Index Index for
Section 3
Index Alphabetical
listing for C
Bottom of page Bottom of
page		 

CL_CrlAddCert(3)


NAME

  CL_CrlAddCert, CSSM_CL_CrlAddCert - Revoke an input certificate (CDSA)


SYNOPSIS

  # include <cdsa/cssm.h>

       API:
       CSSM_RETURN CSSMAPI CSSM_CL_CrlAddCert
       (CSSM_CL_HANDLE CLHandle,
       CSSM_CC_HANDLE CCHandle,
       const CSSM_DATA *Cert,
       uint32 NumberOfFields,
       const CSSM_FIELD *CrlEntryFields,
       const CSSM_DATA *OldCrl,
       CSSM_DATA_PTR NewCrl)
       SPI:
       CSSM_RETURN CSSMCLI CL_CrlAddCert
       (CSSM_CL_HANDLE CLHandle,
       CSSM_CC_HANDLE CCHandle,
       const CSSM_DATA *Cert,
       uint32 NumberOfFields,
       const CSSM_FIELD *CrlEntryFields,
       const CSSM_DATA *OldCrl,
       CSSM_DATA_PTR NewCrl)


LIBRARY

  Common Security Services Manager library (libcssm.so)


PARAMETERS

  CLHandle (input)
	  The handle that describes the add-in certificate library module
	  used to perform this function.

  CCHandle (input)
	  The handle that describes the context of this cryptographic
	  operation.

  Cert (input)
	  A pointer to the CSSM_DATA structure containing the certificate to
	  be revoked.

  NumberOfFields (input)
	  The number of OID/value pairs specified in the CrlEntryFields input
	  parameter.

  CrlEntryFields (input)
	  An array of OID/value pairs specifying the initial values for
	  descriptive data fields of the new CRL entry.

  OldCrl (input)
	  A pointer to the CSSM_DATA structure containing the CRL to which
	  the newly revoked certificate will be added.

  NewCrl (output)
	  A pointer to the CSSM_DATA structure containing the updated CRL.
	  The NewCrl->Data is allocated by the service provider and must be
	  deallocated by the application.


DESCRIPTION

  This function revokes the input certificate by adding a record representing
  the certificate to the CRL. The values for the new entry in the CRL are
  specified by the list of OID/value input pairs. The reason for revocation
  is a typical value specified in the list. The new CRL entry is signed using
  the private key and signing algorithm specified in the CCHandle.

  The CCHandle must be a context created using the function
  CSSM_CSP_CreateSignatureContext() (CSSM API), or
  CSP_CreateSignatureContext() (CL SPI). The context must specify the
  Cryptographic Services Provider (CSP) module, the signing algorithm, and
  the signing key that must be used to perform this operation. The context
  must also provide the passphrase or a callback function to obtain the
  passphrase required to access and use the private key.

  The operation is valid only if the CRL has not been closed by the process
  of signing the CRL, by calling CSSM_CL_CrlSign() (CSSM API), or
  CL_CrlSign() (CL SPI). Once the CRL has been signed, entries cannot be
  added or removed.


RETURN VALUE

  A CSSM_RETURN value indicating success or specifying a particular error
  condition. The value CSSM_OK indicates success. All other values represent
  an error condition.


ERRORS

  Errors are described in the CDSA technical standard.	See CDSA_intro(3).

       CSSMERR_CL_INVALID_CONTEXT_HANDLE
       CSSMERR_CL_INVALID_CERT_POINTER
       CSSMERR_CL_UNKNOWN_FORMAT
       CSSMERR_CL_INVALID_FIELD_POINTER
       CSSMERR_CL_UNKNOWN_TAG
       CSSMERR_CL_INVALID_NUMBER_OF_FIELDS
       CSSMERR_CL_INVALID_CRL_POINTER
       CSSMERR_CL_CRL_ALREADY_SIGNED


SEE ALSO

  Books

  Intel CDSA Application Developer's Guide (see CDSA_intro(3))

  Reference Pages

  Functions for the CSSM API:

  CSSM_CL_CrlRemoveCert(3)

  Functions for the CLI SPI:

  CL_CrlRemoveCert(3)

Index Index for
Section 3
Index Alphabetical
listing for C
Top of page Top of
page