Creates a trust management object based on certificates and policies.
- iOS 2.0+
- macOS 10.3+
- Mac Catalyst 13.0+
- tvOS 9.0+
- watchOS 2.0+
The certificate to be verified, plus any other certificates you think might be useful for verifying the certificate. The certificate to be verified must be the first in the array. If you want to specify only one certificate, you can pass a
Secobject; otherwise, pass an array of
References to one or more policies to be evaluated. You can pass a single
Secobject, or an array of one or more
Secobjects. If you pass in multiple policies, all policies must verify for the certificate chain to be considered valid. You typically use one of the standard policies, like the one returned by
Policy Create Basic X509()
On return, points to the newly created trust management object. Call the
CFReleasefunction to release this object when you are finished with it.
A result code. See Security Framework Result Codes.
The trust management object includes a reference to the certificate to be verified, plus pointers to the policies to be evaluated for those certificates. You can optionally include references to other certificates, including anchor certificates, that you think might be in the certificate chain needed to verify the first (leaf) certificate. Any input certificates that turn out to be irrelevant are harmlessly ignored. Call the
Sec function to evaluate the trust management object.
If you omit needed intermediate certificates from the
Sec searches for certificates in the user’s keychain and in the system’s store of anchor certificates (see
Sec). You gain a significant performance benefit by passing in the entire certificate chain, in order, in the