<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[115009] trunk/dports/security/certsync</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="https://trac.macports.org/changeset/115009">115009</a></dd>
<dt>Author</dt> <dd>landonf@macports.org</dd>
<dt>Date</dt> <dd>2013-12-21 16:40:04 -0800 (Sat, 21 Dec 2013)</dd>
</dl>
<h3>Log Message</h3>
<pre>Add support for Mac OS X 10.4.</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#trunkdportssecuritycertsyncPortfile">trunk/dports/security/certsync/Portfile</a></li>
<li><a href="#trunkdportssecuritycertsyncfilescertsyncm">trunk/dports/security/certsync/files/certsync.m</a></li>
</ul>
<h3>Added Paths</h3>
<ul>
<li><a href="#trunkdportssecuritycertsyncfilescompath">trunk/dports/security/certsync/files/compat.h</a></li>
</ul>
<h3>Removed Paths</h3>
<ul>
<li><a href="#trunkdportssecuritycertsyncfilescertsynctigerm">trunk/dports/security/certsync/files/certsync-tiger.m</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="trunkdportssecuritycertsyncPortfile"></a>
<div class="modfile"><h4>Modified: trunk/dports/security/certsync/Portfile (115008 => 115009)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/dports/security/certsync/Portfile 2013-12-21 22:16:52 UTC (rev 115008)
+++ trunk/dports/security/certsync/Portfile 2013-12-22 00:40:04 UTC (rev 115009)
</span><span class="lines">@@ -4,7 +4,7 @@
</span><span class="cx">
</span><span class="cx"> name certsync
</span><span class="cx"> version 1.0.6
</span><del>-revision 1
</del><ins>+revision 2
</ins><span class="cx"> categories security
</span><span class="cx"> conflicts curl-ca-bundle
</span><span class="cx"> maintainers landonf openmaintainer
</span><span class="lines">@@ -21,7 +21,7 @@
</span><span class="cx">
</span><span class="cx"> extract.mkdir yes
</span><span class="cx"> post-extract {
</span><del>- xinstall -m 644 -W ${filespath} certsync.m certsync.plist update-ca-certificates ${worksrcpath}
</del><ins>+ xinstall -m 644 -W ${filespath} certsync.m compat.h certsync.plist update-ca-certificates ${worksrcpath}
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> post-patch {
</span><span class="lines">@@ -43,7 +43,7 @@
</span><span class="cx"> build {
</span><span class="cx"> system -W ${worksrcpath} "${configure.objc} \
</span><span class="cx"> ${configure.objcflags} \
</span><del>- -mmacosx-version-min=10.5 \
</del><ins>+ -mmacosx-version-min=10.4 \
</ins><span class="cx"> -Wall \
</span><span class="cx"> certsync.m -o certsync \
</span><span class="cx"> ${configure.ldflags} \
</span></span></pre></div>
<a id="trunkdportssecuritycertsyncfilescertsynctigerm"></a>
<div class="delfile"><h4>Deleted: trunk/dports/security/certsync/files/certsync-tiger.m (115008 => 115009)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/dports/security/certsync/files/certsync-tiger.m 2013-12-21 22:16:52 UTC (rev 115008)
+++ trunk/dports/security/certsync/files/certsync-tiger.m 2013-12-22 00:40:04 UTC (rev 115009)
</span><span class="lines">@@ -1,308 +0,0 @@
</span><del>-/*
- * Author: Landon Fuller <landonf@plausiblelabs.com>
- * Copyright (c) 2008-2013 Plausible Labs Cooperative, Inc.
- * All rights reserved.
- *
- * Permission is hereby granted, free of charge, to any person
- * obtaining a copy of this software and associated documentation
- * files (the "Software"), to deal in the Software without
- * restriction, including without limitation the rights to use,
- * copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the
- * Software is furnished to do so, subject to the following
- * conditions:
- *
- * The above copyright notice and this permission notice shall be
- * included in all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
- * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
- * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
- * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
- * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
- * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
- * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
- * OTHER DEALINGS IN THE SOFTWARE.
- */
-
-#import <Foundation/Foundation.h>
-#import <Security/Security.h>
-#import <AvailabilityMacros.h>
-
-#import <unistd.h>
-#import <stdio.h>
-
-/* A wrapper class that may be used to pass configuration through the
- * FSEvent callback API */
-@interface MPCertSyncConfig : NSObject {
-@public
- BOOL userAnchors;
- NSString *outputFile;
-}
-@end
-
-@implementation MPCertSyncConfig
-- (void) dealloc {
- [outputFile release];
- [super dealloc];
-}
-@end
-
-/**
- * Add CoreFoundation object to the current autorelease pool.
- *
- * @param cfObj Object to add to the current autorelease pool.
- */
-CFTypeRef PLCFAutorelease (CFTypeRef cfObj) {
- return [(id)cfObj autorelease];
-}
-
-int nsvfprintf (FILE *stream, NSString *format, va_list args) {
- int retval;
-
- NSString *str;
- str = (NSString *) CFStringCreateWithFormatAndArguments(NULL, NULL, (CFStringRef) format, args);
- retval = fprintf(stream, "%s", [str UTF8String]);
- [str release];
-
- return retval;
-}
-
-int nsfprintf (FILE *stream, NSString *format, ...) {
- va_list ap;
- int retval;
-
- va_start(ap, format);
- {
- retval = nsvfprintf(stream, format, ap);
- }
- va_end(ap);
-
- return retval;
-}
-
-int nsprintf (NSString *format, ...) {
- va_list ap;
- int retval;
-
- va_start(ap, format);
- {
- retval = nsvfprintf(stderr, format, ap);
- }
- va_end(ap);
-
- return retval;
-}
-
-/**
- * Fetch all trusted roots.
- *
- * @param outError On error, will contain an NSError instance describing the failure.
- *
- * @return Returns a (possibly empty) array of certificates on success, nil on failure.
- */
-static NSArray *certificatesForTrustDomain (NSError **outError) {
- NSAutoreleasePool *pool = [[NSAutoreleasePool alloc] init];
- CFArrayRef certs = nil;
- OSStatus err;
-
- /* Fetch all certificates in the given domain */
- err = SecTrustCopyAnchorCertificates(&certs);
- if (err == noErr) {
- PLCFAutorelease(certs);
- } else if (err == errSecTrustNotAvailable) {
- /* No data */
- [pool release];
- return [NSArray array];
- } else if (err != noErr) {
- /* Lookup failed */
- if (outError != NULL)
- *outError = [[NSError errorWithDomain: NSOSStatusErrorDomain code: err userInfo:nil] retain];
-
- [pool release];
- [*outError autorelease];
- return nil;
- }
-
- /* Extract trusted roots */
- NSMutableArray *results = [NSMutableArray arrayWithCapacity: CFArrayGetCount(certs)];
- NSEnumerator *resultEnumerator = [(NSArray *)certs objectEnumerator];
- id certObj;
- while ((certObj = [resultEnumerator nextObject]) != nil) {
- [results addObject: certObj];
- }
-
- [results retain];
- [pool release];
- return [results autorelease];
-}
-
-BOOL compare_oids (const CSSM_OID *oid1, const CSSM_OID *oid2) {
- if (oid1 == NULL || oid2 == NULL)
- return NO;
-
- if (oid1->Length != oid2->Length)
- return NO;
-
- if (memcmp(oid1->Data, oid2->Data, oid1->Length) == 0)
- return YES;
-
- return NO;
-}
-
-static int exportCertificates (NSString *outputFile) {
- NSAutoreleasePool *pool = [[NSAutoreleasePool alloc] init];
-
- /* Fetch all certificates */
- NSArray *anchors;
- NSError *error;
- OSStatus err;
-
- anchors = certificatesForTrustDomain(&error);
- if (anchors == nil) {
- nsfprintf(stderr, @"Failed to fetch system anchors: %@\n", error);
- [pool release];
- return EXIT_FAILURE;
- }
-
- /*
- * Perform export
- */
- CFDataRef pemData;
-
- /* Prefer the non-deprecated SecItemExport on Mac OS X >= 10.7. We use an ifdef to keep the code buildable with earlier SDKs, too. */
- nsfprintf(stderr, @"Exporting certificates from the keychain\n");
- err = SecKeychainItemExport((CFArrayRef) anchors, kSecFormatPEMSequence, kSecItemPemArmour, NULL, &pemData);
- PLCFAutorelease(pemData);
-
- if (err != noErr) {
- nsfprintf(stderr, @"Failed to export certificates: %@\n", [NSError errorWithDomain: NSOSStatusErrorDomain code: err userInfo:nil]);
- [pool release];
- return EXIT_FAILURE;
- }
-
- nsfprintf(stderr, @"Writing exported certificates\n");
- if (outputFile == nil) {
- NSString *str = [[[NSString alloc] initWithData: (NSData *) pemData encoding:NSUTF8StringEncoding] autorelease];
- nsfprintf(stdout, @"%@", str);
- } else {
- if (![(NSData *) pemData writeToFile: outputFile options: NSAtomicWrite error: &error]) {
- nsfprintf(stderr, @"Failed to write to pem output file: %@\n", error);
- [pool release];
- return EXIT_FAILURE;
- }
- }
-
- [pool release];
- return EXIT_SUCCESS;
-}
-
-static void usage (const char *progname) {
- fprintf(stderr, "Usage: %s [-u] [-o <output file>]\n", progname);
- fprintf(stderr, "\t-s\t\t\tDo not exit; observe the system keychain(s) for changes and update the output file accordingly.");
- fprintf(stderr, "\t-o <output file>\tWrite the PEM certificates to the target file, rather than stdout\n");
-}
-
-#if 0
-static void certsync_keychain_cb (ConstFSEventStreamRef streamRef, void *clientCallBackInfo, size_t numEvents, void *eventPaths, const FSEventStreamEventFlags eventFlags[], const FSEventStreamEventId eventIds[])
-{
- NSAutoreleasePool *pool = [[NSAutoreleasePool alloc] init];
-
- MPCertSyncConfig *config = (MPCertSyncConfig *) clientCallBackInfo;
-
- int ret;
- if ((ret = exportCertificates(config->userAnchors, config->outputFile)) != EXIT_SUCCESS)
- exit(ret);
-
- [pool release];
-}
-#endif
-
-int main (int argc, char * const argv[]) {
- NSAutoreleasePool *pool = [[NSAutoreleasePool alloc] init];
-
- /* Parse the command line arguments */
- BOOL runServer = NO;
- NSString *outputFile = nil;
-
- int ch;
- while ((ch = getopt(argc, argv, "hsuo:")) != -1) {
- switch (ch) {
- case 's':
- runServer = YES;
- break;
-
- case 'o':
- outputFile = [NSString stringWithUTF8String: optarg];
- break;
-
- case 'h':
- usage(argv[0]);
- exit(EXIT_SUCCESS);
-
- default:
- usage(argv[0]);
- exit(EXIT_FAILURE);
- }
- }
- argc -= optind;
- argv += optind;
-
- /* Perform single-shot export */
- if (!runServer)
- return exportCertificates(outputFile);
-
-#if 0
- /* Formulate the list of directories to observe; We use FSEvents rather than SecKeychainAddCallback(), as during testing the keychain
- * API never actually fired a callback for the target keychains. */
- FSEventStreamRef eventStream;
- {
- NSAutoreleasePool *streamPool = [[NSAutoreleasePool alloc] init];
-
- NSSearchPathDomainMask searchPathDomains = NSLocalDomainMask|NSSystemDomainMask;
- if (userAnchors)
- searchPathDomains |= NSUserDomainMask;
-
- NSArray *libraryDirectories = NSSearchPathForDirectoriesInDomains(NSAllLibrariesDirectory, searchPathDomains, YES);
- NSMutableArray *keychainDirectories = [NSMutableArray arrayWithCapacity: [libraryDirectories count]];
- for (NSString *dir in libraryDirectories) {
- [keychainDirectories addObject: [dir stringByAppendingPathComponent: @"Keychains"]];
- [keychainDirectories addObject: [dir stringByAppendingPathComponent: @"Security/Trust Settings"]];
- }
-
- /* Configure the listener */
- MPCertSyncConfig *config = [[[MPCertSyncConfig alloc] init] autorelease];
- config->userAnchors = userAnchors;
- config->outputFile = [outputFile retain];
-
- FSEventStreamContext ctx = {
- .version = 0,
- .info = config,
- .retain = CFRetain,
- .release = CFRelease,
- .copyDescription = CFCopyDescription
- };
- eventStream = FSEventStreamCreate(NULL, certsync_keychain_cb, &ctx, (CFArrayRef)keychainDirectories, kFSEventStreamEventIdSinceNow, 0.0, kFSEventStreamCreateFlagUseCFTypes);
- FSEventStreamScheduleWithRunLoop(eventStream, CFRunLoopGetCurrent(), kCFRunLoopCommonModes);
- FSEventStreamStart(eventStream);
-
- [streamPool release];
- }
-
- /* Perform an initial one-shot export, and then run forever */
- {
- NSAutoreleasePool *shotPool = [[NSAutoreleasePool alloc] init];
- int ret;
- if ((ret = exportCertificates(userAnchors, outputFile)) != EXIT_SUCCESS)
- return EXIT_FAILURE;
- [shotPool release];
- }
-
- CFRunLoopRun();
- FSEventStreamRelease(eventStream);
-#endif
- [pool release];
-
- return EXIT_SUCCESS;
-}
-
</del></span></pre></div>
<a id="trunkdportssecuritycertsyncfilescertsyncm"></a>
<div class="modfile"><h4>Modified: trunk/dports/security/certsync/files/certsync.m (115008 => 115009)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/dports/security/certsync/files/certsync.m 2013-12-21 22:16:52 UTC (rev 115008)
+++ trunk/dports/security/certsync/files/certsync.m 2013-12-22 00:40:04 UTC (rev 115009)
</span><span class="lines">@@ -26,31 +26,13 @@
</span><span class="cx"> */
</span><span class="cx">
</span><span class="cx"> #import <Foundation/Foundation.h>
</span><del>-#import <AvailabilityMacros.h>
</del><ins>+#import <Security/Security.h>
</ins><span class="cx">
</span><span class="cx"> #import <unistd.h>
</span><span class="cx"> #import <stdio.h>
</span><span class="cx">
</span><del>-#import <objc/message.h>
</del><ins>+#import "compat.h"
</ins><span class="cx">
</span><del>-/* Allow building with SDKs < 10.6 */
-#ifndef MAC_OS_X_VERSION_10_6
-#define MAC_OS_X_VERSION_10_6 1060
-#endif /* !MAC_OS_X_VERSION_10_6 */
-
-/* Allow building with SDKs < 10.5 */
-#ifndef MAC_OS_X_VERSION_10_5
-#define MAC_OS_X_VERSION_10_5 1050
-#endif /* !MAC_OS_X_VERSION_10_5 */
-
-#if MAC_OS_X_VERSION_MAX_ALLOWED <= MAC_OS_X_VERSION_10_5
-/* errSecSuccess was not defined until 10.6 */
-#define errSecSuccess noErr
-
-/* NSDataWritingAtomic was not defined until 10.6 */
-#define NSDataWritingAtomic NSAtomicWrite
-#endif
-
</del><span class="cx"> /* A wrapper class that may be used to pass configuration through the
</span><span class="cx"> * FSEvent callback API */
</span><span class="cx"> @interface MPCertSyncConfig : NSObject {
</span><span class="lines">@@ -123,68 +105,99 @@
</span><span class="cx"> */
</span><span class="cx"> static NSArray *certificatesForTrustDomain (SecTrustSettingsDomain domain, NSError **outError) {
</span><span class="cx"> NSAutoreleasePool *pool = [[NSAutoreleasePool alloc] init];
</span><ins>+ NSArray *trusted = nil;
</ins><span class="cx"> CFArrayRef certs = nil;
</span><span class="cx"> OSStatus err;
</span><span class="cx">
</span><del>- /* Fetch all certificates in the given domain */
- err = SecTrustSettingsCopyCertificates(domain, &certs);
- if (err == errSecSuccess) {
- PLCFAutorelease(certs);
- } else if (err == errSecNoTrustSettings ) {
- /* No data */
</del><ins>+ /* Mac OS X >= 10.5 provides SecTrustSettingsCopyCertificates() */
+ if (SecTrustSettingsCopyCertificates != NULL) {
+ /* Fetch all certificates in the given domain */
+ err = SecTrustSettingsCopyCertificates(domain, &certs);
+ if (err == errSecSuccess) {
+ PLCFAutorelease(certs);
+ } else if (err == errSecNoTrustSettings ) {
+ /* No data */
</ins><span class="cx">
</span><del>- [pool release];
- return [NSArray array];
- } else if (err != errSecSuccess) {
- /* Lookup failed */
- if (outError != NULL)
- *outError = [[NSError errorWithDomain: NSOSStatusErrorDomain code: err userInfo:nil] retain];
</del><ins>+ [pool release];
+ return [NSArray array];
+ } else if (err != errSecSuccess) {
+ /* Lookup failed */
+ if (outError != NULL)
+ *outError = [[NSError errorWithDomain: NSOSStatusErrorDomain code: err userInfo:nil] retain];
</ins><span class="cx">
</span><del>- [pool release];
- [*outError autorelease];
- return nil;
- }
</del><ins>+ [pool release];
+ [*outError autorelease];
+ return nil;
+ }
</ins><span class="cx">
</span><del>- /* Extract trusted roots */
- NSMutableArray *results = [NSMutableArray arrayWithCapacity: CFArrayGetCount(certs)];
- for (id certObj in (NSArray *) certs) {
- SecCertificateRef cert = (SecCertificateRef) certObj;
</del><ins>+ /* Extract trusted roots */
+ NSMutableArray *results = [NSMutableArray arrayWithCapacity: CFArrayGetCount(certs)];
+ trusted = results;
</ins><span class="cx">
</span><del>- /* Fetch the trust settings */
- CFArrayRef trustSettings = nil;
- err = SecTrustSettingsCopyTrustSettings(cert, domain, &trustSettings);
- if (err != errSecSuccess) {
- /* Shouldn't happen */
- nsfprintf(stderr, @"Failed to fetch trust settings\n");
- continue;
- } else {
- PLCFAutorelease(trustSettings);
- }
</del><ins>+ NSEnumerator *resultEnumerator = [(NSArray *)certs objectEnumerator];
+ id certObj;
+ while ((certObj = [resultEnumerator nextObject]) != nil) {
+ SecCertificateRef cert = (SecCertificateRef) certObj;
</ins><span class="cx">
</span><del>- /* If empty, trust for everything (as per the Security Framework documentation) */
- if (CFArrayGetCount(trustSettings) == 0) {
- [results addObject: certObj];
- } else {
- /* Otherwise, walk the properties and evaluate the trust settings result */
- for (NSDictionary *trustProps in (NSArray *) trustSettings) {
- CFNumberRef settingsResultNum;
- SInt32 settingsResult;
</del><ins>+ /* Fetch the trust settings */
+ CFArrayRef trustSettings = nil;
+ err = SecTrustSettingsCopyTrustSettings(cert, domain, &trustSettings);
+ if (err != errSecSuccess) {
+ /* Shouldn't happen */
+ nsfprintf(stderr, @"Failed to fetch trust settings\n");
+ continue;
+ } else {
+ PLCFAutorelease(trustSettings);
+ }
+
+ /* If empty, trust for everything (as per the Security Framework documentation) */
+ if (CFArrayGetCount(trustSettings) == 0) {
+ [results addObject: certObj];
+ } else {
+ /* Otherwise, walk the properties and evaluate the trust settings result */
+ NSEnumerator *trustEnumerator = [(NSArray *)trustSettings objectEnumerator];
+ NSDictionary *trustProps;
+ while ((trustProps = [trustEnumerator nextObject]) != nil) {
+ CFNumberRef settingsResultNum;
+ SInt32 settingsResult;
</ins><span class="cx">
</span><del>- settingsResultNum = (CFNumberRef) [trustProps objectForKey: (id) kSecTrustSettingsResult];
- CFNumberGetValue(settingsResultNum, kCFNumberSInt32Type, &settingsResult);
</del><ins>+ settingsResultNum = (CFNumberRef) [trustProps objectForKey: (id) kSecTrustSettingsResult];
+ CFNumberGetValue(settingsResultNum, kCFNumberSInt32Type, &settingsResult);
</ins><span class="cx">
</span><del>- /* If a root, add to the result set */
- if (settingsResult == kSecTrustSettingsResultTrustRoot || settingsResult == kSecTrustSettingsResultTrustAsRoot) {
- [results addObject: certObj];
- break;
</del><ins>+ /* If a root, add to the result set */
+ if (settingsResult == kSecTrustSettingsResultTrustRoot || settingsResult == kSecTrustSettingsResultTrustAsRoot) {
+ [results addObject: certObj];
+ break;
+ }
</ins><span class="cx"> }
</span><span class="cx"> }
</span><span class="cx"> }
</span><ins>+ } else {
+ /* Fetch all certificates in the given domain */
+ err = SecTrustCopyAnchorCertificates(&certs);
+ if (err == noErr) {
+ PLCFAutorelease(certs);
+ } else if (err == errSecTrustNotAvailable) {
+ /* No data */
+ [pool release];
+ return [NSArray array];
+ } else if (err != noErr) {
+ /* Lookup failed */
+ if (outError != NULL)
+ *outError = [[NSError errorWithDomain: NSOSStatusErrorDomain code: err userInfo:nil] retain];
+
+ [pool release];
+ [*outError autorelease];
+ return nil;
+ }
+
+ /* All certs are trusted */
+ trusted = (NSArray *) certs;
</ins><span class="cx"> }
</span><del>-
- [results retain];
</del><ins>+
+ [trusted retain];
</ins><span class="cx"> [pool release];
</span><del>- return [results autorelease];
</del><ins>+ return [trusted autorelease];
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> static int exportCertificates (BOOL userAnchors, NSString *outputFile) {
</span><span class="lines">@@ -231,34 +244,39 @@
</span><span class="cx"> return EXIT_FAILURE;
</span><span class="cx"> }
</span><span class="cx">
</span><del>- for (id certObj in result) {
- CFErrorRef cferror = NULL;
- CFStringRef subject;
</del><ins>+ NSEnumerator *resultEnumerator = [result objectEnumerator];
+ id certObj;
+ while ((certObj = [resultEnumerator nextObject]) != nil) {
+ NSError *subjectError = NULL;
+ CFStringRef subject = NULL;
+ BOOL subjectUnsupported = NO;
</ins><span class="cx">
</span><del>-#if MAC_OS_X_VERSION_MAX_ALLOWED > MAC_OS_X_VERSION_10_6
- if (SecCertificateCopyShortDescription != NULL) {
- subject = PLCFAutorelease(SecCertificateCopyShortDescription(NULL, (SecCertificateRef) certObj, &cferror));
- } else {
</del><ins>+ if (SecCertificateCopyShortDescription != NULL /* 10.7 */) {
+ subject = PLCFAutorelease(SecCertificateCopyShortDescription(NULL, (SecCertificateRef) certObj, (CFErrorRef *) &subjectError));
+
+ } else if (SecCertificateCopySubjectSummary != NULL /* 10.6 */) {
</ins><span class="cx"> subject = PLCFAutorelease(SecCertificateCopySubjectSummary((SecCertificateRef) certObj));
</span><ins>+
+ } else if (SecCertificateCopyCommonName != NULL /* 10.5 */) {
+ if ((err = SecCertificateCopyCommonName((SecCertificateRef) certObj, &subject)) == errSecSuccess && subject != NULL) {
+ PLCFAutorelease(subject);
+ } else {
+ /* In the case that the CN is simply unavailable, provide a more useful error code */
+ if (err == errSecSuccess)
+ err = errSecNoSuchAttr;
+
+ NSDictionary *userInfo = [NSDictionary dictionaryWithObjectsAndKeys: @"SecCertificateCopyCommonName() failed", NSLocalizedDescriptionKey, nil];
+ subjectError = [NSError errorWithDomain: NSOSStatusErrorDomain code: err userInfo: userInfo];
+ subject = NULL;
+ }
+ } else /* <= 10.4 */ {
+ subjectUnsupported = YES;
</ins><span class="cx"> }
</span><del>-#elif MAC_OS_X_VERSION_MAX_ALLOWED == MAC_OS_X_VERSION_10_6
- subject = PLCFAutorelease(SecCertificateCopySubjectSummary((SecCertificateRef) certObj));
-#elif MAC_OS_X_VERSION_MAX_ALLOWED <= MAC_OS_X_VERSION_10_5
- if ((err = SecCertificateCopyCommonName((SecCertificateRef) certObj, &subject)) == errSecSuccess && subject != NULL) {
- PLCFAutorelease(subject);
- } else {
- /* In the case that the CN is simply unavailable, provide a more useful error code */
- if (err == errSecSuccess)
- err = errSecNoSuchAttr;
-
- NSDictionary *userInfo = [NSDictionary dictionaryWithObjectsAndKeys: @"SecCertificateCopyCommonName() failed", NSLocalizedDescriptionKey, nil];
- cferror = (CFErrorRef) [NSError errorWithDomain: NSOSStatusErrorDomain code: err userInfo: userInfo];
- subject = NULL;
- }
-#endif
</del><span class="cx">
</span><span class="cx"> if (subject == NULL) {
</span><del>- nsfprintf(stderr, @"Failed to extract certificate description: %@\n", cferror);
</del><ins>+ /* Don't print an error if fetching the subject is unsupported on the platform (eg, <= 10.4) */
+ if (!subjectUnsupported)
+ nsfprintf(stderr, @"Failed to extract certificate description: %@\n", subjectError);
</ins><span class="cx"> } else {
</span><span class="cx"> nsfprintf(stderr, @"Found %@\n", subject);
</span><span class="cx"> }
</span><span class="lines">@@ -271,15 +289,11 @@
</span><span class="cx">
</span><span class="cx"> /* Prefer the non-deprecated SecItemExport on Mac OS X >= 10.7. We use an ifdef to keep the code buildable with earlier SDKs, too. */
</span><span class="cx"> nsfprintf(stderr, @"Exporting certificates from the keychain\n");
</span><del>-#if MAC_OS_X_VERSION_MAX_ALLOWED > MAC_OS_X_VERSION_10_6
</del><span class="cx"> if (SecItemExport != NULL) {
</span><span class="cx"> err = SecItemExport((CFArrayRef) anchors, kSecFormatPEMSequence, kSecItemPemArmour, NULL, &pemData);
</span><span class="cx"> } else {
</span><span class="cx"> err = SecKeychainItemExport((CFArrayRef) anchors, kSecFormatPEMSequence, kSecItemPemArmour, NULL, &pemData);
</span><span class="cx"> }
</span><del>-#else
- err = SecKeychainItemExport((CFArrayRef) anchors, kSecFormatPEMSequence, kSecItemPemArmour, NULL, &pemData);
-#endif
</del><span class="cx"> PLCFAutorelease(pemData);
</span><span class="cx">
</span><span class="cx"> if (err != errSecSuccess) {
</span></span></pre></div>
<a id="trunkdportssecuritycertsyncfilescompath"></a>
<div class="addfile"><h4>Added: trunk/dports/security/certsync/files/compat.h (0 => 115009)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/dports/security/certsync/files/compat.h (rev 0)
+++ trunk/dports/security/certsync/files/compat.h 2013-12-22 00:40:04 UTC (rev 115009)
</span><span class="lines">@@ -0,0 +1,105 @@
</span><ins>+#import <AvailabilityMacros.h>
+
+/*
+ * We provide forward-compatibility defines for build environments
+ * back to 10.4.
+ */
+
+/* Define version constants for use on earlier systems */
+#ifndef MAC_OS_X_VERSION_10_6
+# define MAC_OS_X_VERSION_10_6 1060
+#endif /* !MAC_OS_X_VERSION_10_6 */
+
+#ifndef MAC_OS_X_VERSION_10_5
+# define MAC_OS_X_VERSION_10_5 1050
+#endif /* !MAC_OS_X_VERSION_10_5 */
+
+/*
+ * Weak Linking Note:
+ *
+ * Correctly linking against weak symbols relies on actually having
+ * the symbol available at link time, such that dyld can create its two-level
+ * weak reference.
+ *
+ * Since we have to support building on earlier systems where the symbols
+ * are not available at all, we #define the functions to NULL (with appropriate
+ * function typedefs), allowing the standard approach of checking for
+ * symbol != NULL to succeed.
+ */
+
+/* Allow building with SDKs <= 10.4 */
+#if MAC_OS_X_VERSION_MAX_ALLOWED <= MAC_OS_X_VERSION_10_4
+ /* SecTrustSettings constants were not available until 10.5 */
+ enum {
+ kSecTrustSettingsDomainUser = 0,
+ kSecTrustSettingsDomainAdmin,
+ kSecTrustSettingsDomainSystem
+ };
+ typedef uint32_t SecTrustSettingsDomain;
+
+ enum {
+ kSecTrustSettingsResultInvalid = 0,
+ kSecTrustSettingsResultTrustRoot,
+ kSecTrustSettingsResultTrustAsRoot,
+ kSecTrustSettingsResultDeny,
+ kSecTrustSettingsResultUnspecified
+ };
+ typedef uint32_t SecTrustSettingsResult;
+ #define kSecTrustSettingsResult CFSTR("kSecTrustSettingsResult")
+
+ /* SecCertificateCopyCommonName() was added in 10.5 */
+ extern OSStatus SecCertificateCopyCommonName (SecCertificateRef certificate, CFStringRef *commonName) __attribute__((weak_import));
+ #define SecCertificateCopyCommonName ((OSStatus(*)(SecCertificateRef, CFStringRef *)) NULL) /* We can't safely weak-link what we don't have */
+
+ /* SecTrustSettingsCopyCertificates() was added in 10.5 */
+ extern OSStatus SecTrustSettingsCopyCertificates (SecTrustSettingsDomain domain, CFArrayRef *certArray) __attribute__((weak_import));
+ #define SecTrustSettingsCopyCertificates ((OSStatus(*)(SecTrustSettingsDomain, CFArrayRef *)) NULL) /* We can't safely weak-link what we don't have */
+
+ /* CFError was added in 10.5 */
+ typedef CFTypeRef CFErrorRef;
+
+ /* errSecNoTrustSettings was added in 10.5 */
+ #define errSecNoTrustSettings -25263
+#endif
+
+/* Allow building with SDKs <= 10.5 */
+#if MAC_OS_X_VERSION_MAX_ALLOWED <= MAC_OS_X_VERSION_10_5
+ /* errSecSuccess was not defined until 10.6 */
+ #define errSecSuccess noErr
+
+ /* NSDataWritingAtomic was not defined until 10.6, but it has an identical
+ * value as the now-deprecated NSDataWritingAtomic */
+ #define NSDataWritingAtomic NSAtomicWrite
+
+ /* SecCertificateCopySubjectSummary() was added in 10.6 */
+ extern CFStringRef SecCertificateCopySubjectSummary (SecCertificateRef certificate) __attribute__((weak_import));
+ #define SecCertificateCopySubjectSummary ((CFStringRef(*)(SecCertificateRef)) NULL) /* We can't safely weak-link what we don't have */
+#endif
+
+/* Allow building with SDKs <= 10.6 */
+#if MAC_OS_X_VERSION_MAX_ALLOWED <= MAC_OS_X_VERSION_10_6
+ /* SecCertificateCopyShortDescription() was added in 10.7 */
+ extern CFStringRef SecCertificateCopyShortDescription (CFAllocatorRef alloc, SecCertificateRef certificate, CFErrorRef *error) __attribute__((weak_import));
+ #define SecCertificateCopyShortDescription ((CFStringRef(*)(CFAllocatorRef, SecCertificateRef, CFErrorRef *)) NULL) /* We can't safely weak-link what we don't have */
+
+ /* SecItemExport() was added in 10.7 */
+ typedef struct {
+ uint32_t version;
+ SecKeyImportExportFlags flags;
+ CFTypeRef passphrase;
+ CFStringRef alertTitle;
+ CFStringRef alertPrompt;
+ SecAccessRef accessRef;
+ CFArrayRef keyUsage;
+ CFArrayRef keyAttributes;
+ } SecItemImportExportKeyParameters;
+
+ extern OSStatus SecItemExport (
+ CFTypeRef secItemOrArray,
+ SecExternalFormat outputFormat,
+ SecItemImportExportFlags flags,
+ const SecItemImportExportKeyParameters *keyParams,
+ CFDataRef *exportedData
+ ) __attribute__((weak_import));
+ #define SecItemExport ((OSStatus(*)(CFTypeRef, SecExternalFormat, SecItemImportExportFlags, const SecItemImportExportKeyParameters *, CFDataRef *)) NULL) /* We can't safely weak-link what we don't have */
+#endif
</ins><span class="cx">\ No newline at end of file
</span></span></pre>
</div>
</div>
</body>
</html>