site_archiver@lists.apple.com Delivered-To: darwin-dev@lists.apple.com Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:from:to :content-type:content-transfer-encoding:mime-version:subject:date :x-mailer; bh=7xn9zdJwL8PVwBdNBhHA0p1ot5ka+ogxL+SeELXPVBE=; b=FC0GYdMrj9m/QnD2ctqSmLW+t+9tbaGTOTPNSRqfDJnpoCjZ0PVX4XNFewZ2squ9hE 768DIsG2uV2AViSHDg1c3XY3gBY8loPiqRP8UYfmNtD3BKB8PIPY10lcierUgbvxtZnn fM5dlL9Y4Tqv9FffRJSAsaUmfcQfI/1uWCNy8= Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:from:to:content-type:content-transfer-encoding :mime-version:subject:date:x-mailer; b=rAhyDx+OV/A6J78xdet1Q0tZ+YMJEvh0t3IehKW2Rc9Jn2a8CN6R/9paZyQPYhkQCT epty/EYwsTb7cCjBnqbW2vsvqYR/9RAtz+iYAVOUri4vhr4Xk1LWt0R517BphxlwZUd0 5V9SICRmP/yilQlqb1E94fwNdOvLTG86mtGR8= Hello, Thanks, Ryan Govostes // Create a trust reference from our certificates SecTrustRef trustRef; SecTrustCreateWithCertificates(peercerts, policyRef, &trustRef); // We don't want any certificates from the keychains CFArrayRef noKeychains = CFArrayCreate(NULL, NULL, 0, NULL); SecTrustSetKeychains(trustRef, noKeychains); // Now get the evaluation result SecTrustResultType evalResult; SecTrustEvaluate(trustRef, &evalResult); _______________________________________________ Do not post admin requests to the list. They will be ignored. Darwin-dev mailing list (Darwin-dev@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/darwin-dev/site_archiver%40lists.appl... I have a SecCertificateRef and I would like to verify that it was issued by a root certificate I control. I am using code like that below to perform the verification. However, since my root certificate has no trust setting, SecTrustEvaluate cannot definitively decide to accept or deny the target certificate. I think I need to use SecTrustSettingsSetTrustSettings, but I don't want to change the settings for the entire user, only the process (I don't want a dialog asking for confirmation, for instance). Is there some way to make the root certificate trusted for my application alone? // Get a policy reference SecPolicySearchRef searchRef; SecPolicyRef policyRef; SecPolicySearchCreate(CSSM_CERT_X_509v3, &CSSMOID_APPLE_X509_BASIC, NULL, &searchRef); SecPolicySearchCopyNext(searchRef, &policyRef); // Set the anchor certificate list to my root certificate CFArrayRef myAnchors = CFArrayCreate(NULL, &rootCert, 1, &kCFTypeArrayCallBacks); SecTrustSetAnchorCertificates(trustRef, myAnchors); This email sent to site_archiver@lists.apple.com