Replacing SecTrustGetResult with SecTrustGetTrustResult

App & System Services Core OS
Shweta-mittal19 OP
Created Oct ’23
Replies 3
Boosts 0
Views 506
Participants 2

With the deprecated SecTrustGetResult API , It used to return a cert chain and cert trust status chain as well for each certificate in the chain.

How can we achieve the same using SecTrustGetTrustResult. for cert chain -> there is an API SecTrustCopyAnchorCertificates to retrieve cert chain

But no API is there to get cert trust chain.

How can we achieve the same?

SecTrustGetResult https://developer.apple.com/documentation/security/1396077-sectrustgettrustresult?language=objc

SecTrustGetTrustResult https://developer.apple.com/documentation/security/1524331-sectrustgetresult/

SecTrustCopyAnchorCertificates https://developer.apple.com/documentation/security/1401507-sectrustcopyanchorcertificates?language=objc

Replies  3
Boosts  0
Views  506
Participants  2
DTS Engineer OP
Apple
Oct ’23

I think the doc comments in <Security/SecTrust.h> have you covered here. The one for SecTrustGetTrustResult says:

To get the complete certificate chain, use SecTrustCopyCertificateChain.
To get detailed status information for each certificate, use
SecTrustCopyProperties. To get the overall trust result for the evaluation,
use SecTrustGetTrustResult.

And while SecTrustCopyProperties itself is deprecated, it’s doc comment says:

The error information conveyed via this interface is also conveyed via the
returned error of SecTrustEvaluateWithError.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0
Shweta-mittal19 OP
Oct ’23

@eskimo , I need an individual certificate trust status. How can I get that?

0
DTS Engineer OP
Apple
Oct ’23

The doc comments I quoted above describe a concrete path forward, namely, call SecTrustEvaluateWithError and look at the returned error. Did you you explore that path? What did you find?

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0
Replacing SecTrustGetResult with SecTrustGetTrustResult
First post date Last post date
 
 
Q