Menu
The following code reads out the root certificates in macOS.
I just wonder what are the equivalent code in iOS?
https://github.com/HaxeFoundation/hxcpp/blob/7bd5ff3/src/hx/libs/ssl/SSL.cpp#L455-L491
CFMutableDictionaryRef search;
CFArrayRef result;
SecKeychainRef keychain;
SecCertificateRef item;
CFDataRef dat;
sslcert *chain = NULL;
// Load keychain
if( SecKeychainOpen("/System/Library/Keychains/SystemRootCertificates.keychain",&keychain) != errSecSuccess )
return null();
// Search for certificates
search = CFDictionaryCreateMutable( NULL, 0, NULL, NULL );
CFDictionarySetValue( search, kSecClass, kSecClassCertificate );
CFDictionarySetValue( search, kSecMatchLimit, kSecMatchLimitAll );
CFDictionarySetValue( search, kSecReturnRef, kCFBooleanTrue );
CFDictionarySetValue( search, kSecMatchSearchList, CFArrayCreate(NULL, (const void **)&keychain, 1, NULL) );
if( SecItemCopyMatching( search, (CFTypeRef *)&result ) == errSecSuccess ){
CFIndex n = CFArrayGetCount( result );
for( CFIndex i = 0; i < n; i++ ){
item = (SecCertificateRef)CFArrayGetValueAtIndex( result, i );
// Get certificate in DER format
dat = SecCertificateCopyData( item );
if( dat ){
if( chain == NULL ){
chain = new sslcert();
chain->create( NULL );
}
mbedtls_x509_crt_parse_der( chain->c, (unsigned char *)CFDataGetBytePtr(dat), CFDataGetLength(dat) );
CFRelease( dat );
}
}
}
CFRelease(keychain);
if( chain != NULL )
return chain;
361
If you want to turn on SSL/TLS trust for that certificate, go to Settings > General > About > Certificate Trust Settings. Under "Enable full trust for root certificates," turn on trust for the certificate. Apple recommends deploying certificates via Apple Configurator or Mobile Device Management (MDM).
Go to Start -> Run -> Write adsiedit. msc and press on Enter button. Under Certification Authorities, you'll find your Enterprise Root Certificate Authority server.
How to Check Your iPhone Profiles & Other Certificates. To view any existing profiles and/or certificates on your device, go to the Settings application, tap on "General," and scroll down to "Profile/s." If there is not "Profile/s" section, you have none installed. If you do see it, tap on it to view them.
In the Finder, choose Go > Go to Folder. Type or paste /System/Library/Security/Certificates. bundle/Contents/Resources/TrustStore. html and press Go.
I'm afraid it won't be possible to do an equivalent in iOS given the app ecosystem is sandboxed.
Without knowing your purposes, the usual approach for tackling this is downloading the apple root certificate from apple.com/certificateauthority and then storing it in your app for reading it.
Take a look this article for inspiring you as well.
PS: It might be possible to do this in an iOS device if it's jailbroken.
166
The function SecTrustCopyAnchorCertificates from Security.framework that lets you retrieve root certificates stored in the system is only available on macOS. Curiously, it is one of the few functions (from set of related functions) that is not available on iOS. Deliberate, who knows?
4
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
