]> git.saurik.com Git - apple/security.git/blobdiff - OSX/libsecurity_keychain/lib/SecTrust.cpp
projects / apple / security.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Security-58286.260.20.tar.gz
[apple/security.git] / OSX / libsecurity_keychain / lib / SecTrust.cpp
diff --git a/OSX/libsecurity_keychain/lib/SecTrust.cpp b/OSX/libsecurity_keychain/lib/SecTrust.cpp
index 502d187fa2b663205e4afa87d77ce4b6c0625900..f9fa38f659153cb6b0aa4866d632d745142a1dcb 100644 (file)
--- a/OSX/libsecurity_keychain/lib/SecTrust.cpp
+++ b/OSX/libsecurity_keychain/lib/SecTrust.cpp
@@ -21,6 +21,9 @@
  * @APPLE_LICENSE_HEADER_END@
  */
 
+#include <libDER/oids.h>
+#include <Security/oidscert.h>
+
 #include "SecTrust.h"
 #include "SecTrustPriv.h"
 #include "Trust.h"
@@ -48,16 +51,6 @@ typedef struct SecTrustCheckExceptionContext {
        bool exceptionNotFound;
 } SecTrustCheckExceptionContext;
 
-// public trust result constants
-const CFStringRef kSecTrustEvaluationDate           = CFSTR("TrustEvaluationDate");
-const CFStringRef kSecTrustExtendedValidation       = CFSTR("TrustExtendedValidation");
-const CFStringRef kSecTrustOrganizationName         = CFSTR("Organization");
-const CFStringRef kSecTrustResultValue              = CFSTR("TrustResultValue");
-const CFStringRef kSecTrustRevocationChecked        = CFSTR("TrustRevocationChecked");
-const CFStringRef kSecTrustRevocationReason         = CFSTR("TrustRevocationReason");
-const CFStringRef kSecTrustRevocationValidUntilDate = CFSTR("TrustExpirationDate");
-const CFStringRef kSecTrustResultDetails            = CFSTR("TrustResultDetails");
-
 //
 // Sec* API bridge functions
 //
@@ -189,8 +182,6 @@ static uint8_t convertCssmResultToPriority(CSSM_RETURN resultCode) {
     }
 }
 
-#include <libDER/oidsPriv.h>
-#include <Security/oidscert.h>
 static bool isSoftwareUpdateDevelopment(SecTrustRef trust) {
     bool isPolicy = false, isEKU = false;
     CFArrayRef policies = NULL;
@@ -349,9 +340,9 @@ OSStatus SecTrustCopyAnchorCertificates(CFArrayRef *anchorCertificates)
     /* Go through outArray and do a SecTrustEvaluate */
     CFIndex i;
     SecPolicyRef policy = SecPolicyCreateBasicX509();
+    SecTrustRef trust = NULL;
     CFMutableArrayRef trustedCertArray = CFArrayCreateMutable(NULL, 0, &kCFTypeArrayCallBacks);
     for (i = 0; i < count ; i++) {
-        SecTrustRef trust;
         SecTrustResultType result;
         SecCertificateRef certificate = (SecCertificateRef) CFArrayGetValueAtIndex(outArray, i);
         status = SecTrustCreateWithCertificates(certificate, policy, &trust);
@@ -367,6 +358,7 @@ OSStatus SecTrustCopyAnchorCertificates(CFArrayRef *anchorCertificates)
         if (result != kSecTrustResultFatalTrustFailure) {
             CFArrayAppendValue(trustedCertArray, certificate);
         }
+        CFReleaseNull(trust);
     }
     if (CFArrayGetCount(trustedCertArray) == 0) {
        status = errSecNoTrustSettings;
@@ -377,6 +369,7 @@ OSStatus SecTrustCopyAnchorCertificates(CFArrayRef *anchorCertificates)
 out:
        CFReleaseSafe(outArray);
     CFReleaseSafe(policy);
+    CFReleaseSafe(trust);
     return status;
        END_SECAPI
 }
@@ -387,7 +380,10 @@ SecKeyRef SecTrustCopyPublicKey(SecTrustRef trust)
 {
        SecKeyRef pubKey = NULL;
        SecCertificateRef certificate = SecTrustGetCertificateAtIndex(trust, 0);
+#pragma clang diagnostic push
+#pragma clang diagnostic ignored "-Wdeprecated-declarations"
        (void) SecCertificateCopyPublicKey(certificate, &pubKey);
+#pragma clang diagnostic pop
        return pubKey;
 }
 
mirror of Security