This sample ilustrate that the CRL distribution point is not contacted by SecTrustEvaluateWithError
clang++ main.cpp -o revocation -framework Security -framework CoreFoundation
Start a HTTP server from this directory to ensure the CRL is available at the distribution point
python -m SimpleHTTPServer 20001
Run the test executable
./revocation
Verificaction should contact the CRL distribution point and trust error should indicate that
the certificate has been revoked, errSecCertificateRevoked
the program should output
not trusted: certificate revoked
The certificate is not trusted, the trust error indicate the revocation check was not complete
errSecIncompleteCertRevocationCheck
the program outputs not trusted: incomplete revocation check