Home/ Questions/Q 8260157
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-08T03:01:58+00:00

In a simple methods to delete Certs by CN (the certs have previously been

  • 0

In a simple methods to delete Certs by CN (the certs have previously been put there by SecItemAdd from a PKCS12 import); I am getting the error:

Property list invalid for format: 200 (property lists cannot contain objects of type ‘SecIdentity’)

Where based on https://developer.apple.com/documentation/security/1395547-secitemdelete I think I am following the instruction:

To delete an item identified by a transient reference, specify the
kSecMatchItemList search key with a reference returned by using the
kSecReturnRef return type key in a previous call to the
SecItemCopyMatching or SecItemAdd functions.

to the letter. Code below:

NSDictionary * attributes;
NSString * cnString = @"/CN=foo";

attributes = [NSDictionary dictionaryWithObjectsAndKeys:
              (__bridge id)(kSecClassIdentity), kSecClass,
              cnString, kSecMatchSubjectContains,
              kSecMatchLimitAll, kSecMatchLimit,
              kCFBooleanTrue, kSecReturnRef,
              nil];

CFArrayRef result;
status = SecItemCopyMatching((__bridge CFDictionaryRef)(attributes), 
      (CFTypeRef *)&result);

if (status == noErr) {

    for(int i = 0; i < CFArrayGetCount(result); i++) {

        SecIdentityRef item = (SecIdentityRef) CFArrayGetValueAtIndex(result, i);
        NSLog(@"Item #%d: %@", i, item);

        attributes = [NSDictionary dictionaryWithObjectsAndKeys:
                      (__bridge id)(kSecClassIdentity), kSecClass,
                      [NSArray arrayWithObject:(__bridge id)item], kSecMatchItemList,
                      kSecMatchLimitOne, kSecMatchLimit,
                      nil];

        status = SecItemDelete((__bridge CFDictionaryRef)(attributes));

        if (status != noErr || status != errSecItemNotFound)
            NSLog(@"Delete %d/%@failed: %ld (ignored)", i,item, status);
    };
};

The output on the console is:

 Item #0: <SecIdentityRef: 0xc7359ff0>

straight after the find (and if the search is widened we get an array of these).

And then from deep inside Security.dylib:

Property list invalid for format: 200 (property lists cannot contain objects of type ‘SecIdentity’)

To ultimately bail with:

 Delete 0/<SecIdentityRef: 0xc7359ff0>failed: -50 (ignored)

What am I doing wrong?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    This has been fixed in the latest GM drop. Reality is now in sync with the documentation.

    • 0