*nix Documentation Project
·  Home
 +   man pages
·  Linux HOWTOs
·  FreeBSD Tips
·  *niX Forums

  man pages->Tru64 Unix man pages -> TP_CrlSign (3)              
Title
Content
Arch
Section
 

TP_CrlSign(3)

Contents


NAME    [Toc]    [Back]

       TP_CrlSign, CSSM_TP_CrlSign - Determine if signer certificate
 is trusted (CDSA)

SYNOPSIS    [Toc]    [Back]

       # include <cdsa/cssm.h>

       API: CSSM_RETURN CSSMAPI  CSSM_TP_CrlSign  (CSSM_TP_HANDLE
       TPHandle,  CSSM_CL_HANDLE  CLHandle, CSSM_CC_HANDLE CCHandle,
   const   CSSM_ENCODED_CRL   *CrlToBeSigned,    const
       CSSM_CERTGROUP *SignerCertGroup, const CSSM_TP_VERIFY_CONTEXT
       *SignerVerifyContext,       CSSM_TP_VERIFY_CONTEXT_RESULT_PTR
  SignerVerifyResult, CSSM_DATA_PTR SignedCrl)
 SPI: CSSM_RETURN CSSMTPI  TP_CrlSign  (CSSM_TP_HANDLE
       TPHandle,  CSSM_CL_HANDLE  CLHandle, CSSM_CC_HANDLE CCHandle,
   const   CSSM_ENCODED_CRL   *CrlToBeSigned,    const
       CSSM_CERTGROUP *SignerCertGroup, const CSSM_TP_VERIFY_CONTEXT
       *SignerVerifyContext,       CSSM_TP_VERIFY_CONTEXT_RESULT_PTR
  SignerVerifyResult, CSSM_DATA_PTR SignedCrl)


LIBRARY    [Toc]    [Back]

       Common Security Services Manager library (libcssm.so)

PARAMETERS    [Toc]    [Back]

       The handle that describes the add-in trust  policy  module
       used  to perform this function.  The handle that describes
       the add-in certificate library module that can be used  to
       manipulate the certificates to be verified. If no certificate
 library module is specified, the TP  module  uses  an
       assumed CL module, if required.  The handle that describes
       the cryptographic context for signing the CRL.  This  context
 also identifies the cryptographic service provider to
       be used to perform the signing operation. If  this  handle
       is not provided by the caller, the trust policy module can
       assume a default signing algorithm and a default  CSP.  If
       the  trust  policy  module does not assume defaults or the
       default CSP is not available on the local system an  error
       occurs.  A pointer to the CSSM_DATA structure containing a
       certificate revocation list to be signed.   A  pointer  to
       the   CSSM_CERTGROUP  structure  containing  one  or  more
       related certificates that partially or fully represent the
       signer  of the certificate revocation list. The first certificate
 in the group is the target certificate representing
 the CRL signer. Use of subsequent certificates is specific
 to the trust domain. For example, in a  hierarchical
       trust  model  subsequent members are intermediate certificates
 of a certificate chain.  A structure containing credentials,
  policy  information, and contextual information
       to be used in the verification process. All of  the  input
       values  in  the context are optional. The service provider
       can define default values or can attempt to operate  without
  input  for  all the other fields of this input structure.
 The operation can fail if a necessary input value is
       omitted and the service module can not define an appropriate
 default value.  A pointer to  a  structure  containing
       information  generation  during  the verification process.
       The information can include:



              Evidence            .PP (output/optional)
              NumberOfEvidences   .PP (output/optional)
              A pointer to the CSSM_DATA structure containing the
              signed  certificate  revocation  list.  The SignedCrl->Data
 is allocated by the service provider  and
              must be deallocated by the application.

DESCRIPTION    [Toc]    [Back]

       The  TP  module  decides whether the signer certificate is
       trusted to sign the entire  certificate  revocation  list.
       The  signer  certificate  group is first authenticated and
       its applicability to perform this operation is determined.
       Once  the  trust  is established, this operation signs the
       entire certificate  revocation  list.  Individual  records
       within  the  certificate  revocation list were signed when
       they were added to the list. The  caller  must  provide  a
       credential  that permits the caller to use the private key
       for this signing operation.  The credential  can  be  provided
  in  the cryptographic context CCHandle. If CCHandle
       is NULL, the credentials in the SignerVerifyContext  specify
 the credential value.

RETURN VALUE    [Toc]    [Back]

       A  CSSM_RETURN  value  indicating  success or specifying a
       particular error condition. The  value  CSSM_OK  indicates
       success. All other values represent an error condition.

ERRORS    [Toc]    [Back]

       Errors  are described in the CDSA technical standard.  See
       CDSA_intro(3).      CSSMERR_TP_INVALID_CL_HANDLE      CSSMERR_TP_INVALID_CONTEXT_HANDLE
 CSSMERR_TP_INVALID_CRL_TYPE
       CSSMERR_TP_INVALID_CRL_ENCODING                       CSSMERR_TP_INVALID_CRL_POINTER
   CSSMERR_TP_INVALID_CRL  CSSMERR_TP_INVALID_CERTGROUP_POINTER
 CSSMERR_TP_INVALID_CERTGROUP
          CSSMERR_TP_INVALID_CERTIFICATE         CSSMERR_TP_INVALID_ACTION
 CSSMERR_TP_INVALID_ACTION_DATA CSSMERR_TP_VERIFY_ACTION_FAILED
       CSSMERR_TP_INVALID_CRLGROUP_POINTER
       CSSMERR_TP_INVALID_CRLGROUP       CSSMERR_TP_INVALID_CRL_AUTHORITY
   CSSMERR_TP_INVALID_CALLERAUTH_CONTEXT_POINTER
 CSSMERR_TP_INVALID_POLICY_IDENTIFIERS
       CSSMERR_TP_INVALID_TIMESTRING                         CSSMERR_TP_INVALID_STOP_ON_POLICY
 CSSMERR_TP_INVALID_CALLBACK
       CSSMERR_TP_INVALID_ANCHOR_CERT CSSMERR_TP_CERTGROUP_INCOMPLETE
          CSSMERR_TP_INVALID_DL_HANDLE           CSSMERR_TP_INVALID_DB_HANDLE
                             CSSMERR_TP_INVALID_DB_LIST_POINTER
 CSSMERR_TP_INVALID_DB_LIST
       CSSMERR_TP_AUTHENTICATION_FAILED       CSSMERR_TP_INSUFFICIENT_CREDENTIALS
       CSSMERR_TP_NOT_TRUSTED        CSSMERR_TP_CERT_REVOKED
     CSSMERR_TP_CERT_SUSPENDED    CSSMERR_TP_CERT_EXPIRED
  CSSMERR_TP_CERT_NOT_VALID_YET   CSSMERR_TP_INVALID_CERT_AUTHORITY
   CSSMERR_TP_INVALID_SIGNATURE
      CSSMERR_TP_INVALID_NAME      CSSMERR_TP_CERTIFICATE_CANT_OPERATE


SEE ALSO    [Toc]    [Back]

      
      
       Books

       Intel    CDSA    Application    Developer's   Guide   (see
       CDSA_intro(3))

       Reference Pages    [Toc]    [Back]

       Functions for the CSSM API:

       CSSM_CL_CrlSign(3)

       Functions for the TP SPI:

       CL_CrlSign(3)



                                                    TP_CrlSign(3)
[ Back ]
 Similar pages
Name OS Title
TP_CertGroupVerify Tru64 Determine if a certificate is trusted (CDSA)
CSSM_TP_CertGroupVerify Tru64 Determine if a certificate is trusted (CDSA)
CSSM_TP_CertRevoke Tru64 Determine if the revoking certificate group can revoke the subject certificate group (CDSA)
TP_CertRevoke Tru64 Determine if the revoking certificate group can revoke the subject certificate group (CDSA)
CSSM_CL_CertGroupToSignedBundle Tru64 Convert a certificate group to a certificate bundle (CDSA)
CL_CertGroupToSignedBundle Tru64 Convert a certificate group to a certificate bundle (CDSA)
CSSM_TP_CertRemoveFromCrlTemplate Tru64 Determine if the revoking certificate group can remove the subject certificate group from the CRL te...
TP_CertRemoveFromCrlTemplate Tru64 Determine if the revoking certificate group can remove the subject certificate group from the CRL te...
SSL_CTX_set_def_verify_paths Tru64 Sets default file path and file name of trusted CA certificate
CSSM_TP_CertReclaimKey Tru64 Get private key associated with a certificate (CDSA)
Copyright © 2004-2005 DeniX Solutions SRL
newsletter delivery service