Hello,
I am trying to run cert chain verification and running into a problem where my trust object is null.
SecTrustCreateWithCertificates(certificates, SecPolicyCreateBasicX509(), trustObject)
Where "certificates" is an array that contains 3 SecCertificate, first one is the leaf cert, second is the intermediate and last one is the root cert.
osStatus returned is -50 which translates to "One or more parameters passed to a function were not valid"
If the array only has the leaf cert, the trust object is created just fine but obviously the SecTrustEvaluateWithError returns false since I am not passing in the intermediate and root cert. Root cert is suppose to be the anchor cert so I tried setting it too but no luck. NOTE: I do not have these 3 certs saved in keychain or trust store, I create them using SecCertificateCreateWithData which I receive from the server. I have also verified from open ssl and the generated certs are valid.
Can the trust object be created using self signed or non-public CA ?
Yes. I regularly do this for testing purposes.
In terms of wonky certificates, my experience is that, if an Apple system is grumpy about your cert, it’s the SecCertificateCreateWithData call that fails. I’ve never seen SecTrustCreateWithCertificates return nil. In my experience, if trust evaluation is going to fail, SecTrustCreateWithCertificates works and then any failures get reported via SecTrustEvaluate.
Hence my desire to get a copy of these certs so that I can see what’s going on.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"