TP_ApplyCrlToDb(3)TP_ApplyCrlToDb(3)NAME
TP_ApplyCrlToDb, CSSM_TP_ApplyCrlToDb - Update persistent storage
(CDSA)
SYNOPSIS
# include <cdsa/cssm.h>
API: CSSM_RETURN CSSMAPI CSSM_TP_ApplyCrlToDb (CSSM_TP_HANDLE TPHandle,
CSSM_CL_HANDLE CLHandle, CSSM_CSP_HANDLE CSPHandle, const
CSSM_ENCODED_CRL *CrlToBeApplied, const CSSM_CERTGROUP *SignerCert‐
Group, const CSSM_TP_VERIFY_CONTEXT *ApplyCrlVerifyContext,
CSSM_TP_VERIFY_CONTEXT_RESULT_PTR ApplyCrlVerifyResult) SPI:
CSSM_RETURN CSSMTPI TP_ApplyCrlToDb (CSSM_TP_HANDLE TPHandle,
CSSM_CL_HANDLE CLHandle, CSSM_CSP_HANDLE CSPHandle, const
CSSM_ENCODED_CRL *CrlToBeApplied, const CSSM_CERTGROUP *SignerCert‐
Group, const CSSM_TP_VERIFY_CONTEXT *ApplyCrlVerifyContext,
CSSM_TP_VERIFY_CONTEXT_RESULT_PTR ApplyCrlVerifyResult)
LIBRARY
Common Security Services Manager library (libcssm.so)
PARAMETERS
The handle that describes the add-in trust policy module used to per‐
form this function. The handle that describes the add-in certificate
library module that can be used to manipulate the CRL as it is applied
to the data store and to manipulate the certificates effected by the
CRL, if required. If no certificate library module is specified, the TP
module uses an assumed CL module, if required. The handle referencing
a Cryptographic Service Provider to be used to verify signatures on the
CRL determining whether to trust the CRL and apply it to the data
store. The TP module is responsible for creating the cryptographic con‐
text structures required to perform the verification operation. If no
CSP is specified, the TP module uses an assumed CSP to perform these
operations. If optional, the caller will set this value to 0. A
pointer to a structure containing the encoded certificate revocation
list to be applied to the data store. The CRL type and encoding are
included in this structure. A pointer to the CSSM_CERTGROUP structure
containing one or more related certificates that partially or fully
represent the signer of the certificate revocation list. The first cer‐
tificate in the group is the target certificate representing the CRL
signer. Use of subsequent certificates is specific to the trust domain.
For example, in a hierarchical trust model subsequent members are
intermediate certificates of a certificate chain. A structure contain‐
ing credentials, policy information, and contextual information to be
used in the verification process. All of the input values in the con‐
text are optional. The service provider can define default values or
can attempt to operate without input for all the other fields of this
input structure. The operation can fail if a necessary input value is
omitted and the service module can not define an appropriate default
value. A pointer to a structure containing information generated dur‐
ing the verification process. The information can include:
Evidence (output/optional)
NumberOfEvidences (output/optional)
DESCRIPTION
This function updates persistent storage to reflect entries in the cer‐
tificate revocation list. The TP module determines whether the memory-
resident CRL is trusted, and if it should be applied to one or more of
the persistent databases. Side effects of this function can include
saving a persistent copy of the CRL in a data store, or removing cer‐
tificate records from a data store.
RETURN VALUE
A CSSM_RETURN value indicating success or specifying a particular error
condition. The value CSSM_OK indicates success. All other values repre‐
sent an error condition.
ERRORS
Errors are described in the CDSA technical standard. See
CDSA_intro(3). CSSMERR_TP_INVALID_CL_HANDLE CSS‐
MERR_TP_INVALID_CSP_HANDLE CSSMERR_TP_INVALID_CRL_TYPE CSS‐
MERR_TP_INVALID_CRL_ENCODING CSSMERR_TP_INVALID_CRL_POINTER CSS‐
MERR_TP_INVALID_CRL CSSMERR_TP_INVALID_CERTGROUP_POINTER CSS‐
MERR_TP_INVALID_CERTGROUP CSSMERR_TP_INVALID_CERTIFICATE CSS‐
MERR_TP_INVALID_ACTION CSSMERR_TP_INVALID_ACTION_DATA CSSMERR_TP_VER‐
IFY_ACTION_FAILED CSSMERR_TP_INVALID_CRLGROUP_POINTER CSS‐
MERR_TP_INVALID_CRLGROUP CSSMERR_TP_INVALID_CRL_AUTHORITY CSS‐
MERR_TP_INVALID_CALLERAUTH_CONTEXT_POINTER CSSMERR_TP_INVALID_POL‐
ICY_IDENTIFIERS CSSMERR_TP_INVALID_TIMESTRING CSS‐
MERR_TP_INVALID_STOP_ON_POLICY CSSMERR_TP_INVALID_CALLBACK CSS‐
MERR_TP_INVALID_ANCHOR_CERT CSSMERR_TP_CERTGROUP_INCOMPLETE CSS‐
MERR_TP_INVALID_DL_HANDLE CSSMERR_TP_INVALID_DB_HANDLE CSS‐
MERR_TP_INVALID_DB_LIST_POINTER CSSMERR_TP_INVALID_DB_LIST CSS‐
MERR_TP_AUTHENTICATION_FAILED CSSMERR_TP_INSUFFICIENT_CREDENTIALS CSS‐
MERR_TP_NOT_TRUSTED CSSMERR_TP_CERT_REVOKED CSSMERR_TP_CERT_SUSPENDED
CSSMERR_TP_CERT_EXPIRED CSSMERR_TP_CERT_NOT_VALID_YET CSS‐
MERR_TP_INVALID_CERT_AUTHORITY CSSMERR_TP_INVALID_SIGNATURE CSS‐
MERR_TP_INVALID_NAME CSSMERR_TP_CERTIFICATE_CANT_OPERATE
SEE ALSO
Books
Intel CDSA Application Developer's Guide (see CDSA_intro(3))
Reference Pages
Functions for the CSSM API:
CSSM_CL_CrlGetFirstItem(3), CSSM_CL_CrlGetNextItem(3), CSSM_DL_CertRe‐
voke(3)
Functions for the TP SPI:
CL_CrlGetFirstItem(3), CL_CrlGetNextItem(3), DL_CertRevoke(3)TP_ApplyCrlToDb(3)
