The trust policies implemented by the AppleX509TP CDSA module are shown in Table B-1. A pointer to a policy-specific option structure is placed in CSSM_FIELD.FieldValue.Data
; this field is one of the fields in CSSM_TP_CALLERAUTH_CONTEXT.Policy.PolicyIds
array.
Policy |
OID |
Options |
Description |
---|---|---|---|
Apple Basic |
|
None |
Basic X509-style certificate evaluation |
SSL |
|
|
Basic X509 plus host name verification per RFC 2818 |
SMIME |
|
|
Basic X509 plus email address verification and KeyUsage enforcement per RFC 2632 |
Extensible Authentication Protocol (EAP) |
|
|
Functionally identical to SSL policy. A separate OID is provided to facilitate per-policy, per-certificate trust settings using the SecTrust mechanism |
CRL Revocation |
|
|
Revocation using certificate revocation lists |
Certificate revocation list policy options are defined in the following structure:
typedef uint32 CSSM_APPLE_TP_CRL_OPT_FLAGS; |
enum { |
// require CRL verification for each cert; default is "try" |
CSSM_TP_ACTION_REQUIRE_CRL_PER_CERT = 0x00000001, |
// enable fetch from network |
CSSM_TP_ACTION_FETCH_CRL_FROM_NET = 0x00000002 |
}; |
typedef struct { |
// CSSM_APPLE_TP_CRL_OPTS_VERSION |
uint32 Version |
CSSM_APPLE_TP_CRL_OPT_FLAGS CrlFlags; |
/* |
* When non-NULL, store CRLs fetched from net here. |
* This is most likely a pointer to one of the |
* CSSM_TP_CALLERAUTH_CONTEXT.DBList entries but that |
* is not a strict requirement. |
*/ |
CSSM_DL_DB_HANDLE_PTR crlStore; |
} CSSM_APPLE_TP_CRL_OPTIONS; |
When the CSSM_TP_ACTION_REQUIRE_CRL_PER_CERT
flag is set, a certificate is not valid unless every certificate in the certificate chain has been successfully verified using a certificate revocation list. This check is in addition to any other certificate-specific or policy-specific checks required for validation. When this flag is not set, CRLs are evaluated if they are available, but it is not an error if the trust policy module cannot find a CRL. In either case, the certificate is not considered valid if a CRL is found that indicates that any certificate in the certificate chain has been revoked.
If multiple policies are specified, they are evaluated sequentially. In this case, the VerificationAbortOn
field of the CSSM_TP_CALLERAUTH_CONTEXT
structure specifies when to abort the verification process (see the “Trust Policy Services API” chapter in Common Security: CDSA and CSSM, version 2 (with corrigenda) from The Open Group (http://www.opengroup.org/security/cdsa.htm)). The AppleX509TP CDSA module supports the following values for the VerificationAbortOn
field:
CSSM_TP_STOP_ON_NONE
; continue to subsequent policies if one policy evaluation fails
CSSM_TP_STOP_ON_FIRST_FAIL
; stop immediately if a policy evaluation fails
CSSM_TP_STOP_ON_POLICY
; treated as the same as CSSM_TP_STOP_ON_FIRST_FAIL
© 2003, 2008 Apple Inc. All Rights Reserved. (Last updated: 2008-11-19)