static SecPolicyRef makeOCSPPolicy() { CFRef<SecPolicyRef> policy; MacOSError::check(SecPolicyCopy(CSSM_CERT_X_509v3, &CSSMOID_APPLE_TP_REVOCATION_OCSP, &policy.aref())); CSSM_APPLE_TP_OCSP_OPTIONS options; memset(&options, 0, sizeof(options)); options.Version = CSSM_APPLE_TP_OCSP_OPTS_VERSION; options.Flags = CSSM_TP_ACTION_OCSP_SUFFICIENT; CSSM_DATA optData = { sizeof(options), (uint8 *)&options }; MacOSError::check(SecPolicySetValue(policy, &optData)); return policy.yield(); }
/* convert an OID to a SecPolicyRef */ SecPolicyRef oidToPolicy( const CSSM_OID *oid) { OSStatus ortn; SecPolicyRef policyRef = NULL; ortn = SecPolicyCopy(CSSM_CERT_X_509v3, oid, &policyRef); if(ortn) { cssmPerror("SecPolicyCopy", ortn); return NULL; } return policyRef; }
int main(int argc, char **argv) { bool quiet = false; int arg; while ((arg = getopt(argc, argv, "qh")) != -1) { switch (arg) { case 'q': quiet = true; break; case 'h': usage(argv); } } unsigned numCerts = argc - optind; if(numCerts == 0) { usage(argv); } CFMutableArrayRef certArray = CFArrayCreateMutable(NULL, 0, &kCFTypeArrayCallBacks); for(int dex=optind; dex<argc; dex++) { SecCertificateRef certRef = certFromFile(argv[dex]); if(certRef == NULL) { exit(1); } CFArrayAppendValue(certArray, certRef); CFRelease(certRef); } OSStatus ortn; SecPolicyRef policyRef = NULL; ortn = SecPolicyCopy(CSSM_CERT_X_509v3, &CSSMOID_APPLE_TP_SSL, &policyRef); if(ortn) { cssmPerror("SecPolicyCopy", ortn); exit(1); } int ourRtn = doTest(certArray, policyRef, quiet); CFRelease(policyRef); CFRelease(certArray); return ourRtn; }