TP_ApplyCrlToDb
» Table of Contents |  | | » Glossary | | | » Index | | |
| | |
| ||
| ||
SYNOPSIS
# include <cssm.h>
|
|
|
PARAMETERS
| TPHandle (input) | The handle that describes the add-in trust policy module used to perform this function. | |||||
| CLHandle (input/optional) | ||||||
The handle that describes the add-in certificate library module that can be used to manipulate the CRL as it is applied to the data store and to manipulate the certificates effected by the CRL, if required. If no certificate library module is specified, the TP module uses an assumed CL module, if required. | ||||||
| CSPHandle (input/optional) | ||||||
The handle referencing a Cryptographic Service Provider to be used to verify signatures on the CRL determining whether to trust the CRL and apply it to the data store. The TP module is responsible for creating the cryptographic context structures required to perform the verification operation. If no CSP is specified, the TP module uses an assumed CSP to perform these operations. If optional, the caller will set this value to 0. | ||||||
| CrlToBeApplied (input) | ||||||
A pointer to a structure containing the encoded certificate revocation list to be applied to the data store. The CRL type and encoding are included in this structure. | ||||||
| SignerCertGroup (input) | ||||||
A pointer to the CSSM_CERTGROUP structure containing one or more related certificates that partially or fully represent the signer of the certificate revocation list. The first certificate in the group is the target certificate representing the CRL signer. Use of subsequent certificates is specific to the trust domain. For example, in a hierarchical trust model, subsequent members are intermediate certificates of a certificate chain. | ||||||
| ApplyCrlVerifyContext (input/optional) | ||||||
A structure containing credentials, policy information, and contextual information to be used in the verification process. All of the input values in the context are optional. The service provider can define default values or can attempt to operate without input for all the other fields of this input structure. The operation can fail if a necessary input value is omitted and the service module can not define an appropriate default value. | ||||||
| ApplyCrlVerifyResult (output/optional) | ||||||
A pointer to a structure containing information generated during the verification process. The information can include:
| ||||||
DESCRIPTION
This function updates persistent storage to reflect entries in the certificate revocation list. The TP module determines whether the memory-resident CRL is trusted, and if it should be applied to one or more of the persistent databases. Side effects of this function can include saving a persistent copy of the CRL in a data store, or removing certificate records from a data store.
RETURN VALUE
A CSSM_RETURN value indicating success or specifying a particular error condition. The value CSSM_OK indicates success. All other values represent an error condition.
ERRORS
Errors are described in the CDSA Technical Standard.
|
|
|