Policies

Overview

For a certificate that is deemed intact and valid (because the chain of signatures is unbroken back to a trusted root certificate), you evaluate it against a set of rules known as a trust policy. The policy indicates how particular fields or extensions of a certificate affect whether it should be trusted for a particular use. For example, the policy may state that a certificate must not be expired or must be marked as valid for encryption, code signing, or some other specific purpose.

Usually you use a standard, predefined policy, such as the basic X509 policy or the SSL policy. You can also create custom policies with the certificate, key, and trust services API.

Topics

Standard Policies

• SecPolicyCreateBasicX509()
• SecPolicyCreateSSL(_:_:)
• SecPolicyCreateRevocation(_:)
• Revocation Policy Constants
• SecPolicy
• SecPolicyGetTypeID()

Advanced Policy Management

• SecPolicyCreateWithProperties(_:_:)
• SecPolicyCopyProperties(_:)
• Security Policy Keys
• Standard Policies for Specific Certificate Types

Legacy Symbols

• SecPolicySearch