Previous section.

Common Security: CDSA and CSSM
Copyright © 1997 The Open Group

NAME

TP_CertRevoke

SYNOPSIS

CSSM_DATA_PTR CSSMTPI TP_CertRevoke
    (CSSM_TP_HANDLE TPHandle,
    CSSM_CL_HANDLE CLHandle,
    CSSM_CC_HANDLE CCHandle,
    const CSSM_DL_DB_LIST_PTR DBList,
    const CSSM_DATA_PTR OldCrl,
    CSSM_CERTGROUP_PTR CertGroupToBeRevoked,
    CSSM_CERTGROUP_PTR RevokerCertGroup,
    const CSSM_VERIFYCONTEXT_PTR RevokerVerifyContext,
    CSSM_REVOKE_REASON Reason)

DESCRIPTION

The TP module determines whether the revoking certificate group can revoke the subject certificate group. The revoker certificate group is first authenticated and its applicability to perform this operation is determined. Once the trust is established, the TP revokes the subject certificate by adding it to the certificate revocation list. The revoker certificate and passphrase is used to sign the resultant CRL record.

PARAMETERS

TPHandle (input)

The handle that describes the add-in trust policy module used to perform this function.

CLHandle (input/optional)

The handle that describes the add-in certificate library module used to perform this function.

CCHandle (input/optional)

The handle that describes the cryptographic context for signing the CRL record. This context also identifies the cryptographic service provider to be used to perform the signing operation. If this handle is not provided by the caller, the trust policy module can assume a default signing algorithm and a default CSP. If the trust policy module does not assume defaults or the default CSP is not available on the local system an error occurs.

DBList (input/optional)

A list of certificate databases containing certificates that may be used to construct the trust structure of the subject and revoker certificate group.

OldCrl (input/optional)

A pointer to the CSSM_DATA structure containing an existing certificate revocation list. If this input is NULL, a new list is created or the operation fails.

CertToBeRevoked (input)

A group of one or more certificates that partially or fully represent the certificate to be revoked by this operation. The first certificate in the group is the target certificate. The use of subsequent certificates is specific to the trust domain. For example, in a hierarchical trust model subsequent members are intermediate certificates of a certificate chain.

RevokerCertGroup (input)

A group of one or more certificates that partially or fully represent the revoking entity for this operation. The first certificate in the group is the target certificate representing the revoker. The use of subsequent certificates is specific to the trust domain.

RevokerVerifyContext (input)

A structure containing policy elements useful in verifying certificates and their use with respect to a security policy. Optional elements in the verify context left unspecified will cause the internal default values to be used. Default values are specified in the TP module vendor release documents. This context is used to verify the revoker certificate group.

Reason (input/optional)

The reason for revoking the subject certificate.

RETURN VALUE

A pointer to the CSSM_DATA structure containing the updated certificate revocation list. If the pointer is NULL, an error has occurred. This function can also return errors specific to CSP, CL and DL modules.

ERRORS

CSSM_TP_INVALID_CRL

Invalid CRL.

CSSM_TP_INVALID_CERTIFICATE

Invalid certificate.

CSSM_TP_CERTIFICATE_CANT_OPERATE

Revoker certificate can't revoke subject.

CSSM_TP_MEMORY_ERROR

Error in allocating memory.

CSSM_TP_CERT_REVOKE_FAIL

Unable to revoke certificate.

CSSM_INVALID_TP_HANDLE

Invalid handle.

CSSM_INVALID_CL_HANDLE

Invalid handle.

CSSM_INVALID_DL_HANDLE

Invalid handle.

CSSM_INVALID_DB_HANDLE

Invalid handle.

CSSM_INVALID_CSP_HANDLE

Invalid handle.

CSSM_FUNCTION_NOT_IMPLEMENTED

Function not implemented.

SEE ALSO

CSSM_CL_CrlAddCert

Why not acquire a nicely bound hard copy?
Click here to return to the publication details or order a copy of this publication.
You should also read the legal notice explaining the terms and conditions relating to the CDSA documentation.

Contents Next section Index