Function

SecTrustSetAnchorCertificatesOnly

Reenables trusting built-in anchor certificates.

Declaration

OSStatus SecTrustSetAnchorCertificatesOnly(SecTrustRef trust, Boolean anchorCertificatesOnly);

Parameters

trust

The trust management object containing the certificate you want to evaluate. A trust management object includes the certificate to be verified plus the policy or policies to be used in evaluating trust. It can optionally also include other certificates to be used in verifying the first certificate. Use the SecTrustCreateWithCertificates function to create a trust management object.

anchorCertificatesOnly

If true, disables trusting any anchors other than the ones passed in with the SecTrustSetAnchorCertificates function.  If false, the built-in anchor certificates are also trusted. If SecTrustSetAnchorCertificates is called and SecTrustSetAnchorCertificatesOnly is not called, only the anchors explicitly passed in are trusted.

Return Value

Discussion

It is safe to call this function concurrently on two or more threads as long as it is not used to change the value of a trust management object that is simultaneously being used by another function. For example, you cannot call this function on one thread at the same time as you are calling the SecTrustEvaluateWithError function for the same trust management object on another thread, but you can call this function and simultaneously evaluate a different trust management object on another thread. Similarly, calls to functions that return information about a trust management object (such as the SecTrustCopyCustomAnchorCertificates function) may fail or return an unexpected result if this function is simultaneously changing the same trust management object on another thread.

See Also

Advanced Trust Configuation

Configuring a Trust

Work around a recoverable trust failure.

SecTrustSetVerifyDate

Sets the date and time against which the certificates in a trust management object are verified.

SecTrustSetAnchorCertificates

Sets the anchor certificates used when evaluating a trust management object.

SecTrustSetExceptions

Sets a list of exceptions that should be ignored when the certificate is evaluated.

SecTrustSetPolicies

Sets the policies to use in an evaluation.

SecTrustSetOptions

Sets option flags for customizing evaluation of a trust object.

SecTrustOptionFlags

The option flags used to condition a trust evaluation.

SecTrustGetNetworkFetchAllowed

Indicates whether a trust evaluation is permitted to fetch missing intermediate certificates from the network.

SecTrustSetNetworkFetchAllowed

Specifies whether a trust evaluation is permitted to fetch missing intermediate certificates from the network.

SecTrustSetOCSPResponse

Attaches Online Certificate Status Protocol (OSCP) response data to a trust object.

SecTrustSetSignedCertificateTimestamps

Attaches signed certificate timestamp data to a trust object.