Creates a trust management object based on certificates and policies.


OSStatus SecTrustCreateWithCertificates(CFTypeRef certificates, CFTypeRef policies, SecTrustRef  _Nullable *trust);



The certificate to be verified, plus any other certificates you think might be useful for verifying the certificate. The certificate to be verified must be the first in the array. If you want to specify only one certificate, you can pass a SecCertificateRef object; otherwise, pass an array of SecCertificateRef objects.


References to one or more policies to be evaluated. You can pass a single SecPolicyRef object, or an array of one or more SecPolicyRef objects. If you pass in multiple policies, all policies must verify for the certificate chain to be considered valid. You typically use one of the standard policies, like the one returned by SecPolicyCreateBasicX509.


On return, points to the newly created trust management object. Call the CFRelease function to release this object when you are finished with it.

Return Value


The trust management object includes a reference to the certificate to be verified, plus pointers to the policies to be evaluated for those certificates. You can optionally include references to other certificates, including anchor certificates, that you think might be in the certificate chain needed to verify the first (leaf) certificate. Any input certificates that turn out to be irrelevant are harmlessly ignored. Call the SecTrustEvaluateWithError function to evaluate the trust management object.

If you omit needed intermediate certificates from the certificates parameter, SecTrustEvaluateWithError searches for certificates in the user’s keychain and in the system’s store of anchor certificates (see SecTrustSetAnchorCertificates). You gain a significant performance benefit by passing in the entire certificate chain, in order, in the certificates parameter.

See Also


Creating a Trust Object

Construct a trust object from a certificate and a policy.


An object used to evaluate trust.


Returns the unique identifier of the opaque type to which a trust object belongs.