Previous section.

Common Security: CDSA and CSSM
Copyright © 1997 The Open Group

NAME

CSSM_TP_CrlVerify

SYNOPSIS

CSSM_BOOL CSSMAPI CSSM_TP_CrlVerify
    (CSSM_TP_HANDLE TPHandle,
    CSSM_CL_HANDLE CLHandle,
    CSSM_CSP_HANDLE CSPHandle,
    const CSSM_DL_DB_LIST_PTR DBList,
    const CSSM_DATA_PTR CrlToBeVerified,
    CSSM_CRL_TYPE CrlType,
    CSSM_CRL_ENCODING CrlEncoding,
    const CSSM_CERTGROUP_PTR SignerCertGroup,
    const CSSM_VERIFYCONTEXT_PTR VerifyContext);

DESCRIPTION

This function verifies the integrity of the certificate revocation list and determines whether it is trusted. The conditions for trust are part of the trust policy module. It can include conditions such as validity of the signer's certificate, verification of the signature on the CRL, the identity of the signer, the identity of the sender of the CRL, date the CRL was issued, the effective dates on the CRL, and so on.

PARAMETERS

TPHandle (input)

The handle that describes the add-in trust policy module used to perform this function.

CLHandle (input/optional)

The handle that describes the add-in certificate library module that can be used to manipulate the certificates to be verified. If no certificate library module is specified, the TP module uses an assumed CL module, if required.

CSPHandle (input/optional)

The handle referencing a Cryptographic Service Provider to be used to verify signatures on the signer's certificate and on the CRL. The TP module is responsible for creating the cryptographic context structure required to perform the verification operation. If no CSP is specified, the TP module uses an assumed CSP to perform the operations.

DBList (input/optional)

A list of handle pairs specifying a data storage library module and a data store managed by that module. These data stores can be used to store or retrieve objects (such as certificates and CRLs) related to the signer's certificate. If no DL and DB handle pairs are specified, the TP module can use an assumed DL module and an assumed data store, if required.

CrlToBeVerified (input)

A pointer to the CSSM_DATA structure containing a signed certificate revocation list to be verified.

CrlType (input)

An indicator of the type of CRL contained in the CrlToBeVerified.

CrlEncoding (input)

An indicator of the encoding of CRL contained in the CrlToBeVerified.

SignerCertGroup (input)

A pointer to the CSSM_CERTGROUP structure containing one or more related certificates used to sign the CRL.

VerifyContext (input)

A pointer to the CSSM_VERIFYCONTEXT structure containing input and output parameters to control verification of the CRL and the signer's certificate group. Many parameters in the context structure are optional. Default values are used for each optional, unspecified value.

RETURN VALUE

A CSSM_TRUE return value signifies that the certificate revocation list can be trusted. When CSSM_FALSE is returned, an error has occurred. Use CSSM_GetError to obtain the error code.

ERRORS

CSSM_TP_INVALID_CERTIFICATE

Invalid certificate.

CSSM_TP_NOT_SIGNER

Signer certificate is not signer of CRL.

CSSM_TP_NOT_TRUSTED

Certificate revocation list can't be trusted.

CSSM_TP_CRL_VERIFY_FAIL

Unable to verify certificate.

CSSM_INVALID_TP_HANDLE

Invalid handle.

CSSM_INVALID_CL_HANDLE

Invalid handle.

CSSM_INVALID_DL_HANDLE

Invalid handle.

CSSM_INVALID_DB_HANDLE

Invalid handle.

CSSM_FUNCTION_NOT_IMPLEMENTED

Function not implemented.

SEE ALSO

CSSM_CL_CrlVerify
Why not acquire a nicely bound hard copy?
Click here to return to the publication details or order a copy of this publication.
You should also read the legal notice explaining the terms and conditions relating to the CDSA documentation.

Contents Next section Index