"kSecTrustResultProceed indicates that the user has explicitly trusted a certificate."
Problem: kSecTrustResultProceed returned from 'SecTrustEvaluate' for some users(733/million), while their cert chain contains non explicitly trusted certs:
cert chain:
***.***.com
Go Daddy Secure Certificate Authority - G2
Go Daddy Root Certificate Authority - G2
(Go Daddy is trusted on iOS, not explicitly trusted)
I cannot reproduce this on my phone, but it does exist, for some users, including iOS 17.
Any thoughts?
SecTrustResultType res = kSecTrustResultInvalid;
SecTrustEvaluate(secTrust, &res);
if (res == kSecTrustResultUnspecified) {
return YES;
}
if (res == kSecTrustResultProceed) {
// some check... found this question
return YES;
}
if (res != kSecTrustResultRecoverableTrustFailure) {
return NO;
}
// some recover...
return recovered;