|
|
Library Description Errors | Parameters Return Value See Also |
API:CSSM_RETURN CSSMAPI CSSM_TP_CrlVerify(CSSM_TP_HANDLE TPHandle,CSSM_CL_HANDLE CLHandle,CSSM_CSP_HANDLE CSPHandle,const CSSM_ENCODED_CRL *CrlToBeVerified,const CSSM_CERTGROUP *SignerCertGroup,const CSSM_TP_VERIFY_CONTEXT *VerifyContext,CSSM_TP_VERIFY_CONTEXT_RESULT_PTR RevokerVerifyResult)SPI:CSSM_RETURN CSSMTPI TP_CrlVerify(CSSM_TP_HANDLE TPHandle,CSSM_CL_HANDLE CLHandle,CSSM_CSP_HANDLE CSPHandle,const CSSM_ENCODED_CRL *CrlToBeVerified,const CSSM_CERTGROUP *SignerCertGroup,const CSSM_TP_VERIFY_CONTEXT *VerifyContext,CSSM_TP_VERIFY_CONTEXT_RESULT_PTR RevokerVerifyResult)
cdsa$incssm300_shr.exe
)TPHandle (input) | ||||||
The handle that describes the add-in trust policymodule used to perform this function. | ||||||
CLHandle (input/optional) | ||||||
The handle that describes the add-in certificatelibrary module that can be used to manipulate the certificates tobe verified. If no certificate library module is specified, theTP module uses an assumed CL module, if required. | ||||||
CSPHandle (input/optional) | ||||||
The handle referencing a Cryptographic Service Providerto be used to verify signatures on the signer's certificate andon the CRL. The TP module is responsible for creating the cryptographiccontext structure required to perform the verification operation.If no CSP is specified, the TP module uses an assumed CSP to performthe operations. | ||||||
CrlToBeVerified (input) | ||||||
A pointer to the CSSM_DATA structure containinga signed certificate revocation list to be verified. The CRL typeand encoding are included in this structure. | ||||||
SignerCertGroup (input) | ||||||
A pointer to the CSSM_CERTGROUP structure containingone or more related certificates that paretially or fully representthe signer of the certificate revocation list. The first certificatein the group is the target certificate representing the CRL signer.Use of subsequent certificates is specific to the trust domain.For example, in a hierarchical trust model subsequent members areintermediate certificates of a certificate chain - the caller canspecify additional points of trust represented by anchor certificatesin the VerifyContext . The trust policy modulecan use these additional points of trust in the verification process. | ||||||
VerifyContext (input/optional) | ||||||
A structure containing credentials, policy information,and contextual information to be used in the verification process.All of the input values in the context are optional. The serviceprovider can define default values or can attempt to operate withoutinput for all the other fields of this input structure. The operationcan fail if a necessary input value is omitted and the service modulecan not define an appropriate default value. | ||||||
RevokerVerifyResult (output/optional) | ||||||
A pointer to a structure containing informationgeneration during the verification process. The information caninclude:
|
The caller can specify additional points of trust representedby anchor certificates in the VerifyContext
.The trust policy module can use these additional points of trustin the verification process.
CSSMERR_TP_INVALID_CL_HANDLECSSMERR_TP_INVALID_CSP_HANDLECSSMERR_TP_INVALID_CRL_TYPECSSMERR_TP_INVALID_CRL_ENCODINGCSSMERR_TP_INVALID_CRL_POINTERCSSMERR_TP_INVALID_CRLCSSMERR_TP_INVALID_CERTGROUP_POINTERCSSMERR_TP_INVALID_CERTGROUPCSSMERR_TP_INVALID_CERTIFICATECSSMERR_TP_INVALID_ACTIONCSSMERR_TP_INVALID_ACTION_DATACSSMERR_TP_VERIFY_ACTION_FAILEDCSSMERR_TP_INVALID_CRLGROUP_POINTERCSSMERR_TP_INVALID_CRLGROUPCSSMERR_TP_INVALID_CRL_AUTHORITYCSSMERR_TP_INVALID_CALLERAUTH_CONTEXT_POINTERCSSMERR_TP_INVALID_POLICY_IDENTIFIERSCSSMERR_TP_INVALID_TIMESTRINGCSSMERR_TP_INVALID_STOP_ON_POLICYCSSMERR_TP_INVALID_CALLBACKCSSMERR_TP_INVALID_ANCHOR_CERTCSSMERR_TP_CERTGROUP_INCOMPLETECSSMERR_TP_INVALID_DL_HANDLECSSMERR_TP_INVALID_DB_HANDLECSSMERR_TP_INVALID_DB_LIST_POINTERCSSMERR_TP_INVALID_DB_LISTCSSMERR_TP_AUTHENTICATION_FAILEDCSSMERR_TP_INSUFFICIENT_CREDENTIALSCSSMERR_TP_NOT_TRUSTEDCSSMERR_TP_CERT_REVOKEDCSSMERR_TP_CERT_SUSPENDEDCSSMERR_TP_CERT_EXPIREDCSSMERR_TP_CERT_NOT_VALID_YETCSSMERR_TP_INVALID_CERT_AUTHORITYCSSMERR_TP_INVALID_SIGNATURECSSMERR_TP_INVALID_NAMECSSMERR_TP_CERTIFICATE_CANT_OPERATE
Intel CDSA Application Developer's Guide
Functions for the CSSM API:
CSSM_CL_CrlVerify
Functions for the TP SPI:
CL_CrlVerify
|
|