how to get the specific error from the result of sectrustevaluate()

Question

Level 1

0 points

how to get the specific error from the result of sectrustevaluate()

I am using SectrustEvaluate(trust,result) function to test the server certificate against the root ca installed in keychain.

Result of server certificate validation in case if comes as recoverable faliure how may i know what was the reason which causing it to recoverable failure.

I want to throw the specific error to UI to know why server certificate evaluation failed.

No API's available in ios , Some API's are there available in MAC.

Please Advise.

.

iPad, iOS 6.1.5

Posted on Jan 29, 2014 10:04 AM

Reply

Answer 1

Best reply

msuper69

Level 6

8,689 points

Jan 29, 2014 10:07 AM in response to Candy12345

What result code is returned?

Reply

Answer 2

Candy12345 Author

Level 1

0 points

Jan 29, 2014 10:24 AM in response to msuper69

result type is kSecTrustResultRecoverableTrustFailure. How may i know the secific error from this result type so that i could throw the specific error to UI.

Reply

Answer 3

Llessur999

Level 4

1,214 points

Jan 29, 2014 8:50 PM in response to Candy12345

If you are on iOS I think you are out of luck. See red text under kSecTrustResultRecoverableTrustFailure.

https://developer.apple.com/library/ios/documentation/Security/Reference/certifk eytrustservices/Reference/reference.html#//apple_ref/c/func/SecTrustEvaluate

The way you handle this depends on the OS.

In iOS, you should typically refuse the certificate. However, if you are performing signature validation and you know when the message was originally received, you should check again using that date to see if the message was valid when you originally received it.

In OS X, you can call the

SecTrustGetTrustResult

function to get more information about the results of the trust evaluation, or the

SecTrustGetCssmResult

function to get information about the evaluation in a form that can be passed to CSSM functions.

Reply