Previous section.

Common Security: CDSA and CSSM
Copyright © 1997 The Open Group

NAME

CSSM_TP_ApplyCrlToDb

SYNOPSIS

CSSM_RETURN CSSMAPI CSSM_TP_ApplyCrlToDb
    (CSSM_TP_HANDLE TPHandle,
    CSSM_CL_HANDLE CLHandle,
    CSSM_CSP_HANDLE CSPHandle,
    const CSSM_DL_DB_LIST_PTR DBList,
    const CSSM_DATA_PTR CrlToBeApplied,
    CSSM_CRL_TYPE CrlType,
    CSSM_CRL_ENCODING CrlEncoding,
    const CSSM_CERTGROUP_PTR SignerCert,
    const CSSM_VERIFYCONTEXT_PTR SignerVerifyContext)

DESCRIPTION

This function updates persistent storage to reflect entries in the certificate revocation list. The TP module determines whether the memory-resident CRL is trusted, and if it should be applied to one or more of the persistent databases. Side effects of this function can include saving a persistent copy of the CRL in a data store, or removing certificate records from a data store.

PARAMETERS

TPHandle (input)

The handle that describes the add-in trust policy module used to perform this function.

CLHandle (input/optional)

The handle that describes the add-in certificate library module that can be used to manipulate the CRL as it is applied to the data store and to manipulate the certificates effected by the CRL, if required. If no certificate library module is specified, the TP module uses an assumed CL module, if required.

CSPHandle (input/optional)

The handle referencing a Cryptographic Service Provider to be used to verify signatures on the CRL determining whether to trust the CRL and apply it to the data store. The TP module is responsible for creating the cryptographic context structures required to perform the verification operation. If no CSP is specified, the TP module uses an assumed CSP to perform these operations.

DBList (input/optional)

A list of handle pairs specifying a data storage library module and a data store managed by that module. These data stores can contain certificates that might be effected by the CRL, they may contain CRLs, or both. If no DL and DB handle pairs are specified, the TP module must use an assumed DL module and an assumed data store for this operation.

CrlToBeApplied (input)

A pointer to the CSSM_DATA structure containing a certificate revocation list to be applied to the data store.

CrlType (input)

An indicator of the type of CRL contained in the CrlToBeApplied.

CrlEncoding (input)

An indicator of the encoding of CRL contained in the CrlToBeApplied.

SignerCert (input)

A pointer to the CSSM_DATA structure containing the certificate that was used to sign the CRL.

SignerVerifyContext (input)

A pointer to the CSSM_VERIFYCONTEXT structure containing input and output parameters to control verification of the signer's certificate and the CRL. Many parameters in the context structure are optional. Default values are used for each optional, unspecified value.

RETURN VALUE

A CSSM_OK return value signifies that the revocations contained in the certificate revocation list have been appropriately applied to the specified database. When CSSM_FAIL is returned, an error has occurred. Use CSSM_GetError to obtain the error code.

ERRORS

CSSM_TP_INVALID_CRL

Invalid certificate revocation list.

CSSM_TP_NOT_TRUSTED

Certificate revocation list can't be trusted.

CSSM_TP_APPLY_CRL_TO_DB_FAIL

Unable to apply certificate revocation list on database.

CSSM_INVALID_TP_HANDLE

Invalid handle.

CSSM_INVALID_CL_HANDLE

Invalid handle.

CSSM_INVALID_DL_HANDLE

Invalid handle.

CSSM_INVALID_DB_HANDLE

Invalid handle.

CSSM_FUNCTION_NOT_IMPLEMENTED

Function not implemented.

SEE ALSO

CSSM_CL_CrlGetFirstItem, CSSM_CL_CrlGetNextItem, CSSM_DL_CertRevoke
Why not acquire a nicely bound hard copy?
Click here to return to the publication details or order a copy of this publication.
You should also read the legal notice explaining the terms and conditions relating to the CDSA documentation.

Contents Next section Index