7 Replies
      Latest reply on Apr 10, 2019 11:39 AM by Peter2131
      TyngJJ Level 1 Level 1 (0 points)

        I previously would check if one certificate signed another (used to construct a certificate chain, NOT to validate), using the following code to create the data representation for the leaf certificate:

            CFDataRef data = SecCertificateCopyData(certificate);
            const UInt8 *buffer = CFDataGetBytePtr(data);
            X509 *x = X509_new();
            d2i_X509(&x, &buffer, CFDataGetLength(data));
            int length = i2d_X509_CINF(x->cert_info, NULL);
            unsigned char *info = malloc(length), *infoPtr = info;
            i2d_X509_CINF(x->cert_info, &info);
            return CFDataCreateWithBytesNoCopy(kCFAllocatorDefault, infoPtr, length, kCFAllocatorMalloc);

        OpenSSL is now gone from 10.11, is there another method of creating this representation?

        I didn't see anything like this in CryptoCompatibility