|
TP_CertRemoveFromCrlTemplate(3)
Contents |
TP_CertRemoveFromCrlTemplate, CSSM_TP_CertRemoveFromCrlTemplate
- Determine if the revoking certificate group can
remove the subject certificate group from the CRL template
(CDSA)
# include <cdsa/cssm.h>
API: CSSM_RETURN CSSMAPI CSSM_TP_CertRemoveFromCrlTemplate
(CSSM_TP_HANDLE TPHandle, CSSM_CL_HANDLE CLHandle,
CSSM_CSP_HANDLE CSPHandle, const CSSM_DATA *OldCrlTemplate,
const CSSM_CERTGROUP *CertGroupToBeRemoved, const
CSSM_CERTGROUP *RevokerCertGroup, const CSSM_TP_VERIFY_CONTEXT
*RevokerVerifyContext, CSSM_TP_VERIFY_CONTEXT_RESULT_PTR
RevokerVerifyResult, CSSM_DATA_PTR NewCrlTemplate)
SPI: CSSM_RETURN CSSMTPI TP_CertRemoveFromCrlTemplate
(CSSM_TP_HANDLE TPHandle, CSSM_CL_HANDLE CLHandle,
CSSM_CSP_HANDLE CSPHandle, const CSSM_DATA *OldCrlTemplate,
const CSSM_CERTGROUP *CertGroupToBeRemoved,
const CSSM_CERTGROUP *RevokerCertGroup, const CSSM_TP_VERIFY_CONTEXT
*RevokerVerifyContext, CSSM_TP_VERIFY_CONTEXT_RESULT_PTR
RevokerVerifyResult, CSSM_DATA_PTR NewCrlTemplate)
Common Security Services Manager library (libcssm.so)
The handle that describes the add-in trust policy module
used to perform this function. The handle that describes
the add-in certificate library module used to perform this
function. The handle that describes the add-in cryptographic
service provider module used to perform this function.
A pointer to the CSSM_DATA structure containing an
existing certificate revocation list. If this input is
NULL, a new list is created or the operation fails. A
group of one or more certificates to be removed from the
the CRL template. A group of one or more certificates
that partially or fully represent the revoking entity for
this operation. The first certificate in the group is the
target certificate representing the revoker. The use of
subsequent certificates is specific to the trust domain.
A structure containing policy elements useful in verifying
certificates and their use with respect to a security policy.
Optional elements in the verify context left unspecified
will cause the internal default values to be used.
Default values are specified in the TP module vendor
release documents. This context is used to verify the
revoker certificate group. A pointer to a structure containing
information generated during the verification process.
The information can include:
Evidence .PP (output/optional)
NumberOfEvidences .PP (output/optional)
A pointer to the CSSM_DATA structure containing the
updated certificate revocation list. If the pointer
is NULL, an error has occurred.
The TP module determines whether the revoking certificate
group can remove the subject certificate group from the
CRL template. The revoker certificate group is first
authenticated and its applicability to perform this operation
is determined. Once the trust is established, the TP
removes the certificates from the CRL template.
A CSSM_RETURN value indicating success or specifying a
particular error condition. The value CSSM_OK indicates
success. All other values represent an error condition.
Errors are described in the CDSA technical standard. See
CDSA_intro(3). CSSMERR_TP_INVALID_CL_HANDLE CSSMERR_TP_INVALID_CSP_HANDLE
CSSMERR_TP_INVALID_CRL_POINTER
CSSMERR_TP_INVALID_CRL CSSMERR_TP_UNKNOWN_FORMAT CSSMERR_TP_CRL_ALREADY_SIGNED
CSSMERR_TP_INVALID_CERTGROUP_POINTER
CSSMERR_TP_INVALID_CERTGROUP CSSMERR_TP_INVALID_CERTIFICATE
CSSMERR_TP_INVALID_ACTION CSSMERR_TP_INVALID_ACTION_DATA
CSSMERR_TP_VERIFY_ACTION_FAILED
CSSMERR_TP_INVALID_CRLGROUP_POINTER CSSMERR_TP_INVALID_CRLGROUP
CSSMERR_TP_INVALID_CRL_AUTHORITY
CSSMERR_TP_INVALID_CALLERAUTH_CONTEXT_POINTER CSSMERR_TP_INVALID_POLICY_IDENTIFIERS
CSSMERR_TP_INVALID_TIMESTRING
CSSMERR_TP_INVALID_STOP_ON_POLICY
CSSMERR_TP_INVALID_CALLBACK CSSMERR_TP_INVALID_ANCHOR_CERT
CSSMERR_TP_CERTGROUP_INCOMPLETE
CSSMERR_TP_INVALID_DL_HANDLE CSSMERR_TP_INVALID_DB_HANDLE
CSSMERR_TP_INVALID_DB_LIST_POINTER
CSSMERR_TP_INVALID_DB_LIST
CSSMERR_TP_AUTHENTICATION_FAILED CSSMERR_TP_INSUFFICIENT_CREDENTIALS
CSSMERR_TP_NOT_TRUSTED CSSMERR_TP_CERT_REVOKED
CSSMERR_TP_CERT_SUSPENDED CSSMERR_TP_CERT_EXPIRED
CSSMERR_TP_CERT_NOT_VALID_YET CSSMERR_TP_INVALID_CERT_AUTHORITY
CSSMERR_TP_INVALID_SIGNATURE
CSSMERR_TP_INVALID_NAME CSSMERR_TP_CERTIFICATE_CANT_OPERATE
Books
Intel CDSA Application Developer's Guide (see
CDSA_intro(3))
Reference Pages [Toc] [Back]
Functions for the CSSM API:
CSSM_CL_CrlAddCert(3)
Functions for the TP SPI:
CL_CrlAddCert(3)
TP_CertRemoveFromCrlTemplate(3)
[ Back ] |