Previous section.

Common Security: CDSA and CSSM
Copyright © 1997 The Open Group

NAME

CL_CertVerify

SYNOPSIS

CSSM_BOOL CSSMCLI CL_CertVerify
    (CSSM_CL_HANDLE CLHandle,
    CSSM_CC_HANDLE CCHandle,
    const CSSM_DATA_PTR CertToBeVerified,
    const CSSM_DATA_PTR SignerCert,
    const CSSM_FIELD_PTR VerifyScope,
    uint32 ScopeSize)

DESCRIPTION

This function verifies that the signed certificate has not been altered since it was signed by the designated signer. Only one signature is verified by this function. If the certificate to be verified includes multiple signatures, this function must be applied once for each signature to be verified. This function verifies a digital signature over the certificate fields specified by VerifyScope. If the verification scope fields are not specified, the function performs verification using a pre-selected set of fields in the certificate.

PARAMETERS

CLHandle (input)

The handle that describes the add-in certificate library module used to perform this function.

CCHandle (input)

The handle that describes the context of this cryptographic operation.

CertToBeVerified (input)

A pointer to the CSSM_DATA structure containing a certificate containing at least one signature for verification. An unsigned certificate template cannot be verified.

SignerCert (input)

A pointer to the CSSM_DATA structure containing the certificate used to sign the subject certificate. This certificate provides the public key to use in the verification process and if the certificate being verified contains multiple signatures, the signer's certificate indicates which signature is to be verified.

VerifyScope (input/optional)

A pointer to the CSSM_FIELD array containing the tag/value pairs of the fields to be used in verifying the signature (that is, the fields that were used to calculate the signature). If the verify scope is null, the certificate library module assumes that its default set of certificate fields were used to calculate the signature and those same fields are used in the verification process.

ScopeSize (input)

The number of entries in the verify scope list. If the verification scope is not specified, the input value for scope size must be zero.

RETURN VALUE

CSSM_TRUE if the certificate signature verified. CSSM_FALSE if the certificate signature did not verify or an error condition occurred. Use CSSM_GetError to obtain the error code.

ERRORS

CSSM_CL_INVALID_CL_HANDLE

Invalid Certificate Library Handle.

CSSM_CL_INVALID_CC_HANDLE

Invalid Cryptographic Context Handle.

CSSM_CL_INVALID_DATA_POINTER

Invalid pointer input.

CSSM_CL_INVALID_CONTEXT

Invalid context for the requested operation.

CSSM_CL_UNKNOWN_FORMAT

Unrecognized certificate format.

CSSM_CL_INVALID_SCOPE

Invalid scope.

CSSM_CL_UNSUPPORTED_OPERATION

Add-in does not support this function.

CSSM_CL_CERT_VERIFY_FAIL

Unable to verify certificate.

SEE ALSO

CL_CertSign
Why not acquire a nicely bound hard copy?
Click here to return to the publication details or order a copy of this publication.
You should also read the legal notice explaining the terms and conditions relating to the CDSA documentation.

Contents Next section Index