site_archiver@lists.apple.com Delivered-To: darwin-dev@lists.apple.com Paul Nelson Thursby Software Systems, Inc. On Jun 3, 2009, at 9:26 PM, Ryan Govostes <rgovostes@gmail.com> wrote: Hello, Thanks, Ryan Govostes // Create a trust reference from our certificates SecTrustRef trustRef; SecTrustCreateWithCertificates(peercerts, policyRef, &trustRef); // We don't want any certificates from the keychains CFArrayRef noKeychains = CFArrayCreate(NULL, NULL, 0, NULL); SecTrustSetKeychains(trustRef, noKeychains); // Now get the evaluation result SecTrustResultType evalResult; SecTrustEvaluate(trustRef, &evalResult); _______________________________________________ Do not post admin requests to the list. They will be ignored. Darwin-dev mailing list (Darwin-dev@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/darwin-dev/nelson%40thursby.com This email sent to nelson@thursby.com _______________________________________________ Do not post admin requests to the list. They will be ignored. Darwin-dev mailing list (Darwin-dev@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/darwin-dev/site_archiver%40lists.appl... You are asking on the wrong list. Try the Apple CDSA mailing list. What you are asking is possible any involves providing a list of trust points when evaluating the cert. I have a SecCertificateRef and I would like to verify that it was issued by a root certificate I control. I am using code like that below to perform the verification. However, since my root certificate has no trust setting, SecTrustEvaluate cannot definitively decide to accept or deny the target certificate. I think I need to use SecTrustSettingsSetTrustSettings, but I don't want to change the settings for the entire user, only the process (I don't want a dialog asking for confirmation, for instance). Is there some way to make the root certificate trusted for my application alone? // Get a policy reference SecPolicySearchRef searchRef; SecPolicyRef policyRef; SecPolicySearchCreate(CSSM_CERT_X_509v3, &CSSMOID_APPLE_X509_BASIC, NULL, &searchRef); SecPolicySearchCopyNext(searchRef, &policyRef); // Set the anchor certificate list to my root certificate CFArrayRef myAnchors = CFArrayCreate(NULL, &rootCert, 1, &kCFTypeArrayCallBacks); SecTrustSetAnchorCertificates(trustRef, myAnchors); This email sent to site_archiver@lists.apple.com