/* OS X only: __OSX_AVAILABLE_STARTING(__MAC_10_5, __IPHONE_NA) */
OSStatus SecTrustCopyExtendedResult(SecTrustRef trust, CFDictionaryRef *result)
{
/* bridge to support old functionality */
#if SECTRUST_DEPRECATION_WARNINGS
syslog(LOG_ERR, "WARNING: SecTrustCopyExtendedResult will be deprecated in an upcoming release. Please use SecTrustCopyResult instead.");
#endif
CFDictionaryRef resultDict = SecTrustCopyResult(trust);
if (result == nil) {
CFReleaseNull(resultDict);
return errSecParam;
}
*result = resultDict;
return errSecSuccess;
}
int tls_evaluate_trust(tls_handshake_t hdsk, bool server)
{
int err;
CFDictionaryRef trust_results = NULL;
CFArrayRef trust_properties = NULL;
SecTrustResultType trust_result = kSecTrustResultInvalid;
SecTrustRef trustRef = NULL;
require_noerr((err = tls_helper_create_peer_trust(hdsk, server, &trustRef)), errOut);
if(trustRef) {
require_noerr((err=SecTrustEvaluate(trustRef, &trust_result)), errOut);
test_printf("SecTrustEvaluate result: %d\n", trust_result);
trust_results = SecTrustCopyResult(trustRef);
trust_properties = SecTrustCopyProperties(trustRef);
//CFShow(trust_results);
//CFShow(trust_properties);
/* Pretend it's all OK so we can continue*/
tls_handshake_set_peer_trust(hdsk, tls_handshake_trust_ok);
} else {
test_printf("No trustref (using cert-less ciphersuite maybe?)");
}
err = noErr;
errOut:
CFReleaseSafe(trust_properties);
CFReleaseSafe(trust_results);
return err;
}
CFArrayRef AppleCryptoNative_X509ChainGetTrustResults(SecTrustRef chain)
{
if (chain == NULL)
{
return NULL;
}
CFDictionaryRef detailsAndStuff = SecTrustCopyResult(chain);
CFArrayRef details = NULL;
if (detailsAndStuff != NULL)
{
CFTypeRef detailsPtr = CFDictionaryGetValue(detailsAndStuff, CFSTR("TrustResultDetails"));
if (detailsPtr != NULL)
{
details = (CFArrayRef)detailsPtr;
CFRetain(details);
}
}
CFRelease(detailsAndStuff);
return details;
}
