Protocolswift-certificates 1.13.0X509

    VerifierPolicy

    A VerifierPolicy implements a series of checks on an UnverifiedCertificateChain in order to determine whether that chain should be trusted.

    VerifierPolicy.swift:33
    iOS
    13+
    macOS
    10.15+
    Mac Catalyst
    13+
    tvOS
    13+
    visionOS
    1.0+
    watchOS
    6+
    @preconcurrency protocol VerifierPolicy
    Mangled symbol
    s4X50914VerifierPolicyP What are these?
    FNV24 hash
    4Y61V
    Browse conforming types

    Certificate verification is split into two parts: chain building and policy enforcement. Chain building is general: regardless of policy, we use the same chain building algorithm. This will generate a sequence of candidate chains in the form of UnverifiedCertificateChain.

    Each of these candidate chains is then handed to a VerifierPolicy to be checked against the certificate policy. The reason for this is to allow different use-cases to share the same chain building code, but to enforce different requirements on the chain.

    Some VerifierPolicy objects are used frequently and are very common, such as RFC5280Policy which implements the basic checks from that RFC. Other objects are less common, such as OCSPVerifierPolicy, which performs live revocation checking. Users can also implement their own policies to enable swift-certificates to support other use-cases.