Evaluates trust for the specified certificate and policies.
- iOS 12.0+
- macOS 10.14+
- Mac Catalyst 13.0+
- tvOS 12.0+
- watchOS 5.0+
The trust management object to evaluate. A trust management object includes the certificate to be verified plus the policy or policies to be used in evaluating trust. It can optionally also include other certificates to be used in verifying the first certificate. Use the
Secfunction to create a trust management object.
Trust Create With Certificates(_: _: _:)
An error pointer the method uses to return an error when trust evaluation fails. Set to
nilto ignore the error.
true if the certificate is trusted; otherwise,
This method evaluates a certificate’s validity to establish trust for a particular use—for example, in creating a digital signature or to establish a Secure Sockets Layer connection. The method validates a certificate by verifying its signature plus the signatures of the certificates in its certificate chain, up to the anchor certificate, according to the policy or policies included in the trust management object.
If the trust management instance lacks some of the certificates needed to verify the leaf certificate,
Sec searches for certificates:
In the user’s keychain.
Among any certificates you previously provided by calling
Trust Set Anchor Certificates(_: _:)
In a system-provided set of keychains provided for this purpose.
Over the network, if certain extensions are present in the certificate used to build the chain.
Sec, you can optionally call any of the methods that start with
Sec to manage the evaluation. For example, you can verify the validity of the certificates in a trust at a particular date and time, rather than using the current date and time, by first calling the
Sec method returns a pass or fail indicator and an error describing the reason for any failure. In the case of multiple certificate failures, the error contains a code from Security Framework Result Codes representing the most serious. The localized description indicates the certificate with the most serious problem and the type of error. The underlying error, located in the error’s
user dictionary as the value for the
NSUnderlying key, contains a localized description of each certificate in the chain that had an error and all errors found with that certificate.
Sec from your app’s main run loop because it might require network access to fetch intermediate certificates, or to perform revocation checking. To perform evaluation asynchronously, use