]> git.saurik.com Git - apple/security.git/blobdiff - OSX/libsecurity_cms/lib/CMSDecoder.cpp
projects / apple / security.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Security-58286.31.2.tar.gz
[apple/security.git] / OSX / libsecurity_cms / lib / CMSDecoder.cpp
diff --git a/OSX/libsecurity_cms/lib/CMSDecoder.cpp b/OSX/libsecurity_cms/lib/CMSDecoder.cpp
index dcb79035d9ea57aaa32b67ab183117b12dd6648e..83775b23cfa2e03c7572006aa03baaa0925adf7c 100644 (file)
--- a/OSX/libsecurity_cms/lib/CMSDecoder.cpp
+++ b/OSX/libsecurity_cms/lib/CMSDecoder.cpp
@@ -66,7 +66,7 @@ struct _CMSDecoder {
        SecArenaPoolRef         arena;                          /* the decoder's arena */
        SecCmsDecoderRef        decoder;
        CFDataRef                       detachedContent;
        SecArenaPoolRef         arena;                          /* the decoder's arena */
        SecCmsDecoderRef        decoder;
        CFDataRef                       detachedContent;
-       CFTypeRef                       keychainOrArray;        /* from CMSDecoderSetSearchKeychain() */
+       CFTypeRef                       keychainOrArray;        /* unused */
        
        /*
         * The following are valid (and quiescent) after CMSDecoderFinalizeMessage().
        
        /*
         * The following are valid (and quiescent) after CMSDecoderFinalizeMessage().
@@ -383,24 +383,14 @@ OSStatus CMSDecoderCopyDetachedContent(
 }
 
 /*
 }
 
 /*
- * Optionally specify a SecKeychainRef, or an array of them, containing
- * intermediate certs to be used in verifying a signed message's signer
- * certs. By default, the default keychain search list is used for this.
- * Specify an empty CFArrayRef to search *no* keychains for intermediate
- * certs.
- * IF this is called, it must be called before CMSDecoderCopySignerStatus().
+ * Beginning in 10.12, this function stopped affecting the behavior of the
+ * CMS Decoder. Its only use was in SecTrustSetKeychains which is a no-op.
+ * Please discontinue use.
  */
 OSStatus CMSDecoderSetSearchKeychain(
                                      CMSDecoderRef             cmsDecoder,
                                      CFTypeRef                 keychainOrArray)
 {
  */
 OSStatus CMSDecoderSetSearchKeychain(
                                      CMSDecoderRef             cmsDecoder,
                                      CFTypeRef                 keychainOrArray)
 {
-       if(cmsDecoder == NULL) {
-               return errSecParam;
-       }
-       cmsDecoder->keychainOrArray = keychainOrArray;
-       if(keychainOrArray) {
-               CFRetain(keychainOrArray);
-       }
        return errSecSuccess;
 }
 
        return errSecSuccess;
 }
 
@@ -474,11 +464,7 @@ OSStatus CMSDecoderCopySignerStatus(
        SecTrustRef theTrust = NULL;
        OSStatus vfyRtn = SecCmsSignedDataVerifySignerInfo(cmsDecoder->signedData,
                                                        (int)signerIndex,
        SecTrustRef theTrust = NULL;
        OSStatus vfyRtn = SecCmsSignedDataVerifySignerInfo(cmsDecoder->signedData,
                                                        (int)signerIndex,
-                                                       /*
-                                                        * FIXME this cast should not be necessary, but libsecurity_smime
-                                                        * declares this argument as a SecKeychainRef
-                                                        */
-                                                       (SecKeychainRef)cmsDecoder->keychainOrArray,
+                                                       NULL,
                                                        policyOrArray,
                                                        &theTrust);
 
                                                        policyOrArray,
                                                        &theTrust);
 
@@ -538,10 +524,6 @@ OSStatus CMSDecoderCopySignerStatus(
                        case kSecTrustResultDeny:
                                tpVfyStatus = CSSMERR_APPLETP_TRUST_SETTING_DENY;
                                break;
                        case kSecTrustResultDeny:
                                tpVfyStatus = CSSMERR_APPLETP_TRUST_SETTING_DENY;
                                break;
-                       case kSecTrustResultConfirm:
-                               dprintf("SecTrustEvaluate reported confirm\n");
-                               tpVfyStatus = CSSMERR_TP_NOT_TRUSTED;
-                               break;
                        default:
                        {
                                /* get low-level TP error */
                        default:
                        {
                                /* get low-level TP error */
mirror of Security