Reputation: 982
Programmatically read root CA certificates in iOS
The following code reads out the root certificates in macOS.
I just wonder what are the equivalent code in iOS?
https://github.com/HaxeFoundation/hxcpp/blob/7bd5ff3/src/hx/libs/ssl/SSL.cpp#L455-L491
CFMutableDictionaryRef search;
CFArrayRef result;
SecKeychainRef keychain;
SecCertificateRef item;
CFDataRef dat;
sslcert *chain = NULL;
// Load keychain
if( SecKeychainOpen("/System/Library/Keychains/SystemRootCertificates.keychain",&keychain) != errSecSuccess )
return null();
// Search for certificates
search = CFDictionaryCreateMutable( NULL, 0, NULL, NULL );
CFDictionarySetValue( search, kSecClass, kSecClassCertificate );
CFDictionarySetValue( search, kSecMatchLimit, kSecMatchLimitAll );
CFDictionarySetValue( search, kSecReturnRef, kCFBooleanTrue );
CFDictionarySetValue( search, kSecMatchSearchList, CFArrayCreate(NULL, (const void **)&keychain, 1, NULL) );
if( SecItemCopyMatching( search, (CFTypeRef *)&result ) == errSecSuccess ){
CFIndex n = CFArrayGetCount( result );
for( CFIndex i = 0; i < n; i++ ){
item = (SecCertificateRef)CFArrayGetValueAtIndex( result, i );
// Get certificate in DER format
dat = SecCertificateCopyData( item );
if( dat ){
if( chain == NULL ){
chain = new sslcert();
chain->create( NULL );
}
mbedtls_x509_crt_parse_der( chain->c, (unsigned char *)CFDataGetBytePtr(dat), CFDataGetLength(dat) );
CFRelease( dat );
}
}
}
CFRelease(keychain);
if( chain != NULL )
return chain;
Upvotes: 12
Views: 4074
Answers (2)
Reputation: 3131
The function SecTrustCopyAnchorCertificates from Security.framework that lets you retrieve root certificates stored in the system is only available on macOS. Curiously, it is one of the few functions (from set of related functions) that is not available on iOS. Deliberate, who knows?
Upvotes: 4
Reputation: 707
I'm afraid it won't be possible to do an equivalent in iOS given the app ecosystem is sandboxed.
Without knowing your purposes, the usual approach for tackling this is downloading the apple root certificate from apple.com/certificateauthority and then storing it in your app for reading it.
Take a look this article for inspiring you as well.
PS: It might be possible to do this in an iOS device if it's jailbroken.
Upvotes: 5
Related Questions
- How to programmatically access the iPhone trusted certificate store?
- iOS checking if root certificate is installed *and* trusted
- How to programmatically display a SSL certificate's trust in iOS
- How to install root CA certificate from app on iOS and prompt user to trust?
- how to read application's certificate information in IOS
- Install root CA certificate programatically on iOS
- Accessing Apple's root certificate on iOS
- iOS - programmatically trusting CA (certificate authority)
- How can I get the list of iOS root certificates in human readable form
- Reading Certificates on iOS Problem