The option flags used to condition a trust evaluation.


struct SecTrustOptionFlags


Use these flags in calls to the SecTrustSetOptions(_:_:) function.



init(rawValue: UInt32)

Initializes a trust option flags structure.


static var allowExpired: SecTrustOptionFlags

Allow expired certificates (except for the root certificate).

static var leafIsCA: SecTrustOptionFlags

Allow CA certificates as leaf certificates.

static var fetchIssuerFromNet: SecTrustOptionFlags

Allow network downloads of CA certificates.

static var allowExpiredRoot: SecTrustOptionFlags

Allow expired root certificates.

static var requireRevPerCert: SecTrustOptionFlags

Require a positive revocation check for each certificate.

static var useTrustSettings: SecTrustOptionFlags

Use TrustSettings instead of anchors.

static var implicitAnchors: SecTrustOptionFlags

Treat properly self-signed certificates as anchors implicitly.


Conforms To

See Also

Advanced Trust Configuation

Configuring a Trust

Work around a recoverable trust failure.

func SecTrustSetVerifyDate(SecTrust, CFDate) -> OSStatus

Sets the date and time against which the certificates in a trust management object are verified.

func SecTrustSetAnchorCertificates(SecTrust, CFArray?) -> OSStatus

Sets the anchor certificates used when evaluating a trust management object.

func SecTrustSetAnchorCertificatesOnly(SecTrust, Bool) -> OSStatus

Reenables trusting built-in anchor certificates.

func SecTrustSetExceptions(SecTrust, CFData?) -> Bool

Sets a list of exceptions that should be ignored when the certificate is evaluated.

func SecTrustSetPolicies(SecTrust, CFTypeRef) -> OSStatus

Sets the policies to use in an evaluation.

func SecTrustSetOptions(SecTrust, SecTrustOptionFlags) -> OSStatus

Sets option flags for customizing evaluation of a trust object.

func SecTrustGetNetworkFetchAllowed(SecTrust, UnsafeMutablePointer<DarwinBoolean>) -> OSStatus

Indicates whether a trust evaluation is permitted to fetch missing intermediate certificates from the network.

func SecTrustSetNetworkFetchAllowed(SecTrust, Bool) -> OSStatus

Specifies whether a trust evaluation is permitted to fetch missing intermediate certificates from the network.

func SecTrustSetOCSPResponse(SecTrust, CFTypeRef?) -> OSStatus

Attaches Online Certificate Status Protocol (OSCP) response data to a trust object.

func SecTrustSetSignedCertificateTimestamps(SecTrust, CFArray?) -> OSStatus

Attaches signed certificate timestamp data to a trust object.