Mailing Lists: Apple Mailing Lists
Image of Mac OS face in stamp
 
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CSSM_TP_APPLE_EVIDENCE_INFO from SecTrustGetCssmResult has no StatusCodes

On Sep 8, 2006, at 12:09 PM, sean chandler wrote:

NumStatusCodes from CSSM_TP_APPLE_EVIDENCE_INFO
(CSSM_EVIDENCE_FORM_APPLE_CERT_INFO) is always zero in my tests.
CSSM_EVIDENCE_FORM_APPLE_CERTGROUP has the full chain and but I see no
mention of the results of CSSM_TP_CertGroupVerify.  Things like
CSSMERR_TP_NOT_TRUSTED, CSSMERR_TP_CERT_EXPIRED, etc.

These are per-certificate failure conditions. It is possible for none of the chain certificates to have indidividual failures, and yet for the whole evaluation to fail, due to restrictions on the whole chain being violated (chain length for one).

On the other hand, if you don't see a status element for (say) an expired certificate, that would be unexpected.

Cheers
-- perry
---------------------------------------------------------------------------
Perry The Cynic email@hidden
To a blind optimist, an optimistic realist must seem like an Accursed Cynic.
---------------------------------------------------------------------------



_______________________________________________
Do not post admin requests to the list. They will be ignored.
Apple-cdsa mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/apple-cdsa/email@hidden

This email sent to email@hidden
References: 
 >CSSM_TP_APPLE_EVIDENCE_INFO from SecTrustGetCssmResult has no StatusCodes (From: "sean chandler" <email@hidden>)



Visit the Apple Store online or at retail locations.
1-800-MY-APPLE

Contact Apple | Terms of Use | Privacy Policy

Copyright © 2007 Apple Inc. All rights reserved.