• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: Certificate trust evaluation
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Certificate trust evaluation

  • Subject: Re: Certificate trust evaluation
  • From: Paul Nelson <email@hidden>
  • Date: Wed, 3 Jun 2009 21:40:14 -0500
You are asking on the wrong list. Try the Apple CDSA mailing list. What you are asking is possible any involves providing a list of trust points when evaluating the cert.

Paul Nelson
Thursby Software Systems, Inc.

On Jun 3, 2009, at 9:26 PM, Ryan Govostes <email@hidden> wrote:

Hello,

I have a SecCertificateRef and I would like to verify that it was issued by a root certificate I control. I am using code like that below to perform the verification.

However, since my root certificate has no trust setting, SecTrustEvaluate cannot definitively decide to accept or deny the target certificate. I think I need to use SecTrustSettingsSetTrustSettings, but I don't want to change the settings for the entire user, only the process (I don't want a dialog asking for confirmation, for instance).

Is there some way to make the root certificate trusted for my application alone?

Thanks,
Ryan Govostes



// Get a policy reference
SecPolicySearchRef searchRef;
SecPolicyRef policyRef;
SecPolicySearchCreate(CSSM_CERT_X_509v3, &CSSMOID_APPLE_X509_BASIC, NULL, &searchRef);
SecPolicySearchCopyNext(searchRef, &policyRef);

// Create a trust reference from our certificates
SecTrustRef trustRef;
SecTrustCreateWithCertificates(peercerts, policyRef, &trustRef);

// Set the anchor certificate list to my root certificate
CFArrayRef myAnchors = CFArrayCreate(NULL, &rootCert, 1, &kCFTypeArrayCallBacks);
SecTrustSetAnchorCertificates(trustRef, myAnchors);

// We don't want any certificates from the keychains
CFArrayRef noKeychains = CFArrayCreate(NULL, NULL, 0, NULL);
SecTrustSetKeychains(trustRef, noKeychains);

// Now get the evaluation result
SecTrustResultType evalResult;
SecTrustEvaluate(trustRef, &evalResult);
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-dev mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden



_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-dev mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden






References: 


 >Certificate trust evaluation (From: Ryan Govostes <email@hidden>)






    

  • Prev by Date:
Certificate trust evaluation

    • 

  • Next by Date:
Re: hdiutil behavior in automated scripts

    • 

  • Previous by thread:
Certificate trust evaluation

    • 

  • Next by thread:
How to get driver version ?

    • 

  • Index(es):

      

    • Date
      • 

    • Thread
      • 

    

    •