I'm writing an update to Security framework crate that is a bindings to Security.framework.
I added some functionalities as SecCertificateAddToKeychain without any problem but with SecTrustSettingsSetTrustSettings the result is always
-2070 errSecInternalComponent .
use crate::base::SecCertificateRef;
use core_foundation_sys::array::CFArrayRef;
use core_foundation_sys::base::CFTypeRef;
use core_foundation_sys::base::OSStatus;
pub type SecTrustSettingsDomain = u32;
pub const kSecTrustSettingsDomainUser: SecTrustSettingsDomain = 0;
pub const kSecTrustSettingsDomainAdmin: SecTrustSettingsDomain = 1;
pub const kSecTrustSettingsDomainSystem: SecTrustSettingsDomain = 2;
pub type SecTrustSettingsResult = u32;
pub const kSecTrustSettingsResultInvalid: SecTrustSettingsResult = 0;
pub const kSecTrustSettingsResultTrustRoot: SecTrustSettingsResult = 1;
pub const kSecTrustSettingsResultTrustAsRoot: SecTrustSettingsResult = 2;
pub const kSecTrustSettingsResultDeny: SecTrustSettingsResult = 3;
pub const kSecTrustSettingsResultUnspecified: SecTrustSettingsResult = 4;
extern "C" {
pub fn SecTrustSettingsCopyCertificates(
domain: SecTrustSettingsDomain,
certsOut: *mut CFArrayRef,
) -> OSStatus;
pub fn SecTrustSettingsCopyTrustSettings(
certificateRef: SecCertificateRef,
domain: SecTrustSettingsDomain,
trustSettings: *mut CFArrayRef,
) -> OSStatus;
pub fn SecTrustSettingsSetTrustSettings(
certificateRef: SecCertificateRef,
domain: SecTrustSettingsDomain,
trustSettingsDictOrArray: CFTypeRef,
) -> OSStatus;
}
And this is the way I call the function:
pub fn set_trust_settings(cert: &SecCertificate) -> Result<()>{
let domain = kSecTrustSettingsDomainAdmin;
let trust_settings: CFTypeRef = ptr::null_mut();
cvt(unsafe {
SecTrustSettingsSetTrustSettings(
cert.as_CFTypeRef() as *mut _,
domain,
trust_settings,
)
})
}
Notes
sudo security add-trusted-certs [..]works without any problem
