skip book previous and next navigation links
go up to top of book: HP Open Source Security for OpenVMS Volume 1:... HP Open Source Security for OpenVMS Volume 1:...
go to beginning of reference: API FunctionsAPI Functions
go to previous page: TP_CertRemoveFromCrlTemplateTP_CertRemoveFromCrlTemplate
go to next page: TP_CertSignTP_CertSign
end of book navigation links


TP_CertRevoke
Library
Description
Errors
 Parameters
Return Value
See Also

NAME

TP_CertRevoke: CSSM_TP_CertRevoke - Determine if the revoking certificate group can revokethe subject certificate group (CDSA)

SYNOPSIS  

# include <cssm.h>

API:CSSM_RETURN CSSMAPI CSSM_TP_CertRevoke(CSSM_TP_HANDLE TPHandle,CSSM_CL_HANDLE CLHandle,CSSM_CSP_HANDLE CSPHandle,const CSSM_DATA *OldCrlTemplate,const CSSM_CERTGROUP *CertGroupToBeRevoked,const CSSM_CERTGROUP *RevokerCertGroup,const CSSM_TP_VERIFY_CONTEXT *RevokerVerifyContext,CSSM_TP_VERIFY_CONTEXT_RESULT_PTR RevokerVerifyResult,CSSM_TP_CERTCHANGE_REASON Reason,CSSM_DATA_PTR NewCrlTemplate)SPI:CSSM_RETURN CSSMTPI TP_CertRevoke(CSSM_TP_HANDLE TPHandle,CSSM_CL_HANDLE CLHandle,CSSM_CSP_HANDLE CSPHandle,const CSSM_DATA *OldCrlTemplate,const CSSM_CERTGROUP *CertGroupToBeRevoked,const CSSM_CERTGROUP *RevokerCertGroup,const CSSM_TP_VERIFY_CONTEXT *RevokerVerifyContext,CSSM_TP_VERIFY_CONTEXT_RESULT_PTR RevokerVerifyResult,CSSM_TP_CERTCHANGE_REASON Reason,CSSM_DATA_PTR NewCrlTemplate)

return to top LIBRARY  

Common Security Services Manager library (cdsa$incssm300_shr.exe)

return to top PARAMETERS  

TPHandle (input)
 The handle that describes the add-in trust policymodule used to perform this function.
CLHandle (input/optional)
 The handle that describes the add-in certificatelibrary module used to perform this function.
CSPHandle (input/optional)
 The handle that describes the add-in CryptographicService Provider module used to perform this function.
OldCrlTemplate (input/optional)
 A pointer to the CSSM_DATA structure containingan existing certificate revocation list. If this input is NULL,a new list is created or the operation fails.
CertGroupToBeRevoked (input)
 A group of one or more certificates that partiallyor fully represent the certificate to be revoked by this operation.The first certificate in the group is the target certificate. Theuse of subsequent certificates is specific to the trust domain.For example, in a hierarchical trust model subsequent members areintermediate certificates of a certificate chain.
RevokerCertGroup (input)
 A group of one or more certificates that partiallyor fully represent the revoking entity for this operation. The firstcertificate in the group is the target certificate representingthe revoker. The use of subsequent certificates is specific to thetrust domain.
RevokerVerifyContext (input)
 A structure containing policy elements useful inverifying certificates and their use with respect to a securitypolicy. Optional elements in the verify context left unspecifiedwill cause the internal default values to be used. Default valuesare specified in the TP module vendor release documents. This contextis used to verify the revoker certificate group.
RevokerVerifyResult (output/optional)
 A pointer to a structure containing informationgenerated during the verification process. The information can include:

Evidence
(output/optional)
NumberOfEvidences
(output/optional)

Reason (input/optional)
 The reason for revoking the subject certificate.
NewCrlTemplate (output/optional)
 A pointer to the CSSM_DATA structure containingthe updated certificate revocation list. If the pointer is NULL,an error has occurred.

return to top DESCRIPTION  

The TP module determines whether the revoking certificategroup can revoke the subject certificate group. The revoker certificategroup is first authenticated and its applicability to perform thisoperation is determined. Once the trust is established, the TP revokesthe subject certificate by adding it to the certificate revocationlist.

return to top RETURN VALUE  

A CSSM_RETURN value indicating success or specifying a particularerror condition. The value CSSM_OK indicates success. All othervalues represent an error condition.

return to top ERRORS  

Errors are described in the CDSA Technical Standard. 
CSSMERR_TP_INVALID_CL_HANDLECSSMERR_TP_INVALID_CSP_HANDLECSSMERR_TP_INVALID_CRL_POINTERCSSMERR_TP_INVALID_CRLCSSMERR_TP_UNKNOWN_FORMATCSSMERR_TP_CRL_ALREADY_SIGNEDCSSMERR_TP_INVALID_CERTGROUP_POINTERCSSMERR_TP_INVALID_CERTGROUPCSSMERR_TP_INVALID_CERTIFICATECSSMERR_TP_INVALID_ACTIONCSSMERR_TP_INVALID_ACTION_DATACSSMERR_TP_VERIFY_ACTION_FAILEDCSSMERR_TP_INVALID_CRLGROUP_POINTERCSSMERR_TP_INVALID_CRLGROUPCSSMERR_TP_INVALID_CRL_AUTHORITYCSSMERR_TP_INVALID_CALLERAUTH_CONTEXT_POINTERCSSMERR_TP_INVALID_POLICY_IDENTIFIERSCSSMERR_TP_INVALID_TIMESTRINGCSSMERR_TP_INVALID_STOP_ON_POLICYCSSMERR_TP_INVALID_CALLBACKCSSMERR_TP_INVALID_ANCHOR_CERTCSSMERR_TP_CERTGROUP_INCOMPLETECSSMERR_TP_INVALID_DL_HANDLECSSMERR_TP_INVALID_DB_HANDLECSSMERR_TP_INVALID_DB_LIST_POINTERCSSMERR_TP_INVALID_DB_LISTCSSMERR_TP_AUTHENTICATION_FAILEDCSSMERR_TP_INSUFFICIENT_CREDENTIALSCSSMERR_TP_NOT_TRUSTEDCSSMERR_TP_CERT_REVOKEDCSSMERR_TP_CERT_SUSPENDEDCSSMERR_TP_CERT_EXPIREDCSSMERR_TP_CERT_NOT_VALID_YETCSSMERR_TP_INVALID_CERT_AUTHORITYCSSMERR_TP_INVALID_SIGNATURECSSMERR_TP_INVALID_NAMECSSMERR_TP_CERTIFICATE_CANT_OPERATECSSMERR_TP_INVALID_REASON

return to top SEE ALSO  

Books

Intel CDSA Application Developer's Guide

Online Help

Functions for the CSSM API:

CSSM_CL_CrlAddCert

Functions for the TP SPI:

CL_CrlAddCert

go to previous page: TP_CertRemoveFromCrlTemplateTP_CertRemoveFromCrlTemplate
go to next page: TP_CertSignTP_CertSign