I've been trying to check X.509 certificates revocation status in iOS 7.0 using both OCSP and CRL in different moments and the evaluation returns kSecTrustResultUnspecified (that means the certificate is to be trusted) without actually checking with OCSP or CRL sources, as long as I pass all certificates in the chain. I've put any code I think is relevant below, please help!

Thanks!

PS: ocspOnly and crlOnly are booleans that indicate if any of those revocation checking methods are to be used exclusively; certs is an NSArray that contains all certificates in chain except anchor certificates; anchor certificates are set properly before.

int evaluationMethod = kSecRevocationRequirePositiveResponse;

if (ocspOnly) {
    evaluationMethod |= kSecRevocationOCSPMethod;
} else if (crlOnly) {
    evaluationMethod |= kSecRevocationCRLMethod;
} else {
    evaluationMethod |= kSecRevocationUseAnyAvailableMethod;
}


if ((status = SecTrustCreateWithCertificates((__bridge CFArrayRef)certs, SecPolicyCreateRevocation(evaluationMethod), &trust)) != errSecSuccess) {
    NSLog(@"Failed to create trust with certificate and policy: %ld", status);
    return NO;
}

if ((status = SecTrustSetNetworkFetchAllowed(trust, YES)) != errSecSuccess) {
    NSLog(@"Failed to activate network fetch: %ld", status);
}


status = SecTrustEvaluate(trust, &trustResult);
if (status != errSecSuccess) {
    NSLog(@"Failed to evaluate trust: %ld", status);
    return NO;
}

if (trustResult == kSecTrustResultProceed || trustResult == kSecTrustResultUnspecified)
    return YES;
return NO;

PS-2: This question was also asked in iOS Developer Forums here.