static SecPolicyRef makeOCSPPolicy()
{
	CFRef<SecPolicyRef> policy;
	MacOSError::check(SecPolicyCopy(CSSM_CERT_X_509v3, &CSSMOID_APPLE_TP_REVOCATION_OCSP, &policy.aref()));
	CSSM_APPLE_TP_OCSP_OPTIONS options;
	memset(&options, 0, sizeof(options));
	options.Version = CSSM_APPLE_TP_OCSP_OPTS_VERSION;
	options.Flags = CSSM_TP_ACTION_OCSP_SUFFICIENT;
	CSSM_DATA optData = { sizeof(options), (uint8 *)&options };
	MacOSError::check(SecPolicySetValue(policy, &optData));
	return policy.yield();
}
Beispiel #2
0
/* convert an OID to a SecPolicyRef */
SecPolicyRef oidToPolicy(
    const CSSM_OID *oid)
{
    OSStatus ortn;
    SecPolicyRef policyRef = NULL;

    ortn = SecPolicyCopy(CSSM_CERT_X_509v3, oid, &policyRef);
    if(ortn) {
        cssmPerror("SecPolicyCopy", ortn);
        return NULL;
    }
    return policyRef;
}
int main(int argc, char **argv)
{
	bool quiet = false;
	
	int arg;
	while ((arg = getopt(argc, argv, "qh")) != -1) {
		switch (arg) {
			case 'q':
				quiet = true;
				break;
			case 'h':
				usage(argv);
		}
	}
	
	unsigned numCerts = argc - optind;
	if(numCerts == 0) {
		usage(argv);
	}
	CFMutableArrayRef certArray = CFArrayCreateMutable(NULL, 0, 
		&kCFTypeArrayCallBacks);
	for(int dex=optind; dex<argc; dex++) {
		SecCertificateRef certRef = certFromFile(argv[dex]);
		if(certRef == NULL) {
			exit(1);
		}
		CFArrayAppendValue(certArray, certRef);
		CFRelease(certRef);
	}
	
	OSStatus ortn;
	SecPolicyRef policyRef = NULL;
	ortn = SecPolicyCopy(CSSM_CERT_X_509v3, &CSSMOID_APPLE_TP_SSL, &policyRef);
	if(ortn) {
		cssmPerror("SecPolicyCopy", ortn);
		exit(1);
	}
	
	int ourRtn = doTest(certArray, policyRef, quiet);
	CFRelease(policyRef);
	CFRelease(certArray);
	return ourRtn;
}