Macos SecTrustEvaluate（）在mac 10.10中返回ksectrustResultCatalTrustFailure，而以前的版本返回kSecTrustResultRecoverableTrustFailure为什么？_Macos_Ssl Certificate_Keychain_Truststore_Osx Server

Macos SecTrustEvaluate（）在mac 10.10中返回ksectrustResultCatalTrustFailure，而以前的版本返回kSecTrustResultRecoverableTrustFailure为什么？

macos

Macos SecTrustEvaluate（）在mac 10.10中返回ksectrustResultCatalTrustFailure，而以前的版本返回kSecTrustResultRecoverableTrustFailure为什么？,macos,ssl-certificate,keychain,truststore,osx-server,Macos,Ssl Certificate,Keychain,Truststore,Osx Server,直到MAC 10.9我们调用下面的函数 OSStatus SecTrustEvaluate(SecTrustRef trust, SecTrustResultType *result); 我们使用kSecTrustResultRecoverableTrustFailure获取返回值，其中从MAC 10.10中，我得到的响应是ksectrustResultCatalTrustFailure 为什么会这样 ==============================================

直到MAC 10.9我们调用下面的函数

OSStatus SecTrustEvaluate(SecTrustRef trust, SecTrustResultType *result);

我们使用kSecTrustResultRecoverableTrustFailure获取返回值，其中从MAC 10.10中，我得到的响应是ksectrustResultCatalTrustFailure

为什么会这样

==================================================================================

下面是评估SSL证书的代码

    //=====================================================================================================================
//     EvaluateSSLCert
//          For a given readstream, evaluates the server ssl certificate
//          returns YES - certificate valid
//          NO - invalid certificate
//=====================================================================================================================
-(BOOL)EvaluateSSLCert
{
     BOOL bValidCert = YES;
     SecTrustRef trust = NULL;
     SecPolicyRef policy = NULL;
     OSStatus retStat;
     CFArrayRef certArray = NULL;
     SecTrustResultType result;
     SecPolicySearchRef search;


          certArray = (CFArrayRef)CFReadStreamCopyProperty(m_StreamRead, kCFStreamPropertySSLPeerCertificates);
          retStat = SecPolicySearchCreate(CSSM_CERT_X_509v3, &CSSMOID_APPLE_TP_SSL, NULL, &search);
          retStat = SecPolicySearchCopyNext(search, &policy);
          CFRelease(search);
          retStat = SecTrustCreateWithCertificates(certArray, policy, &trust); 
          if(retStat == 0)
          {
               retStat = SecTrustSetAnchorCertificates(trust, NULL); //set to default settings
               retStat = SecTrustEvaluate(trust, &result);
               if(retStat == 0)
               {
                    NSLogSecuredString(LOG_LEVEL_DEBUG,"<EvaluateSSLCert> SecTrustEvaluate succeeded");
                    if(result == kSecTrustResultDeny || result == kSecTrustResultFatalTrustFailure)
                    {
                         NSLogSecuredString(LOG_LEVEL_DEBUG,"<EvaluateSSLCert> Invalid Cert. SecTrustEvaluate result = %d", result);
                         bValidCert = NO;
                    }
                    else
                    {
                         //valid cert
                         NSLogSecuredString(LOG_LEVEL_DEBUG,"<EvaluateSSLCert> SecTrustEvaluate result = %d", result);
                    }
               }
               else
                    NSLogSecuredString(LOG_LEVEL_DEBUG,"<EvaluateSSLCert> SecTrustEvaluate failed");
          }
          CFRelease(policy);
          CFRelease(trust);

     return bValidCert;
}

KCFStreamPropertySLpeerCertificates不再适用于10.10。您可以尝试使用kCFStreamPropertySSLPeerTrust检索信任对象和证书对象

SecTrustRef trust=SecTrustRef CFReadStreamCopyProperty m_StreamRead，kCFStreamPropertySSLPeerTrust

有人知道吗？请分享详细信息…SecTrustSetAnchorCertificatestrust，NULL；//此行指的是设置默认锚证书。我们在KeyChain应用程序中保存了一个证书。此函数是否通过上述函数调用获取这些详细信息？是的，我进行了此更改，现在，SecTrustEvaluate函数本身失败，它没有返回0：