A function identified as deprecated has been superseded and may become unsupported in the future.
Retrieves the CSSM anchor certificates. (Deprecated in Mac OS X v10.5. Use the SecTrustCopyAnchorCertificates function instead.)
OSStatus SecTrustGetCSSMAnchorCertificates ( const CSSM_DATA **cssmAnchors, uint32 *cssmAnchorCount );
On return, points to an array of anchor certificates. This array is allocated by the system; you should not deallocate it. This data is not guaranteed to remain valid indefinitely; you should retrieve the data immediately and either pass it to other functions or copy it for future use.
On return, points to the number of CSSM_DATA structures returned in the cssmAnchors parameter.
A result code. See “Certificate, Key, and Trust Services Result Codes.”
This function returns the certificates in the system’s store of anchor certificates (see SecTrustSetAnchorCertificates. You can use the CSSM_DATA structures returned by this function as input to functions in the CSSM API.
It is safe to call this function concurrently on two or more threads as long as it is not used to get values from a trust management object that is simultaneously being changed by another function. For example, you can call this function on two threads at the same time, but not if you are simultaneously calling the SecTrustSetAnchorCertificates function for the same trust management object on another thread.
Calls to the underlying CSSM API are deprecated. To get references to the anchor certificates in a form appropriate for calls to the Certificate, Key, and Trust API, use the SecTrustCopyAnchorCertificates function instead.
SecTrust.hRetrieves the user-specified trust setting for a certificate and policy. (Deprecated in Mac OS X v10.5. Use SecTrustSettingsCopyTrustSettings instead.)
OSStatus SecTrustGetUserTrust ( SecCertificateRef certificate, SecPolicyRef policy, SecTrustUserSetting *trustSetting );
The certificate object from which to obtain the user-specified trust setting.
The policy object for the policy for which to obtain the user-specified trust setting. Use the SecPolicySearchCopyNext function to obtain a policy object.
On return, points to the user-specified trust setting for the specified certificate and policy.
A result code. See “Certificate, Key, and Trust Services Result Codes.”
Each certificate has one user-specified trust setting per policy. For each policy, the user can specify that the certificate is always to be trusted, is never to be trusted, or can be trusted only after permission is requested from—and granted by—the user. It is also possible for there to be no user-specified trust setting for a policy. See SecTrustEvaluate for a discussion of the use of user-specified trust settings in a trust evaluation.
The SecTrustGetUserTrust function returns the effective user trust setting for the certificate and policy specified. You can obtain a certificate from a keychain and typecast the keychain item object (data type SecKeychainItemRef) to a certificate object (SecCertificateRef).
See “Trust Result Type Constants” for values and descriptions of the user-specified trust settings. The user can set these values in the Keychain Access utility. If you provide your own UI for these settings, you can use the SecTrustSettingsSetTrustSettings function to set them.
It is safe to call this function concurrently on two or more threads as long as it is not used to get values from a trust management object that is simultaneously being changed by another function. For example, you can call this function on two threads at the same time, but not if you are simultaneously calling the SecTrustSetVerifyDate function for the same trust management object on another thread.
Prior to Mac OS X v10.5, the SecTrustSetUserTrust function did not require user authentication in order to change trust settings. Starting with Mac OS X v10.5, that function is a shell for the SecTrustSettingsSetTrustSettings function, which requires the user to authenticate before changing trust settings. Therefore, the function might block while waiting for user input.
SecTrust.hSets the user-specified trust settings of a certificate and policy. (Deprecated in Mac OS X v10.5. Use SecTrustSettingsSetTrustSettings instead.)
OSStatus SecTrustSetUserTrust ( SecCertificateRef certificate, SecPolicyRef policy, SecTrustUserSetting trustSetting );
The certificate object for which to set the user-specified trust settings. Use the SecCertificateCreateFromData function to obtain a certificate object.
The policy object for the policy for which to set the user-specified trust settings. Use the SecPolicySearchCopyNext function to obtain a policy object.
The user-specified trust setting to be set. See “Trust Result Type Constants” for possible values.
A result code. See “Certificate, Key, and Trust Services Result Codes.”
Each certificate has one user-specified trust setting per policy. These trust settings are used by the SecTrustEvaluate function when evaluating trust. See “Trust Result Type Constants” for values and descriptions of the user-specified trust settings. The user can set these values in the Keychain Access utility. Under certain circumstances, it might be appropriate for an administrative application to change a user trust setting. In that case, you can use the SecTrustSetUserTrust function to do so. You can obtain a certificate from a keychain and typecast the keychain item object (data type SecKeychainItemRef) to a certificate object (SecCertificateRef).
When you call the SecTrustSetUserTrust function, the user might be prompted to confirm the new setting before it is changed.
Prior to Mac OS X v10.5, this function did not require user authentication in order to change trust settings. Starting with Mac OS X v10.5, this function is a shell for the SecTrustSettingsSetTrustSettings function, which requires the user to authenticate before changing trust settings. Therefore, it is not possible to modify per-user trust settings when not running in a GUI environment (that is, when the user is not logged in via the login window). When making changes to system-wide trust settings, the user is prompted with an alert panel asking for an administrator’s name and password unless the calling process is running as root, in which case no futher authentication is needed. Note that this function might block while waiting for user input.
SecTrust.hLast updated: 2010-07-09