Fold x509_util_ios and most of x509_util_mac into x509_util_apple

Our minimum macOS version is now such that there is no reason to use
deprecated APIs in any of the non-CSSM x509_util_mac.h functions. That
means we can align macOS and iOS on common implementations of

The other functions aren't needed on iOS, but they work fine and it is
confusing to have both x509_util_mac.h and x509_util_apple.h, so move
those to x509_util_apple.h. We could gate those on an ifdef, but it
doesn't seem worth the trouble.

I've left the CSSM stuff in x509_util_mac.h, but the only file that
needs to include it is CertVerifyProcMac, which will hopefully be
deleted soon, once CertVerifyProcBuiltin is fully launched. That'll
leave ClientCertStoreMac as the only remaining caller of CSSM APIs,
which is hopefully fixable. (I believe we need to switch CopyCertChain
to SecTrustGetCertificateCount/AtIndex, and then check if
SecItemCopyMatching returns all the results that SecIdentitySearchCreate

Bug: 590914
Change-Id: Ie731587f80aeb68a1ae4e5b1c0588edc10e7dca0
Reviewed-by: Elly Fong-Jones <>
Reviewed-by: Sylvain Defresne <>
Reviewed-by: Matt Mueller <>
Commit-Queue: David Benjamin <>
Cr-Commit-Position: refs/heads/main@{#1007901}
GitOrigin-RevId: bd1746a3e247390ad2b5caf56f0bf26f7bf94ded
4 files changed