Security-58286.260.20.tar.gz

[apple/security.git] / OSX / libsecurity_apple_x509_tp / lib / tpCertGroup.cpp

diff --git a/OSX/libsecurity_apple_x509_tp/lib/tpCertGroup.cpp b/OSX/libsecurity_apple_x509_tp/lib/tpCertGroup.cpp
index 67f9a47db70a28443fcf04100d3038e836362cc6..0ad65a537522e64de4d4e33b972874ba7c9d15dd 100644 (file)
--- a/OSX/libsecurity_apple_x509_tp/lib/tpCertGroup.cpp
+++ b/OSX/libsecurity_apple_x509_tp/lib/tpCertGroup.cpp
@@ -24,7 +24,6 @@
 #include "certGroupUtils.h"
 #include "TPCertInfo.h"
 #include "TPCrlInfo.h"
-#include "tpCertAllowList.h"
 #include "tpPolicies.h"
 #include "tpdebugging.h"
 #include "tpCrlVerify.h"
@@ -473,6 +472,10 @@ static bool checkPolicyOid(
                tpPolicy = kTP_PCSEscrowService;
                return true;
        }
+       else if(tpCompareOids(&oid, &CSSMOID_APPLE_TP_PROVISIONING_PROFILE_SIGNING)) {
+               tpPolicy = kTP_ProvisioningProfileSigning;
+               return true;
+       }
        return false;
 }
 
@@ -732,13 +735,7 @@ void AppleTPSession::CertGroupVerify(CSSM_CL_HANDLE clHand,
                            outCertGroup.isAllowedError(constructReturn)) {
                                constructReturn = CSSM_OK;
                        }
-            
-                       /*
-                        * Allow non-trusted root if whitelist check permits
-                        */
-                       if (constructReturn == CSSMERR_TP_NOT_TRUSTED) {
-                               constructReturn = tpCheckCertificateAllowList(outCertGroup);
-                       }
+
                        break;
        }