[an error occurred while processing this directive]

HP OpenVMS Systems Documentation

Content starts here
HP Open Source Security for OpenVMS Volume 1: Common Data Security Architecture > CDSA API Functions

CL_IsCertInCachedCrl

 » Table of Contents

 » Glossary

 » Index

NAME

CSSM_CL_IsCertInCachedCrl — Search cached CRL for a record (CDSA)

SYNOPSIS

# include <cssm.h>
API:
CSSM_RETURN CSSMAPI CSSM_CL_IsCertInCachedCrl
(CSSM_CL_HANDLE CLHandle,
const CSSM_DATA *Cert,
CSSM_HANDLE CrlHandle,
CSSM_BOOL *CertFound,
CSSM_DATA_PTR CrlRecordIndex)
SPI:
CSSM_RETURN CSSMCLI CL_IsCertInCachedCrl
(CSSM_CL_HANDLE CLHandle,
const CSSM_DATA *Cert,
CSSM_HANDLE CrlHandle,
CSSM_BOOL *CertFound,
CSSM_DATA_PTR CrlRecordIndex)

LIBRARY

Common Security Services Manager library (cdsa$incssm300_shr.exe)

PARAMETERS

CLHandle (input) 

The handle that describes the add-in Certificate Library module used to perform this function.

Cert (input) 

A pointer to the CSSM_DATA structure containing an encoded, packed certificate.

CrlHandle (input)
  

A handle identifying a CRL that the application has temporarily cached with the Certificate Library module. The referenced CRL is searched for a revocation record matching the specified Cert.

CertFound (output)
  

A pointer to a CSSM_BOOL indicating success or failure in finding the specified certificate in the CRL. CSSM_TRUE signifies that the certificate was found in the CRL. CSSM_FALSE indicates that the certificate was not found in the CRL.

CrlRecordIndex (output)
  

A pointer to a CSSM_DATA structure containing an index descriptor for direct access to the located CRL record. CrlRecordIndex->Data is allocated by the service provider and must be deallocated by the application.

DESCRIPTION

This function searches the cached CRL for a record corresponding to the certificate. The result of the search is returned in CertFound. The CRL and the records within the CRL must be digitally signed. This function does not verify either signature. The caller should use CSSM_TP_CrlVerify() or CSSM_CL_CrlVerify() (or their SPI equivalents) before invoking this function. Once the CRL has been verified, the caller can invoke this function repeatedly without repeating the verification process.

If the certificate is found in the CRL, the CL module returns an index descriptor CrlRecordIndex for use with other Certificate Library CRL functions. The index provides more direct access to the selected CRL record.

RETURN VALUE

A CSSM_RETURN value indicating success or specifying a particular error condition. The value CSSM_OK indicates success. All other values represent an error condition.

ERRORS

Errors are described in the CDSA Technical Standard.

CSSMERR_CL_INVALID_CERT_POINTER
CSSMERR_CL_UNKNOWN_FORMAT
CSSMERR_CL_INVALID_CACHE_HANDLE

SEE ALSO

Books

Intel CDSA Application Developer's Guide

Online Help

Functions for the CSSM API:

CSSM_CL_CrlGetFirstCachedFieldValue, CSSM_CL_CrlGetNextCachedFieldValue, CSSM_CL_CrlGetAllCachedRecordField, CSSM_CL_CrlCache, CSSM_CL_CrlAbortCache

Functions for the CLI SPI:

CL_CrlGetFirstCachedFieldValue, CL_CrlGetNextCachedFieldValue, CL_CrlGetAllCachedRecordField, CL_CrlCache, CL_CrlAbortCache