Thanks for the summary @hoelska , really helpful.
As noted by @Elephant Head Software, looking at the implementation of the official library we can find a comment indicating that "We don't include the root cert in the path, due to OCSP not being supported", also the code discards the root (3rd) certificate. If I get it correctly it means that there is not point to check for online revocation ?
yazaroual
Users receive reputation points by contributing quality content to the forums.
Posts include post and replies published on the forums.
Post authors can mark replies as Accepted to indicate successful solutions.
Apple Developer Forums admins can mark replies as Apple Recommended to indicate an approved solution
Post
Replies
Boosts
Views
Activity
Responding to my own comment. For some reasons in Sandbox when a refund or declined refund are tested :
Your Backend will immediately get a DID_CHANGE_RENEWAL_STATUS notification
It's only ~1 hour later that it will also get the REFUND or REFUND_DECLINED notification
Hope this helps.