A function identified as deprecated has been superseded and may become unsupported in the future.
Retrieves the CSSM anchor certificates. (Deprecated in Mac OS X v10.5.)
OSStatus SecTrustGetCSSMAnchorCertificates ( const CSSM_DATA **cssmAnchors, uint32 *cssmAnchorCount );
On return, points to an array of anchor certificates. This array is allocated by the system; you should not deallocate it. This data is not guaranteed to remain valid indefinitely; you should retrieve the data immediately and either pass it to other functions or copy it for future use.
On return, points to the number of CSSM_DATA
structures returned in the cssmAnchors
parameter.
A result code. See “Certificate, Key, and Trust Services Result Codes.”
This function returns the certificates in the system’s store of anchor certificates (see SecTrustSetAnchorCertificates
. You can use the CSSM_DATA
structures returned by this function as input to functions in the CSSM API. If you want references to the anchor certificates in a form appropriate for calls to the Certificate, Key, and Trust API, use the SecTrustCopyAnchorCertificates
function instead.
SecTrust.h
Retrieves the user-specified trust setting for a certificate and policy. (Deprecated in Mac OS X v10.5.)
OSStatus SecTrustGetUserTrust ( SecCertificateRef certificate, SecPolicyRef policy, SecTrustUserSetting *trustSetting );
The certificate object from which to obtain the user-specified trust setting.
The policy object for the policy for which to obtain the user-specified trust setting. Use the SecPolicySearchCopyNext
function to obtain a policy object.
On return, points to the user-specified trust setting for the specified certificate and policy.
A result code. See “Certificate, Key, and Trust Services Result Codes.”
Each certificate has one user-specified trust setting per policy. For each policy, the user can specify that the certificate is always to be trusted, is never to be trusted, or can be trusted only after permission is requested from—and granted by—the user. It is also possible for there to be no user-specified trust setting for a policy. See SecTrustEvaluate
for a discussion of the use of user-specified trust settings in a trust evaluation.
The SecTrustGetUserTrust
function returns the effective user trust setting for the certificate and policy specified. You can obtain a certificate from a keychain and typecast the keychain item object (data type SecKeychainItemRef
) to a certificate object (SecCertificateRef
).
See “Trust Result Type Constants” for values and descriptions of the user-specified trust settings. The user can set these values in the Keychain Access utility. If you provide your own UI for these settings, you can use the SecTrustSetUserTrust
function to set them.
SecTrust.h
Sets the user-specified trust settings of a certificate and policy. (Deprecated in Mac OS X v10.5.)
OSStatus SecTrustSetUserTrust ( SecCertificateRef certificate, SecPolicyRef policy, SecTrustUserSetting trustSetting );
The certificate object for which to set the user-specified trust settings. Use the SecCertificateCreateFromData
function to obtain a certificate object.
The policy object for the policy for which to set the user-specified trust settings. Use the SecPolicySearchCopyNext
function to obtain a policy object.
The user-specified trust setting to be set. See “Trust Result Type Constants” for possible values.
A result code. See “Certificate, Key, and Trust Services Result Codes.”
Each certificate has one user-specified trust setting per policy. These trust settings are used by the SecTrustEvaluate
function when evaluating trust. See “Trust Result Type Constants” for values and descriptions of the user-specified trust settings. The user can set these values in the Keychain Access utility. Under certain circumstances, it might be appropriate for an administrative application to change a user trust setting. In that case, you can use the SecTrustSetUserTrust
function to do so. You can obtain a certificate from a keychain and typecast the keychain item object (data type SecKeychainItemRef
) to a certificate object (SecCertificateRef
).
When you call the SecTrustSetUserTrust
function, the user might be prompted to confirm the new setting before it is changed.
You can use the SecTrustGetUserTrust
function to get the current user-specified trust settings for a certificate.
SecTrust.h
© 2003, 2008 Apple Inc. All Rights Reserved. (Last updated: 2008-11-19)