]> git.saurik.com Git - apple/security.git/blobdiff - OSX/libsecurity_keychain/lib/TrustAdditions.cpp
projects / apple / security.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Security-58286.260.20.tar.gz
[apple/security.git] / OSX / libsecurity_keychain / lib / TrustAdditions.cpp
diff --git a/OSX/libsecurity_keychain/lib/TrustAdditions.cpp b/OSX/libsecurity_keychain/lib/TrustAdditions.cpp
index 8d88ba8d4c6cd1ee0bbb86e3ec218095c4db582c..4465256b5fc55f9c52e366a391037e5095a2e66b 100644 (file)
--- a/OSX/libsecurity_keychain/lib/TrustAdditions.cpp
+++ b/OSX/libsecurity_keychain/lib/TrustAdditions.cpp
@@ -103,7 +103,7 @@ static void SafeCFRelease(void * CF_CONSUMED cfTypeRefPtr)
 // utility function to create a CFDataRef from the contents of the specified file;
 // caller must release
 //
 // utility function to create a CFDataRef from the contents of the specified file;
 // caller must release
 //
-static CFDataRef dataWithContentsOfFile(const char *fileName)
+static CFDataRef CF_RETURNS_RETAINED dataWithContentsOfFile(const char *fileName)
 {
        int rtn;
        int fd;
 {
        int rtn;
        int fd;
@@ -194,7 +194,7 @@ static SecKeychainRef systemRootStore()
 
 // returns a CFDictionaryRef created from the specified XML plist file; caller must release
 //
 
 // returns a CFDictionaryRef created from the specified XML plist file; caller must release
 //
-static CFDictionaryRef dictionaryWithContentsOfPlistFile(const char *fileName)
+static CFDictionaryRef CF_RETURNS_RETAINED dictionaryWithContentsOfPlistFile(const char *fileName)
 {
        CFDictionaryRef resultDict = NULL;
        CFDataRef fileData = dataWithContentsOfFile(fileName);
 {
        CFDictionaryRef resultDict = NULL;
        CFDataRef fileData = dataWithContentsOfFile(fileName);
@@ -416,7 +416,6 @@ static SecCertificateRef _rootCertificateWithSubjectOfCertificate(SecCertificate
     SecKeyRef keyRef = NULL;
     SecCertificateRef resultCert = NULL;
        // note: Sec* APIs are not re-entrant due to the API lock
     SecKeyRef keyRef = NULL;
     SecCertificateRef resultCert = NULL;
        // note: Sec* APIs are not re-entrant due to the API lock
-       // status = SecCertificateCopyPublicKey(certificate, &keyRef);
        BEGIN_SECAPI_INTERNAL_CALL
        keyRef = Certificate::required(certificate)->publicKey()->handle();
        END_SECAPI_INTERNAL_CALL
        BEGIN_SECAPI_INTERNAL_CALL
        keyRef = Certificate::required(certificate)->publicKey()->handle();
        END_SECAPI_INTERNAL_CALL
@@ -826,37 +825,6 @@ bool isRevocationStatusCode(CSSM_RETURN statusCode)
         return false;
 }
 
         return false;
 }
 
-// returns true if the given revocation status code can be ignored.
-//
-bool ignorableRevocationStatusCode(CSSM_RETURN statusCode)
-{
-    if (!isRevocationStatusCode(statusCode))
-               return false;
-
-       // if OCSP and/or CRL revocation info was unavailable for this certificate,
-       // and revocation checking is not required, we can ignore this status code.
-
-       CFStringRef ocsp_val = (CFStringRef) CFPreferencesCopyValue(kSecRevocationOcspStyle, CFSTR(kSecRevocationDomain), kCFPreferencesCurrentUser, kCFPreferencesAnyHost);
-       CFStringRef crl_val = (CFStringRef) CFPreferencesCopyValue(kSecRevocationCrlStyle, CFSTR(kSecRevocationDomain), kCFPreferencesCurrentUser, kCFPreferencesAnyHost);
-       bool ocspRequired = (ocsp_val && CFEqual(ocsp_val, kSecRevocationRequireForAll));
-       bool crlRequired = (crl_val && CFEqual(crl_val, kSecRevocationRequireForAll));
-       if (!ocspRequired && ocsp_val && CFEqual(ocsp_val, kSecRevocationRequireIfPresent))
-               ocspRequired = (statusCode != CSSMERR_APPLETP_OCSP_UNAVAILABLE);
-       if (!crlRequired && crl_val && CFEqual(crl_val, kSecRevocationRequireIfPresent))
-               crlRequired = (statusCode != CSSMERR_APPLETP_CRL_NOT_FOUND);
-       if (ocsp_val)
-               CFRelease(ocsp_val);
-       if (crl_val)
-               CFRelease(crl_val);
-
-       if (isOCSPStatusCode(statusCode))
-               return (ocspRequired) ? false : true;
-       if (isCRLStatusCode(statusCode))
-               return (crlRequired) ? false : true;
-
-       return false;
-}
-
 // returns a CFArrayRef of allowed root certificates for the provided leaf certificate
 // if it passes initial EV evaluation criteria and should be subject to OCSP revocation
 // checking; otherwise, NULL is returned. (Caller must release the result if not NULL.)
 // returns a CFArrayRef of allowed root certificates for the provided leaf certificate
 // if it passes initial EV evaluation criteria and should be subject to OCSP revocation
 // checking; otherwise, NULL is returned. (Caller must release the result if not NULL.)
mirror of Security