我想在运行时将OSX / iOS证书导入OpenSSL上下文。为此,我使用SecItemCopyMatching和以下代码从OS钥匙串中检索证书:
CFMutableDictionaryRef attrDict = CFDictionaryCreateMutable(NULL, 4, NULL, NULL);
CFDictionaryAddValue(attrDict, kSecClass, kSecClassCertificate);
CFDictionaryAddValue(attrDict, kSecReturnRef, kCFBooleanTrue);
CFDictionaryAddValue(attrDict, kSecMatchLimit, kSecMatchLimitAll);
CFDictionaryAddValue(attrDict, kSecMatchTrustedOnly, kCFBooleanTrue );
res = SecItemCopyMatching(attrDict, (CFTypeRef*)&certlist);
这似乎返回用户和系统证书,但它不会返回钥匙串中“System Roots”的内容。我怎样才能找回这些井?
答案 0 :(得分:1)
我遇到了同样的问题,这是我找到的解决方案:手动打开System Roots钥匙串并将其添加到查询的搜索列表中,如下所示:
SecKeychainRef systemRoots = NULL;
OSStatus kcStatus = SecKeychainOpen("/System/Library/Keychains/SystemRootCertificates.keychain", &systemRoots);
CFArrayRef currentSearchList;
SecKeychainCopySearchList(¤tSearchList);
CFMutableArrayRef newSearchList = CFArrayCreateMutableCopy(NULL, 5, currentSearchList);
CFRelease(currentSearchList);
if (!kcStatus) {
CFArrayAppendValue(newSearchList, systemRoots);
}
CFMutableDictionaryRef attrDict = CFDictionaryCreateMutable(NULL, 5, &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks);
CFDictionaryAddValue(attrDict, kSecMatchSearchList, newSearchList); // this is the important part
答案 1 :(得分:0)
另请注意,系统根目录下的证书通常不会标记为受信任。它们被隐含地“信任”,因为该钥匙串是只读的。所以我建议你使用:
CFDictionaryAddValue(attrDict, kSecMatchTrustedOnly, kCFBooleanFalse );