X-Git-Url: https://git.saurik.com/apple/security.git/blobdiff_plain/5c19dc3ae3bd8e40a9c028b0deddd50ff337692c..07691282a056c4efea71e1e505527601e8cc166b:/OSX/libsecurity_apple_x509_tp/lib/tpCertGroup.cpp?ds=sidebyside

diff --git a/OSX/libsecurity_apple_x509_tp/lib/tpCertGroup.cpp b/OSX/libsecurity_apple_x509_tp/lib/tpCertGroup.cpp
index 67f9a47d..0ad65a53 100644
--- a/OSX/libsecurity_apple_x509_tp/lib/tpCertGroup.cpp
+++ b/OSX/libsecurity_apple_x509_tp/lib/tpCertGroup.cpp
@@ -24,7 +24,6 @@
 #include "certGroupUtils.h"
 #include "TPCertInfo.h"
 #include "TPCrlInfo.h"
-#include "tpCertAllowList.h"
 #include "tpPolicies.h"
 #include "tpdebugging.h"
 #include "tpCrlVerify.h"
@@ -473,6 +472,10 @@ static bool checkPolicyOid(
 		tpPolicy = kTP_PCSEscrowService;
 		return true;
 	}
+	else if(tpCompareOids(&oid, &CSSMOID_APPLE_TP_PROVISIONING_PROFILE_SIGNING)) {
+		tpPolicy = kTP_ProvisioningProfileSigning;
+		return true;
+	}
 	return false;
 }
 
@@ -732,13 +735,7 @@ void AppleTPSession::CertGroupVerify(CSSM_CL_HANDLE clHand,
 			    outCertGroup.isAllowedError(constructReturn)) {
 				constructReturn = CSSM_OK;
 			}
-            
-			/*
-			 * Allow non-trusted root if whitelist check permits
-			 */
-			if (constructReturn == CSSMERR_TP_NOT_TRUSTED) {
-				constructReturn = tpCheckCertificateAllowList(outCertGroup);
-			}
+
 			break;
 	}