Skip to content

Commit

Permalink
Replace deprecated SecTrustEvaluate and SecTrustGetCertificateAtIndex…
Browse files Browse the repository at this point in the history 
… usages
  • Loading branch information
@tcooper-uk @vcsjones
tcooper-uk authored and vcsjones committed Sep 16, 2024
1 parent 1010540 commit c7b8a4b
Showing 1 changed file with 12 additions and 7 deletions.
19 changes: 12 additions & 7 deletions certstore/certstore_darwin.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -160,8 +160,9 @@ func (i *macIdentity) CertificateChain() ([]*x509.Certificate, error) {
}
defer C.CFRelease(C.CFTypeRef(trustRef))

var status C.SecTrustResultType
if err := osStatusError(C.SecTrustEvaluate(trustRef, &status)); err != nil {
var cfError C.CFErrorRef
if C.SecTrustEvaluateWithError(trustRef, &cfError) {
err := cfErrorError(cfError)
return nil, err
}

Expand All @@ -171,18 +172,22 @@ func (i *macIdentity) CertificateChain() ([]*x509.Certificate, error) {
)

for i := C.CFIndex(0); i < nchain; i++ {
// TODO: do we need to release these?
chainCertref := C.SecTrustGetCertificateAtIndex(trustRef, i)
if chainCertref == nilSecCertificateRef {
return nil, errors.New("nil certificate in chain")
chainCertCpy := C.SecTrustCopyCertificateChain(trustRef)

if C.CFArrayRef(chainCertCpy) == nilCFArrayRef {
return nil, errors.New("nil certificate in the chain")
}

chainCert, err := exportCertRef(chainCertref)
chainCertRef := C.SecCertificateRef(C.CFArrayGetValueAtIndex(chainCertCpy, i))

chainCert, err := exportCertRef(chainCertRef)
if err != nil {
return nil, err
}

chain = append(chain, chainCert)

C.CFRelease(C.CFTypeRef(chainCertCpy))
}

i.chain = chain
Expand Down

0 comments on commit c7b8a4b

Please sign in to comment.