skip book previous and next navigation links
go up to top of book: HP Open Source Security for OpenVMS Volume 1:... HP Open Source Security for OpenVMS Volume 1:...
go to beginning of reference: API FunctionsAPI Functions
go to previous page: TP_CrlCreateTemplateTP_CrlCreateTemplate
go to next page: TP_FormRequestTP_FormRequest
end of book navigation links


TP_CrlVerify
Library
Description
Errors
 Parameters
Return Value
See Also

NAME

TP_CrlVerify: CSSM_TP_CrlVerify - Verify integrity of the certificate revocation list(CDSA)

SYNOPSIS  

# include <cssm.h>

API:CSSM_RETURN CSSMAPI CSSM_TP_CrlVerify(CSSM_TP_HANDLE TPHandle,CSSM_CL_HANDLE CLHandle,CSSM_CSP_HANDLE CSPHandle,const CSSM_ENCODED_CRL *CrlToBeVerified,const CSSM_CERTGROUP *SignerCertGroup,const CSSM_TP_VERIFY_CONTEXT *VerifyContext,CSSM_TP_VERIFY_CONTEXT_RESULT_PTR RevokerVerifyResult)SPI:CSSM_RETURN CSSMTPI TP_CrlVerify(CSSM_TP_HANDLE TPHandle,CSSM_CL_HANDLE CLHandle,CSSM_CSP_HANDLE CSPHandle,const CSSM_ENCODED_CRL *CrlToBeVerified,const CSSM_CERTGROUP *SignerCertGroup,const CSSM_TP_VERIFY_CONTEXT *VerifyContext,CSSM_TP_VERIFY_CONTEXT_RESULT_PTR RevokerVerifyResult)

return to top LIBRARY  

Common Security Services Manager library (cdsa$incssm300_shr.exe)

return to top PARAMETERS  

TPHandle (input)
 The handle that describes the add-in trust policymodule used to perform this function.
CLHandle (input/optional)
 The handle that describes the add-in certificatelibrary module that can be used to manipulate the certificates tobe verified. If no certificate library module is specified, theTP module uses an assumed CL module, if required.
CSPHandle (input/optional)
 The handle referencing a Cryptographic Service Providerto be used to verify signatures on the signer's certificate andon the CRL. The TP module is responsible for creating the cryptographiccontext structure required to perform the verification operation.If no CSP is specified, the TP module uses an assumed CSP to performthe operations.
CrlToBeVerified (input)
 A pointer to the CSSM_DATA structure containinga signed certificate revocation list to be verified. The CRL typeand encoding are included in this structure.
SignerCertGroup (input)
 A pointer to the CSSM_CERTGROUP structure containingone or more related certificates that paretially or fully representthe signer of the certificate revocation list. The first certificatein the group is the target certificate representing the CRL signer.Use of subsequent certificates is specific to the trust domain.For example, in a hierarchical trust model subsequent members areintermediate certificates of a certificate chain - the caller canspecify additional points of trust represented by anchor certificatesin the VerifyContext. The trust policy modulecan use these additional points of trust in the verification process.
VerifyContext (input/optional)
 A structure containing credentials, policy information,and contextual information to be used in the verification process.All of the input values in the context are optional. The serviceprovider can define default values or can attempt to operate withoutinput for all the other fields of this input structure. The operationcan fail if a necessary input value is omitted and the service modulecan not define an appropriate default value.
RevokerVerifyResult (output/optional)
 A pointer to a structure containing informationgeneration during the verification process. The information caninclude:

Evidence
(output/optional)
NumberOfEvidences
(output/optional)

return to top DESCRIPTION  

This function verifies the integrity of the certificate revocationlist and determines whether it is trusted. The conditions for trustare part of the trust policy module. It can include conditions suchas validity of the signer's certificate, verification of the signatureon the CRL, the identity of the signer, the identity of the senderof the CRL, date the CRL was issued, the effective dates on theCRL, and so on.

The caller can specify additional points of trust representedby anchor certificates in the VerifyContext.The trust policy module can use these additional points of trustin the verification process.

return to top RETURN VALUE  

A CSSM_RETURN value indicating success or specifying a particularerror condition. The value CSSM_OK indicates success. All othervalues represent an error condition.

return to top ERRORS  

Errors are described in the CDSA Technical Standard. 
CSSMERR_TP_INVALID_CL_HANDLECSSMERR_TP_INVALID_CSP_HANDLECSSMERR_TP_INVALID_CRL_TYPECSSMERR_TP_INVALID_CRL_ENCODINGCSSMERR_TP_INVALID_CRL_POINTERCSSMERR_TP_INVALID_CRLCSSMERR_TP_INVALID_CERTGROUP_POINTERCSSMERR_TP_INVALID_CERTGROUPCSSMERR_TP_INVALID_CERTIFICATECSSMERR_TP_INVALID_ACTIONCSSMERR_TP_INVALID_ACTION_DATACSSMERR_TP_VERIFY_ACTION_FAILEDCSSMERR_TP_INVALID_CRLGROUP_POINTERCSSMERR_TP_INVALID_CRLGROUPCSSMERR_TP_INVALID_CRL_AUTHORITYCSSMERR_TP_INVALID_CALLERAUTH_CONTEXT_POINTERCSSMERR_TP_INVALID_POLICY_IDENTIFIERSCSSMERR_TP_INVALID_TIMESTRINGCSSMERR_TP_INVALID_STOP_ON_POLICYCSSMERR_TP_INVALID_CALLBACKCSSMERR_TP_INVALID_ANCHOR_CERTCSSMERR_TP_CERTGROUP_INCOMPLETECSSMERR_TP_INVALID_DL_HANDLECSSMERR_TP_INVALID_DB_HANDLECSSMERR_TP_INVALID_DB_LIST_POINTERCSSMERR_TP_INVALID_DB_LISTCSSMERR_TP_AUTHENTICATION_FAILEDCSSMERR_TP_INSUFFICIENT_CREDENTIALSCSSMERR_TP_NOT_TRUSTEDCSSMERR_TP_CERT_REVOKEDCSSMERR_TP_CERT_SUSPENDEDCSSMERR_TP_CERT_EXPIREDCSSMERR_TP_CERT_NOT_VALID_YETCSSMERR_TP_INVALID_CERT_AUTHORITYCSSMERR_TP_INVALID_SIGNATURECSSMERR_TP_INVALID_NAMECSSMERR_TP_CERTIFICATE_CANT_OPERATE

return to top SEE ALSO  

Books

Intel CDSA Application Developer's Guide

Online Help

Functions for the CSSM API:

CSSM_CL_CrlVerify

Functions for the TP SPI:

CL_CrlVerify

go to previous page: TP_CrlCreateTemplateTP_CrlCreateTemplate
go to next page: TP_FormRequestTP_FormRequest