Deprecated Certificate, Key, and Trust Services Functions

A function identified as deprecated has been superseded and may become unsupported in the future.

Deprecated in Mac OS X v10.5

SecTrustGetCSSMAnchorCertificates

Retrieves the CSSM anchor certificates. (Deprecated in Mac OS X v10.5.)

OSStatus SecTrustGetCSSMAnchorCertificates (
   const CSSM_DATA **cssmAnchors,
   uint32 *cssmAnchorCount
);

Parameters

cssmAnchors: On return, points to an array of anchor certificates. This array is allocated by the system; you should not deallocate it. This data is not guaranteed to remain valid indefinitely; you should retrieve the data immediately and either pass it to other functions or copy it for future use.
cssmAnchorCount: On return, points to the number of CSSM_DATA structures returned in the cssmAnchors parameter.

Return Value

A result code. See “Certificate, Key, and Trust Services Result Codes.”

Discussion

This function returns the certificates in the system’s store of anchor certificates (see SecTrustSetAnchorCertificates. You can use the CSSM_DATA structures returned by this function as input to functions in the CSSM API. If you want references to the anchor certificates in a form appropriate for calls to the Certificate, Key, and Trust API, use the SecTrustCopyAnchorCertificates function instead.

Availability

Available in Mac OS X v10.2 and later.
Deprecated in Mac OS X v10.5.

Declared In

SecTrust.h

SecTrustGetUserTrust

Retrieves the user-specified trust setting for a certificate and policy. (Deprecated in Mac OS X v10.5.)

OSStatus SecTrustGetUserTrust (
   SecCertificateRef certificate,
   SecPolicyRef policy,
   SecTrustUserSetting *trustSetting
);

Parameters

certificate: The certificate object from which to obtain the user-specified trust setting.
policy: The policy object for the policy for which to obtain the user-specified trust setting. Use the SecPolicySearchCopyNext function to obtain a policy object.
trustSetting: On return, points to the user-specified trust setting for the specified certificate and policy.

Return Value

A result code. See “Certificate, Key, and Trust Services Result Codes.”

Discussion

Each certificate has one user-specified trust setting per policy. For each policy, the user can specify that the certificate is always to be trusted, is never to be trusted, or can be trusted only after permission is requested from—and granted by—the user. It is also possible for there to be no user-specified trust setting for a policy. See SecTrustEvaluate for a discussion of the use of user-specified trust settings in a trust evaluation.

The SecTrustGetUserTrust function returns the effective user trust setting for the certificate and policy specified. You can obtain a certificate from a keychain and typecast the keychain item object (data type SecKeychainItemRef) to a certificate object (SecCertificateRef).

See “Trust Result Type Constants” for values and descriptions of the user-specified trust settings. The user can set these values in the Keychain Access utility. If you provide your own UI for these settings, you can use the SecTrustSetUserTrust function to set them.

Availability

Available in Mac OS X v10.2 and later.
Deprecated in Mac OS X v10.5.

Declared In

SecTrust.h

SecTrustSetUserTrust

Sets the user-specified trust settings of a certificate and policy. (Deprecated in Mac OS X v10.5.)

OSStatus SecTrustSetUserTrust (
   SecCertificateRef certificate,
   SecPolicyRef policy,
   SecTrustUserSetting trustSetting
);

Parameters

certificate: The certificate object for which to set the user-specified trust settings. Use the SecCertificateCreateFromData function to obtain a certificate object.
policy: The policy object for the policy for which to set the user-specified trust settings. Use the SecPolicySearchCopyNext function to obtain a policy object.
trustSetting: The user-specified trust setting to be set. See “Trust Result Type Constants” for possible values.

Return Value

A result code. See “Certificate, Key, and Trust Services Result Codes.”

Discussion

Each certificate has one user-specified trust setting per policy. These trust settings are used by the SecTrustEvaluate function when evaluating trust. See “Trust Result Type Constants” for values and descriptions of the user-specified trust settings. The user can set these values in the Keychain Access utility. Under certain circumstances, it might be appropriate for an administrative application to change a user trust setting. In that case, you can use the SecTrustSetUserTrust function to do so. You can obtain a certificate from a keychain and typecast the keychain item object (data type SecKeychainItemRef) to a certificate object (SecCertificateRef).

When you call the SecTrustSetUserTrust function, the user might be prompted to confirm the new setting before it is changed.

You can use the SecTrustGetUserTrust function to get the current user-specified trust settings for a certificate.

Availability

Available in Mac OS X v10.2 and later.
Deprecated in Mac OS X v10.5.

Declared In

SecTrust.h

< Previous PageNext Page >

Hide TOC

Did this document help you?
Yes: Tell us what works for you. It’s good, but: Report typos, inaccuracies, and so forth. It wasn’t helpful: Tell us what would have helped.