Revocation Policy Constants

Use these flags to create a revocation policy object.


Use these flags with a call to the SecPolicyCreateRevocation(_:) function to characterize the constructed policy.



var kSecRevocationCRLMethod: CFOptionFlags

Perform revocation checking using the CRL (Certification Revocation List) method.

var kSecRevocationNetworkAccessDisabled: CFOptionFlags

Consult only locally cached replies; do not use network access.

var kSecRevocationOCSPMethod: CFOptionFlags

Perform revocation checking using OCSP (Online Certificate Status Protocol).

var kSecRevocationPreferCRL: CFOptionFlags

Prefer CRL revocation checking over OCSP; by default, OCSP is preferred.

var kSecRevocationRequirePositiveResponse: CFOptionFlags

Require a positive response to pass the policy.

var kSecRevocationUseAnyAvailableMethod: CFOptionFlags

Perform either OCSP or CRL checking.

See Also

Standard Policies

func SecPolicyCreateBasicX509() -> SecPolicy

Returns a policy object for the default X.509 policy.

func SecPolicyCreateSSL(Bool, CFString?) -> SecPolicy

Returns a policy object for evaluating SSL certificate chains.

func SecPolicyCreateRevocation(CFOptionFlags) -> SecPolicy?

Returns a policy object for checking revocation of certificates.

class SecPolicy

An object that represents a trust policy.

func SecPolicyGetTypeID() -> CFTypeID

Returns the unique identifier of the opaque type to which a policy object belongs.