What's this CSSM Exception in my macOS 10.12.1 logs?
I'm trying to clean up my mac a bit and therefore always check through logs to see what maybe unexpected or otherwise strange. This time I see way too much going on in the logs in terms of lines per second and one thing that catches my eyes quickly is these CSSM exceptions. Here's an example:
Standard 19:46:21.455829 +0100 syncdefaultsd CSSM Exception: -2147411889 CSSMERR_CL_UNKNOWN_TAG
In this case it's from syncdefaultsd but they happen to be from differenct processes every few seconds. I've also seen them from com.apple.iCloudHelper, quicklookd, mdworker, launchservicesd and other macOS native services.
I found through google that some people posted about them already but didn't get a real answer. Thought I might find someone to help here.
Within Minutes i get thousands of these (just captured 10 minutes with nearly 9000 lines of CSSM Exceptions.
Solution 1:
I have found these errors to relate to old keychain data references. I was able to stop most of these CSSM Exceptions from appearing by opening Keychain Access and deleting any empty keychains.
Agreed- my CSSM Exception errors went away when I got rid of some defunct Adobe Air keychain references. The references were particularly defunct, as I had recently deleted the files to which they referred, to get rid of a previous slew of log messages...!
Interestingly, Keychain Access did not immediately disappear the keychains when I asked it to delete them; I deleted them (I tried both "Reference only", and "Reference and Files" (even though I'd manually deleted the files...!)), and they remained visible. So I quit and reopened Keychain Access- and they were gone :-) And so were the CSSM log messages :-)
Solution 2:
This is basically an encryption / validation error. Even thousands of these is not a problem to be solved if you don’t need that specific software calls to be validated for an app to function properly. These can just be safely ignored and logged for most people.
In your case, I would narrow down when the syncdefaultsd is having problems by disconnecting from all networks. If it's stuck, you might restart the OS when disconnected from the network and convince yourself that you are not seeing thousands of messages.
It's not going to be a significant error load on the system to log messages - it's clearly taking some processing - but I doubt anything less than a million lines a day would be measurable on a portable.
As to the direct cause - the iCloud servers to which you are syncing defaults could be messed up or it could be a more local problem where one daemon is passing traffic in a secured / encrypted manner to another subsystem. If you're into code - here are some relevant portions with your specific error flag CSSMERR_CL_UNKNOWN_TAG:
- https://opensource.apple.com/source/libsecurity_apple_x509_tp/libsecurity_apple_x509_tp-30431/lib/tpCertGroup.cpp
- https://opensource.apple.com/source/Security/Security-28/AppleX509CL/CertFields.cpp
Or you could look at how you are using x509 certs or contact Apple Support for some triage on the error. It might be harmless, it might be a bug, it might be a situation where you are on a compromised or malicious network in that an employer or someone is MITM your traffic.
Solution 3:
I have found these errors to relate to old keychain data references. I was able to stop most of these CSSM Exceptions from appearing by opening Keychain Access and deleting any empty keychains.
Solution 4:
I got the same CSSM problems and have solved them by opening the Keychain Access App and removing the empty entry in the Keychains pane (in the same level of "login", "Local Items", "System", and "System Roots").
P.S. My error message in Console is: CSSM Exception: -2147413737 CSSMERR_DL_DATASTORE_DOESNOT_EXIST