Previous section.

Common Security: CDSA and CSSM
Copyright © 1997 The Open Group




    const CSSM_DL_DB_LIST_PTR DBList,
    const CSSM_DATA_PTR CrlToBeApplied,
    CSSM_CRL_TYPE CrlType,
    CSSM_CRL_ENCODING CrlEncoding,
    const CSSM_CERTGROUP_PTR SignerCert,
    const CSSM_VERIFYCONTEXT_PTR SignerVerifyContext)


This function updates persistent storage to reflect entries in the certificate revocation list. The TP module determines whether the memory-resident CRL is trusted, and if it should be applied to one or more of the persistent databases. Side effects of this function can include saving a persistent copy of the CRL in a data store, or removing certificate records from a data store.


TPHandle (input)

The handle that describes the add-in trust policy module used to perform this function.

CLHandle (input/optional)

The handle that describes the add-in certificate library module that can be used to manipulate the CRL as it is applied to the data store and to manipulate the certificates effected by the CRL, if required. If no certificate library module is specified, the TP module uses an assumed CL module, if required.

CSPHandle (input/optional)

The handle referencing a Cryptographic Service Provider to be used to verify signatures on the CRL determining whether to trust the CRL and apply it to the data store. The TP module is responsible for creating the cryptographic context structures required to perform the verification operation. If no CSP is specified, the TP module uses an assumed CSP to perform these operations.

DBList (input/optional)

A list of handle pairs specifying a data storage library module and a data store managed by that module. These data stores can contain certificates that might be effected by the CRL, they may contain CRLs, or both. If no DL and DB handle pairs are specified, the TP module must use an assumed DL module and an assumed data store for this operation.

CrlToBeApplied (input)

A pointer to the CSSM_DATA structure containing a certificate revocation list to be applied to the data store.

CrlType (input)

An indicator of the type of CRL contained in the CrlToBeApplied.

CrlEncoding (input)

An indicator of the encoding of CRL contained in the CrlToBeApplied.

SignerCert (input)

A pointer to the CSSM_DATA structure containing the certificate that was used to sign the CRL.

SignerVerifyContext (input)

A pointer to the CSSM_VERIFYCONTEXT structure containing input and output parameters to control verification of the signer's certificate and the CRL. Many parameters in the context structure are optional. Default values are used for each optional, unspecified value.


A CSSM_OK return value signifies that the revocations contained in the certificate revocation list have been appropriately applied to the specified database. When CSSM_FAIL is returned, an error has occurred. Use CSSM_GetError to obtain the error code.



Invalid certificate revocation list.


Certificate revocation list can't be trusted.


Unable to apply certificate revocation list on database.


Invalid handle.


Invalid handle.


Invalid handle.


Invalid handle.


Function not implemented.


CSSM_CL_CrlGetFirstItem, CSSM_CL_CrlGetNextItem, CSSM_DL_CertRevoke

Why not acquire a nicely bound hard copy?
Click here to return to the publication details or order a copy of this publication.
You should also read the legal notice explaining the terms and conditions relating to the CDSA documentation.

Contents Next section Index