CSSM_TP_CertRevoke
CSSM_DATA_PTR CSSMAPI CSSM_TP_CertRevoke
(CSSM_TP_HANDLE TPHandle,
CSSM_CL_HANDLE CLHandle,
CSSM_CC_HANDLE CCHandle,
const CSSM_DL_DB_LIST_PTR DBList,
const CSSM_DATA_PTR OldCrl,
CSSM_CERTGROUP_PTR CertToBeRevoked,
CSSM_CERTGROUP_PTR RevokerCertGroup,
const CSSM_VERIFYCONTEXT_PTR RevokerVerifyContext,
CSSM_REVOKE_REASON Reason);
This function updates a certificate revocation list. The TP module determines whether the revoking certificate can revoke the target certificates. If authorized, one or more records are added to the CRL and returned to the caller.
- TPHandle (input)
The handle that describes the add-in trust policy module used to perform this function.
- CLHandle (input/optional)
The handle that describes the add-in certificate library module that can be used to manipulate the certificates targeted for revocation and the revoker's certificates. If no certificate library module is specified, the TP module uses an assumed CL module, if required.
- CCHandle (input/optional)
The handle that describes the cryptographic context for signing the CRL record. This context also identifies the cryptographic service provider to be used to perform the signing operation. If this handle is not provided by the caller, the trust policy module can assume a default signing algorithm and a default CSP. If the trust policy module does not assume defaults or the default CSP is not available on the local system an error occurs.
- DBList (input/optional)
A list of handle pairs specifying a data storage library module and a data store managed by that module. These data stores can be used to store or retrieve objects (such as certificate and CRLs) related to the subject certificate and revoker's certificate. If no DL and DB handle pairs are specified, the TP module can use an assumed DL module and an assumed data store, if required.
- OldCrl (input/optional)
A pointer to the CSSM_DATA structure containing an existing certificate revocation list. If this input is NULL, a new list is created.
- CertGroupToBeRevoked (input)
A pointer to the CSSM_CERTGROUP structure containing one or more related certificates to be revoked.
- RevokerCertGroup (input)
A pointer to the CSSM_CERTGROUP structure containing the certificate used to revoke the target certificates.
- RevokerVerifyContext (input)
A structure containing policy elements useful in verifying certificates and their use with respect to a security policy. Optional elements in the verify context left unspecified will cause the internal default values to be used. Default values are specified in the TP module vendor release documents. This context is used to verify the revoker certificate group.
- Reason (input/optional)
The reason for revoking the target certificates.
A pointer to the CSSM_DATA structure containing the updated certificate revocation list. If the pointer is NULL, an error has occurred. Use CSSM_GetError to obtain the error code.
- CSSM_TP_INVALID_CRL
Invalid CRL.
- CSSM_TP_INVALID_CERTIFICATE
Invalid certificate.
- CSSM_TP_CERTIFICATE_CANT_OPERATE
Revoker certificate can't revoke subject.
- CSSM_TP_MEMORY_ERROR
Error in allocating memory.
- CSSM_TP_CERT_REVOKE_FAIL
Unable to revoke certificate.
- CSSM_INVALID_TP_HANDLE
Invalid handle.
- CSSM_INVALID_CL_HANDLE
Invalid handle.
- CSSM_INVALID_DL_HANDLE
Invalid handle.
- CSSM_INVALID_DB_HANDLE
Invalid handle.
- CSSM_INVALID_CSP_HANDLE
Invalid handle.
- CSSM_FUNCTION_NOT_IMPLEMENTED
Function not implemented.
CSSM_CL_CrlAddCert
Contents | Next section | Index |