Replace deprecated SecTrustEvaluate and SecTrustGetCertificateAtIndex usages

tcooper-uk · vcsjones · commit c7b8a4bb0a09 · 2024-09-16T14:26:51.000-04:00
diff --git a/certstore/certstore_darwin.go b/certstore/certstore_darwin.go
@@ -160,8 +160,9 @@ func (i *macIdentity) CertificateChain() ([]*x509.Certificate, error) {
 	}
 	defer C.CFRelease(C.CFTypeRef(trustRef))
 
-	var status C.SecTrustResultType
-	if err := osStatusError(C.SecTrustEvaluate(trustRef, &status)); err != nil {
+	var cfError C.CFErrorRef
+	if C.SecTrustEvaluateWithError(trustRef, &cfError) {
+		err := cfErrorError(cfError)
 		return nil, err
 	}
 
@@ -171,18 +172,22 @@ func (i *macIdentity) CertificateChain() ([]*x509.Certificate, error) {
 	)
 
 	for i := C.CFIndex(0); i < nchain; i++ {
-		// TODO: do we need to release these?
-		chainCertref := C.SecTrustGetCertificateAtIndex(trustRef, i)
-		if chainCertref == nilSecCertificateRef {
-			return nil, errors.New("nil certificate in chain")
+		chainCertCpy := C.SecTrustCopyCertificateChain(trustRef)
+
+		if C.CFArrayRef(chainCertCpy) == nilCFArrayRef {
+			return nil, errors.New("nil certificate in the chain")
 		}
 
-		chainCert, err := exportCertRef(chainCertref)
+		chainCertRef := C.SecCertificateRef(C.CFArrayGetValueAtIndex(chainCertCpy, i))
+
+		chainCert, err := exportCertRef(chainCertRef)
 		if err != nil {
 			return nil, err
 		}
 
 		chain = append(chain, chainCert)
+
+		C.CFRelease(C.CFTypeRef(chainCertCpy))
 	}
 
 	i.chain = chain

Original file line number	Diff line number	Diff line change
`@@ -160,8 +160,9 @@ func (i macIdentity) CertificateChain() ([]x509.Certificate, error) {`
`160`	`160`	`}`
`161`	`161`	`defer C.CFRelease(C.CFTypeRef(trustRef))`
`162`	`162`
`163`		`- var status C.SecTrustResultType`
`164`		`- if err := osStatusError(C.SecTrustEvaluate(trustRef, &status)); err != nil {`
	`163`	`+ var cfError C.CFErrorRef`
	`164`	`+ if C.SecTrustEvaluateWithError(trustRef, &cfError) {`
	`165`	`+ err := cfErrorError(cfError)`
`165`	`166`	`return nil, err`
`166`	`167`	`}`
`167`	`168`
`@@ -171,18 +172,22 @@ func (i macIdentity) CertificateChain() ([]x509.Certificate, error) {`
`171`	`172`	`)`
`172`	`173`
`173`	`174`	`for i := C.CFIndex(0); i < nchain; i++ {`
`174`		`- // TODO: do we need to release these?`
`175`		`- chainCertref := C.SecTrustGetCertificateAtIndex(trustRef, i)`
`176`		`- if chainCertref == nilSecCertificateRef {`
`177`		`- return nil, errors.New("nil certificate in chain")`
	`175`	`+ chainCertCpy := C.SecTrustCopyCertificateChain(trustRef)`
	`176`	`+`
	`177`	`+ if C.CFArrayRef(chainCertCpy) == nilCFArrayRef {`
	`178`	`+ return nil, errors.New("nil certificate in the chain")`
`178`	`179`	`}`
`179`	`180`
`180`		`- chainCert, err := exportCertRef(chainCertref)`
	`181`	`+ chainCertRef := C.SecCertificateRef(C.CFArrayGetValueAtIndex(chainCertCpy, i))`
	`182`	`+`
	`183`	`+ chainCert, err := exportCertRef(chainCertRef)`
`181`	`184`	`if err != nil {`
`182`	`185`	`return nil, err`
`183`	`186`	`}`
`184`	`187`
`185`	`188`	`chain = append(chain, chainCert)`
	`189`	`+`
	`190`	`+ C.CFRelease(C.CFTypeRef(chainCertCpy))`
`186`	`191`	`}`
`187`	`192`
`188`	`193`	`i.chain = chain`