CSSM_TP_ApplyCrlToDb
CSSM_RETURN CSSMAPI CSSM_TP_ApplyCrlToDb
(CSSM_TP_HANDLE TPHandle,
CSSM_CL_HANDLE CLHandle,
CSSM_CSP_HANDLE CSPHandle,
const CSSM_DL_DB_LIST_PTR DBList,
const CSSM_DATA_PTR CrlToBeApplied,
CSSM_CRL_TYPE CrlType,
CSSM_CRL_ENCODING CrlEncoding,
const CSSM_CERTGROUP_PTR SignerCert,
const CSSM_VERIFYCONTEXT_PTR SignerVerifyContext)
This function updates persistent storage to reflect entries in the certificate revocation list. The TP module determines whether the memory-resident CRL is trusted, and if it should be applied to one or more of the persistent databases. Side effects of this function can include saving a persistent copy of the CRL in a data store, or removing certificate records from a data store.
- TPHandle (input)
The handle that describes the add-in trust policy module used to perform this function.
- CLHandle (input/optional)
The handle that describes the add-in certificate library module that can be used to manipulate the CRL as it is applied to the data store and to manipulate the certificates effected by the CRL, if required. If no certificate library module is specified, the TP module uses an assumed CL module, if required.
- CSPHandle (input/optional)
The handle referencing a Cryptographic Service Provider to be used to verify signatures on the CRL determining whether to trust the CRL and apply it to the data store. The TP module is responsible for creating the cryptographic context structures required to perform the verification operation. If no CSP is specified, the TP module uses an assumed CSP to perform these operations.
- DBList (input/optional)
A list of handle pairs specifying a data storage library module and a data store managed by that module. These data stores can contain certificates that might be effected by the CRL, they may contain CRLs, or both. If no DL and DB handle pairs are specified, the TP module must use an assumed DL module and an assumed data store for this operation.
- CrlToBeApplied (input)
A pointer to the CSSM_DATA structure containing a certificate revocation list to be applied to the data store.
- CrlType (input)
An indicator of the type of CRL contained in the CrlToBeApplied.
- CrlEncoding (input)
An indicator of the encoding of CRL contained in the CrlToBeApplied.
- SignerCert (input)
A pointer to the CSSM_DATA structure containing the certificate that was used to sign the CRL.
- SignerVerifyContext (input)
A pointer to the CSSM_VERIFYCONTEXT structure containing input and output parameters to control verification of the signer's certificate and the CRL. Many parameters in the context structure are optional. Default values are used for each optional, unspecified value.
A CSSM_OK return value signifies that the revocations contained in the certificate revocation list have been appropriately applied to the specified database. When CSSM_FAIL is returned, an error has occurred. Use CSSM_GetError to obtain the error code.
- CSSM_TP_INVALID_CRL
Invalid certificate revocation list.
- CSSM_TP_NOT_TRUSTED
Certificate revocation list can't be trusted.
- CSSM_TP_APPLY_CRL_TO_DB_FAIL
Unable to apply certificate revocation list on database.
- CSSM_INVALID_TP_HANDLE
Invalid handle.
- CSSM_INVALID_CL_HANDLE
Invalid handle.
- CSSM_INVALID_DL_HANDLE
Invalid handle.
- CSSM_INVALID_DB_HANDLE
Invalid handle.
- CSSM_FUNCTION_NOT_IMPLEMENTED
Function not implemented.
CSSM_CL_CrlGetFirstItem, CSSM_CL_CrlGetNextItem, CSSM_DL_CertRevoke
Contents | Next section | Index |