/* OS X only: __OSX_AVAILABLE_STARTING(__MAC_10_5, __IPHONE_NA) */ OSStatus SecTrustCopyExtendedResult(SecTrustRef trust, CFDictionaryRef *result) { /* bridge to support old functionality */ #if SECTRUST_DEPRECATION_WARNINGS syslog(LOG_ERR, "WARNING: SecTrustCopyExtendedResult will be deprecated in an upcoming release. Please use SecTrustCopyResult instead."); #endif CFDictionaryRef resultDict = SecTrustCopyResult(trust); if (result == nil) { CFReleaseNull(resultDict); return errSecParam; } *result = resultDict; return errSecSuccess; }
int tls_evaluate_trust(tls_handshake_t hdsk, bool server) { int err; CFDictionaryRef trust_results = NULL; CFArrayRef trust_properties = NULL; SecTrustResultType trust_result = kSecTrustResultInvalid; SecTrustRef trustRef = NULL; require_noerr((err = tls_helper_create_peer_trust(hdsk, server, &trustRef)), errOut); if(trustRef) { require_noerr((err=SecTrustEvaluate(trustRef, &trust_result)), errOut); test_printf("SecTrustEvaluate result: %d\n", trust_result); trust_results = SecTrustCopyResult(trustRef); trust_properties = SecTrustCopyProperties(trustRef); //CFShow(trust_results); //CFShow(trust_properties); /* Pretend it's all OK so we can continue*/ tls_handshake_set_peer_trust(hdsk, tls_handshake_trust_ok); } else { test_printf("No trustref (using cert-less ciphersuite maybe?)"); } err = noErr; errOut: CFReleaseSafe(trust_properties); CFReleaseSafe(trust_results); return err; }
CFArrayRef AppleCryptoNative_X509ChainGetTrustResults(SecTrustRef chain) { if (chain == NULL) { return NULL; } CFDictionaryRef detailsAndStuff = SecTrustCopyResult(chain); CFArrayRef details = NULL; if (detailsAndStuff != NULL) { CFTypeRef detailsPtr = CFDictionaryGetValue(detailsAndStuff, CFSTR("TrustResultDetails")); if (detailsPtr != NULL) { details = (CFArrayRef)detailsPtr; CFRetain(details); } } CFRelease(detailsAndStuff); return details; }