Replacing SecTrustGetResult with SecTrustGetTrustResult

With the deprecated SecTrustGetResult API , It used to return a cert chain and cert trust status chain as well for each certificate in the chain.

How can we achieve the same using SecTrustGetTrustResult. for cert chain -> there is an API SecTrustCopyAnchorCertificates to retrieve cert chain

But no API is there to get cert trust chain.

How can we achieve the same?

SecTrustGetResult https://developer.apple.com/documentation/security/1396077-sectrustgettrustresult?language=objc

SecTrustGetTrustResult https://developer.apple.com/documentation/security/1524331-sectrustgetresult/

SecTrustCopyAnchorCertificates https://developer.apple.com/documentation/security/1401507-sectrustcopyanchorcertificates?language=objc

Up vote post of Shweta-mittal19 Down vote post of Shweta-mittal19
339 views
Posted by
Shweta-mittal19
Reply
Add a Comment

Replies

I think the doc comments in <Security/SecTrust.h> have you covered here. The one for SecTrustGetTrustResult says:

To get the complete certificate chain, use SecTrustCopyCertificateChain.
To get detailed status information for each certificate, use
SecTrustCopyProperties. To get the overall trust result for the evaluation,
use SecTrustGetTrustResult.

And while SecTrustCopyProperties itself is deprecated, it’s doc comment says:

The error information conveyed via this interface is also conveyed via the
returned error of SecTrustEvaluateWithError.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Add a Comment

@eskimo , I need an individual certificate trust status. How can I get that?

Posted by
Shweta-mittal19
Up vote reply of Shweta-mittal19 Down vote reply of Shweta-mittal19
Add a Comment

The doc comments I quoted above describe a concrete path forward, namely, call SecTrustEvaluateWithError and look at the returned error. Did you you explore that path? What did you find?

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Add a Comment