Previous section.

Common Security: CDSA and CSSM
Copyright © 1997 The Open Group

NAME

CSSM_TP_CertGroupPrune

SYNOPSIS

CSSM_CERTGROUP_PTR CSSMAPI CSSM_TP_CertGroupPrune
    (CSSM_TP_HANDLE TPHandle,
    CSSM_CL_HANDLE CLHandle,
    const CSSM_DL_DB_LIST_PTR DBList,
    CSSM_CERTGROUP_PTR OrderedCertGroup);

DESCRIPTION

This function removes certificates from a certificate group. The prune operation can remove those certificates that have been signed by any local certificate authority, as it is possible that these certificates will not be meaningful on other systems.

This operation can also remove additional certificates that can be added to the certificate group again using the CertGroupConstruct operation. The pruned certificate group should be suitable for transmission to external hosts, which can in turn reconstruct and verify the certificate group.

The DBList parameter specifies a set of data stores containing certificates that should be pruned from the group.

PARAMETERS

TPHandle (input)

The handle to the trust policy module to perform this operation.

CLHandle (input/optional)

The handle to the certificate library module that can be used to manipulate and parse the certgroup certificates and the certificates in the specified data stores. If no certificate library module is specified, the TP module uses an assumed CL module.

DBList (input)

A list of handle pairs specifying a data storage library module and a data store managed by that module. These data stores must contain certificates (and possibly other security objects). The data stores are searched for anchor certificates restricted to have local scope. These certificates are candidates for removal from the subject certificate group.

OrderedCertGroup (input)

The initial, complete set of certificates from which certificates will be selectively removed.

RETURN VALUE

Returns a certificate group containing those certificates which are verifiable credentials outside of the local system. If the list is NULL, an error has occurred. Use CSSM_GetError to obtain the error code.

ERRORS

CSSM_INVALID_TP_HANDLE

Invalid trust policy handle.

CSSM_INVALID_CL_HANDLE

Invalid certificate library handle.

CSSM_INVALID_DL_HANDLE

Invalid data storage library handle.

CSSM_INVALID_DB_HANDLE

Invalid data store handle.

CSSM_TP_INVALID_CERTIFICATE

Invalid certificate.

CSSM_TP_INVALID_CERT_GROUP

Invalid certificate group.

CSSM_MEMORY_ERROR

Internal memory error.

CSSM_FUNCTION_NOT_IMPLEMENTED

Function not implemented.

SEE ALSO

CSSM_TP_CertGroupConstruct, CSSM_TP_CertVerify

Why not acquire a nicely bound hard copy?
Click here to return to the publication details or order a copy of this publication.
You should also read the legal notice explaining the terms and conditions relating to the CDSA documentation.

Contents Next section Index