F69989050838246F359F3747684F066F55F89.update
-rw-r--r-- 1 root wheel 22426866 Jan 17 09:15 33AF9B2AF9EE55453E70F230CEE6F1B088A11E53.crl
-rw-r--r-- 1 root wheel 3152 Jan 17 09:15 33AF9B2AF9EE55453E70F230CEE6F1B088A11E53.pem
-rw-r--r-- 1 root wheel 7095036 Jan 17 09:15 33AF9B2AF9EE55453E70F230CEE6F1B088A11E53.revoked
-rw-r--r-- 1 root wheel 25 Jan 17 09:15 33AF9B2AF9EE55453E70F230CEE6F1B088A11E53.update
-rw-r--r-- 1 root wheel 150251 Feb 17 21:44 6D42DDADB61DE578D7E8AE1F55B847E7D2211227.crl
-rw-r--r-- 1 root wheel 1952 Feb 17 21:44 6D42DDADB61DE578D7E8AE1F55B847E7D2211227.pem
-rw-r--r-- 1 root wheel 0 Feb 17 21:44 6D42DDADB61DE578D7E8AE1F55B847E7D2211227.revoked
-rw-r--r-- 1 root wheel 25 Feb 17 21:44 6D42DDADB61DE578D7E8AE1F55B847E7D2211227.update
-rw-r--r-- 1 root wheel 22163480 Feb 2 17:02 725FB81052E5B7712EBEFB4795675251CCC3BC52.crl
-rw-r--r-- 1 root wheel 3160 Feb 2 17:02 725FB81052E5B7712EBEFB4795675251CCC3BC52.pem
-rw-r--r-- 1 root wheel 7014670 Feb 2 17:02 725FB81052E5B7712EBEFB4795675251CCC3BC52.revoked
-rw-r--r-- 1 root wheel 25 Feb 2 17:02 725FB81052E5B7712EBEFB4795675251CCC3BC52.update
-rw-r--r-- 1 root wheel 146048 Jan 17 10:48 883F19386296795F3147EBE82296B2D27A52B071.crl
-rw-r--r-- 1 root wheel 2061 Jan 17 10:48 883F19386296795F3147EBE82296B2D27A52B071.pem
-rw-r--r-- 1 root wheel 128662 Jan 17 10:48 883F19386296795F3147EBE82296B2D27A52B071.revoked
-rw-r--r-- 1 root wheel 25 Jan 17 10:48 883F19386296795F3147EBE82296B2D27A52B071.update
-rw-r--r-- 1 root wheel 23249559 Jan 17 09:19 B17D3E16D3A0F9C7F88CC316029C5AC00C505536.crl
-rw-r--r-- 1 root wheel 3160 Jan 17 09:19 B17D3E16D3A0F9C7F88CC316029C5AC00C505536.pem
-rw-r--r-- 1 root wheel 7397440 Jan 17 09:19 B17D3E16D3A0F9C7F88CC316029C5AC00C505536.revoked
-rw-r--r-- 1 root wheel 25 Jan 17 09:19 B17D3E16D3A0F9C7F88CC316029C5AC00C505536.update
-rw-r--r-- 1 root wheel 1120674 Feb 13 22:52 C7F09F48274C5E3AA39F26B6331F4BADB6FB7C26.crl
-rw-r--r-- 1 root wheel 3205 Feb 13 22:52 C7F09F48274C5E3AA39F26B6331F4BADB6FB7C26.pem
-rw-r--r-- 1 root wheel 1040852 Feb 13 22:52 C7F09F48274C5E3AA39F26B6331F4BADB6FB7C26.revoked
-rw-r--r-- 1 root wheel 25 Feb 13 22:52 C7F09F48274C5E3AA39F26B6331F4BADB6FB7C26.update
-rw-r--r-- 1 root wheel 18404099 Feb 14 19:50 EF60748B11A1CBB3DA17B561326A3C2A03A6436A.crl
-rw-r--r-- 1 root wheel 6477 Feb 14 19:50 EF60748B11A1CBB3DA17B561326A3C2A03A6436A.pem
-rw-r--r-- 1 root wheel 7089092 Feb 14 19:50 EF60748B11A1CBB3DA17B561326A3C2A03A6436A.revoked
-rw-r--r-- 1 root wheel 25 Feb 14 19:50 EF60748B11A1CBB3DA17B561326A3C2A03A6436A.update
-rw-r--r-- 1 root wheel 24860240 Jan 17 09:13 F6353240A71E06E460868101176CBF82936A274B.crl
-rw-r--r-- 1 root wheel 3160 Jan 17 09:13 F6353240A71E06E460868101176CBF82936A274B.pem
-rw-r--r-- 1 root wheel 7868651 Jan 17 09:13 F6353240A71E06E460868101176CBF82936A274B.revoked
-rw-r--r-- 1 root wheel 25 Jan 17 09:13 F6353240A71E06E460868101176CBF82936A274B.update
-rw-r--r-- 1 root wheel 138216 Feb 16 18:18 crlcache.db
-rw-r--r-- 1 root wheel 118328 Feb 18 10:45 ocspcache.db
[Dance ~ 11:10:11]$
Here are my keychains:
[Dance ~ 11:13:50]$ ls -l /Library/Keychains
total 196
-rw-r--r-- 1 root wheel 125412 Feb 14 17:17 System.keychain
-rw-r--r--@ 1 root wheel 20460 Oct 16 2014 System.keychain-orig
-rw-r--r--@ 1 root wheel 51440 Nov 15 00:28 apsd.keychain
[Dance ~ 11:13:54]$ ls -l Library/Keychains/
total 5680
drwx------ 7 user staff 238 Jan 28 08:20 15F335F0-18E6-5BBF-8294-C47E82A0EE22/
-rw-r--r-- 1 user staff 20460 Jan 18 2014 Microsoft_Intermediate_Certificates
-rw-r--r--@ 1 user staff 2809980 Feb 18 11:05 login.keychain
-rw-r--r--@ 1 user staff 1088800 Feb 1 2014 login.keychain.sb-ea2853d9-bzChLx
-rw------- 1 user staff 1891832 Feb 18 10:40 metadata.keychain
[Dance ~ 11:14:00]$ ls -l Library/Keychains/15F335F0-18E6-5BBF-8294-C47E82A0EE22/
total 3200
-rw------- 1 user staff 47 Oct 7 12:14 accountStatus.plist
-rw------- 1 user staff 561152 Feb 17 18:01 keychain-2.db
-rw------- 1 user staff 32768 Feb 17 21:44 keychain-2.db-shm
-rw------- 1 user staff 2673912 Feb 18 11:12 keychain-2.db-wal
-rw------- 1 user staff 1396 Oct 17 2014 user.kb
[Dance ~ 11:14:07]$
In the Keychain app, I only see a single keychain:
What's wrong?
Best Answer
CRL typically stands for certificate revocation list but something is really amiss on this system that might need Apple engineering assistance to remedy. The reason I say that is your listings all look appropriate and you don't have an explicit keychain for each entry in the UI.
Without analyzing your usage of the script, the logical conclusion I would make is that these are artifacts or direct results of your scripting.
One thing you could try is disabling both OCSP and CRL temporarily and see if the count of rogue keychains remains stable. In theory - it's always best to check for revoked certificates, but in practice, you might not be at much risk if you do so for a short period of time or even in general.
Another thing would be to look at the open files for the process to see if you can locate keychain files outside the normal ~/Library/Keychains and /Library/Keychains locations on the filesystem. If they are hidden in /private or worse - kept in RAM and exposed like a file, you might have a hard time tracking them down without placing that program in a debugger like Instruments.