// test whether we aren't already trusting this certificate
SecTrustResultTyperesult;
err=SecTrustEvaluate(trustRef,&result);
if(err==noErr){
// with help from http://lists.apple.com/archives/Apple-cdsa/2006/Apr/msg00013.html
switch(result){
casekSecTrustResultProceed:// trust ok, go right ahead
casekSecTrustResultUnspecified:// trust ok, user has no particular opinion about this
#ifndef ALWAYS_SHOW_TRUST_WARNING
query_cert_cb(true,userdata);
[selfautorelease];
break;
#endif
casekSecTrustResultConfirm:// trust ok, but user asked (earlier) that you check with him before proceeding
casekSecTrustResultDeny:// trust ok, but user previously said not to trust it anyway
casekSecTrustResultRecoverableTrustFailure:// trust broken, perhaps argue with the user
casekSecTrustResultOtherError:// failure other than trust evaluation; e.g., internal failure of the SecTrustEvaluate function. We'll let the user decide where to go from here.
NSString*informativeText=[NSStringstringWithFormat:AILocalizedString(@"The certificate of the server %@ is not trusted, which means that the server's identity cannot be automatically verified. Do you want to continue connecting?\n\nFor more information, click \"Show Certificate\".",nil),hostname];