The docs say: “If not all the certificates needed to verify the leaf certificate are included in the trust management object, then SecTrustEvaluate searches for certificates in the keychain search list (see SecTrustSetKeychains) and in the system’s store of anchor certificates (see SecTrustSetAnchorCertificates).”
However, since SecTrustSetKeychains() is not available on iOS, it’s not clear whether this function will also look in the application’s keychain.
eskimo1 from Apple Devforums answered this so:
- Does SecTrustEvaluate() look for root certificates in the application keychain?
Not by default. However, it's easy to make it do this by getting the certificates out of your keychain (or from wherever) and applying them to the SecTrust object using SecTrustSetAnchorCertificates.
SecTrustEvaluation /will/ find intermediate certificates in your keychain.