X-Git-Url: https://git.saurik.com/apple/security.git/blobdiff_plain/866f8763175ff60e4fa455b92b5eb660a12fe6c7..07691282a056c4efea71e1e505527601e8cc166b:/OSX/libsecurity_keychain/lib/SecTrustSettings.cpp diff --git a/OSX/libsecurity_keychain/lib/SecTrustSettings.cpp b/OSX/libsecurity_keychain/lib/SecTrustSettings.cpp index 8b25b2de..a198ba56 100644 --- a/OSX/libsecurity_keychain/lib/SecTrustSettings.cpp +++ b/OSX/libsecurity_keychain/lib/SecTrustSettings.cpp @@ -433,7 +433,7 @@ static OSStatus tsCopyCertsCommon( static void tsAddConditionalCerts(CFMutableArrayRef certArray) { -#if TARGET_OS_MAC && !TARGET_IPHONE_SIMULATOR && !TARGET_OS_IPHONE && !TARGET_OS_NANO +#if TARGET_OS_OSX struct certmap_entry_s { CFStringRef bundleId; const UInt8* data; @@ -846,6 +846,7 @@ OSStatus SecTrustSettingsCopyCertificates( OSStatus status; TrustSettings* ts; CFMutableArrayRef trustedCertArray = NULL; + SecTrustRef trust = NULL; status = TrustSettings::CreateTrustSettings(domain, CREATE_NO, TRIM_NO, ts); if (status != errSecSuccess) { @@ -892,7 +893,6 @@ OSStatus SecTrustSettingsCopyCertificates( SecPolicyRef policy = SecPolicyCreateBasicX509(); trustedCertArray = CFArrayCreateMutable(NULL, 0, &kCFTypeArrayCallBacks); for (i = 0; i < count ; i++) { - SecTrustRef trust; SecTrustResultType result; SecCertificateRef certificate = (SecCertificateRef) CFArrayGetValueAtIndex(outArray, i); status = SecTrustCreateWithCertificates(certificate, policy, &trust); @@ -908,6 +908,7 @@ OSStatus SecTrustSettingsCopyCertificates( if (result != kSecTrustResultFatalTrustFailure) { CFArrayAppendValue(trustedCertArray, certificate); } + CFReleaseNull(trust); } tsAddConditionalCerts(trustedCertArray); if (CFArrayGetCount(trustedCertArray) == 0) { @@ -925,16 +926,17 @@ out: CFReleaseSafe(outArray); CFReleaseSafe(trustedCertArray); } + CFReleaseNull(trust); return status; END_RCSAPI } static CFArrayRef gUserAdminCerts = NULL; static bool gUserAdminCertsCacheBuilt = false; -static ReadWriteLock gUserAdminCertsLock; +static ModuleNexus gUserAdminCertsLock; void SecTrustSettingsPurgeUserAdminCertsCache(void) { - StReadWriteLock _(gUserAdminCertsLock, StReadWriteLock::Write); + StReadWriteLock _(gUserAdminCertsLock(), StReadWriteLock::Write); CFReleaseNull(gUserAdminCerts); gUserAdminCertsCacheBuilt = false; } @@ -946,7 +948,7 @@ OSStatus SecTrustSettingsCopyCertificatesForUserAdminDomains( OSStatus result = errSecSuccess; { /* Hold the read lock for the check */ - StReadWriteLock _(gUserAdminCertsLock, StReadWriteLock::Read); + StReadWriteLock _(gUserAdminCertsLock(), StReadWriteLock::Read); if (gUserAdminCertsCacheBuilt) { if (gUserAdminCerts) { *certArray = (CFArrayRef)CFRetain(gUserAdminCerts); @@ -991,7 +993,7 @@ OSStatus SecTrustSettingsCopyCertificatesForUserAdminDomains( /* For valid results, update the global cache */ if (result == errSecSuccess || result == errSecNoTrustSettings) { - StReadWriteLock _(gUserAdminCertsLock, StReadWriteLock::Write); + StReadWriteLock _(gUserAdminCertsLock(), StReadWriteLock::Write); CFReleaseNull(gUserAdminCerts); gUserAdminCerts = (CFArrayRef)CFRetainSafe(outArray); gUserAdminCertsCacheBuilt = true; @@ -1079,10 +1081,8 @@ void SecTrustSettingsSetTrustedCertificateForSSLHost( Boolean hasPolicyConstraint = false; Boolean hasPolicyValue = false; Boolean policyConstraintChanged = false; - Boolean changed = false; CFIndex indexOfEntryWithAllowedErrorForExpiredCert = kCFNotFound; CFIndex indexOfEntryWithAllowedErrorForHostnameMismatch = kCFNotFound; - CFIndex indexOfEntryWithAllowedErrorNotSet = kCFNotFound; CFIndex i, count; int32_t trustSettingsResultCode = kSecTrustSettingsResultTrustAsRoot; OSStatus status = errSecSuccess; @@ -1166,11 +1166,9 @@ void SecTrustSettingsSetTrustedCertificateForSSLHost( indexOfEntryWithAllowedErrorForExpiredCert = i; } else if (eOld == CSSMERR_APPLETP_HOSTNAME_MISMATCH) { indexOfEntryWithAllowedErrorForHostnameMismatch = i; - } else if (eOld == CSSM_OK) { - indexOfEntryWithAllowedErrorNotSet = i; } if (trustSettingsResultCode != rOld) { - changed = policyConstraintChanged = true; // we are changing existing policy constraint's result + policyConstraintChanged = true; // we are changing existing policy constraint's result } } }