CSSM_TP_ApplyCrlToDb man page on DigitalUNIX

Man page or keyword search:  
man Server   12896 pages
apropos Keyword Search (all sections)
Output format
DigitalUNIX logo
[printable version]

TP_ApplyCrlToDb(3)					    TP_ApplyCrlToDb(3)

NAME
       TP_ApplyCrlToDb,	  CSSM_TP_ApplyCrlToDb	-  Update  persistent  storage
       (CDSA)

SYNOPSIS
       # include <cdsa/cssm.h>

       API: CSSM_RETURN CSSMAPI CSSM_TP_ApplyCrlToDb (CSSM_TP_HANDLE TPHandle,
       CSSM_CL_HANDLE	  CLHandle,	CSSM_CSP_HANDLE	   CSPHandle,	 const
       CSSM_ENCODED_CRL	 *CrlToBeApplied,  const  CSSM_CERTGROUP  *SignerCert‐
       Group,	  const	    CSSM_TP_VERIFY_CONTEXT     *ApplyCrlVerifyContext,
       CSSM_TP_VERIFY_CONTEXT_RESULT_PTR      ApplyCrlVerifyResult)	  SPI:
       CSSM_RETURN    CSSMTPI	 TP_ApplyCrlToDb   (CSSM_TP_HANDLE   TPHandle,
       CSSM_CL_HANDLE	 CLHandle,    CSSM_CSP_HANDLE	  CSPHandle,	 const
       CSSM_ENCODED_CRL	 *CrlToBeApplied,  const  CSSM_CERTGROUP  *SignerCert‐
       Group,	  const	    CSSM_TP_VERIFY_CONTEXT     *ApplyCrlVerifyContext,
       CSSM_TP_VERIFY_CONTEXT_RESULT_PTR ApplyCrlVerifyResult)

LIBRARY
       Common Security Services Manager library (libcssm.so)

PARAMETERS
       The  handle  that describes the add-in trust policy module used to per‐
       form this function.  The handle that describes the  add-in  certificate
       library	module that can be used to manipulate the CRL as it is applied
       to the data store and to manipulate the certificates  effected  by  the
       CRL, if required. If no certificate library module is specified, the TP
       module uses an assumed CL module, if required.  The handle  referencing
       a Cryptographic Service Provider to be used to verify signatures on the
       CRL determining whether to trust the CRL	 and  apply  it	 to  the  data
       store. The TP module is responsible for creating the cryptographic con‐
       text structures required to perform the verification operation.	If  no
       CSP  is	specified,  the TP module uses an assumed CSP to perform these
       operations.  If optional, the caller will  set  this  value  to	0.   A
       pointer	to  a  structure containing the encoded certificate revocation
       list to be applied to the data store. The CRL  type  and	 encoding  are
       included	 in this structure.  A pointer to the CSSM_CERTGROUP structure
       containing one or more related certificates  that  partially  or	 fully
       represent the signer of the certificate revocation list. The first cer‐
       tificate in the group is the target certificate	representing  the  CRL
       signer. Use of subsequent certificates is specific to the trust domain.
       For example, in a  hierarchical	trust  model  subsequent  members  are
       intermediate certificates of a certificate chain.  A structure contain‐
       ing credentials, policy information, and contextual information	to  be
       used  in	 the verification process. All of the input values in the con‐
       text are optional. The service provider can define  default  values  or
       can  attempt  to operate without input for all the other fields of this
       input structure. The operation can fail if a necessary input  value  is
       omitted	and  the  service module can not define an appropriate default
       value.  A pointer to a structure containing information generated  dur‐
       ing the verification process. The information can include:

	      Evidence		  (output/optional)
	      NumberOfEvidences	  (output/optional)

DESCRIPTION
       This function updates persistent storage to reflect entries in the cer‐
       tificate revocation list. The TP module determines whether the  memory-
       resident	 CRL is trusted, and if it should be applied to one or more of
       the persistent databases.  Side effects of this	function  can  include
       saving  a  persistent copy of the CRL in a data store, or removing cer‐
       tificate records from a data store.

RETURN VALUE
       A CSSM_RETURN value indicating success or specifying a particular error
       condition. The value CSSM_OK indicates success. All other values repre‐
       sent an error condition.

ERRORS
       Errors  are  described	in   the   CDSA	  technical   standard.	   See
       CDSA_intro(3).		  CSSMERR_TP_INVALID_CL_HANDLE		  CSS‐
       MERR_TP_INVALID_CSP_HANDLE	CSSMERR_TP_INVALID_CRL_TYPE	  CSS‐
       MERR_TP_INVALID_CRL_ENCODING	CSSMERR_TP_INVALID_CRL_POINTER	  CSS‐
       MERR_TP_INVALID_CRL	CSSMERR_TP_INVALID_CERTGROUP_POINTER	  CSS‐
       MERR_TP_INVALID_CERTGROUP      CSSMERR_TP_INVALID_CERTIFICATE	  CSS‐
       MERR_TP_INVALID_ACTION  CSSMERR_TP_INVALID_ACTION_DATA  CSSMERR_TP_VER‐
       IFY_ACTION_FAILED	CSSMERR_TP_INVALID_CRLGROUP_POINTER	  CSS‐
       MERR_TP_INVALID_CRLGROUP	    CSSMERR_TP_INVALID_CRL_AUTHORITY	  CSS‐
       MERR_TP_INVALID_CALLERAUTH_CONTEXT_POINTER      CSSMERR_TP_INVALID_POL‐
       ICY_IDENTIFIERS		 CSSMERR_TP_INVALID_TIMESTRING		  CSS‐
       MERR_TP_INVALID_STOP_ON_POLICY	  CSSMERR_TP_INVALID_CALLBACK	  CSS‐
       MERR_TP_INVALID_ANCHOR_CERT    CSSMERR_TP_CERTGROUP_INCOMPLETE	  CSS‐
       MERR_TP_INVALID_DL_HANDLE       CSSMERR_TP_INVALID_DB_HANDLE	  CSS‐
       MERR_TP_INVALID_DB_LIST_POINTER	   CSSMERR_TP_INVALID_DB_LIST	  CSS‐
       MERR_TP_AUTHENTICATION_FAILED  CSSMERR_TP_INSUFFICIENT_CREDENTIALS CSS‐
       MERR_TP_NOT_TRUSTED  CSSMERR_TP_CERT_REVOKED  CSSMERR_TP_CERT_SUSPENDED
       CSSMERR_TP_CERT_EXPIRED	      CSSMERR_TP_CERT_NOT_VALID_YET	  CSS‐
       MERR_TP_INVALID_CERT_AUTHORITY	 CSSMERR_TP_INVALID_SIGNATURE	  CSS‐
       MERR_TP_INVALID_NAME CSSMERR_TP_CERTIFICATE_CANT_OPERATE

SEE ALSO
       Books

       Intel CDSA Application Developer's Guide (see CDSA_intro(3))

       Reference Pages

       Functions for the CSSM API:

       CSSM_CL_CrlGetFirstItem(3),  CSSM_CL_CrlGetNextItem(3), CSSM_DL_CertRe‐
       voke(3)

       Functions for the TP SPI:

       CL_CrlGetFirstItem(3), CL_CrlGetNextItem(3), DL_CertRevoke(3)

							    TP_ApplyCrlToDb(3)
[top]

List of man pages available for DigitalUNIX

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Tweet
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
....................................................................
Vote for polarhome
Free Shell Accounts :: the biggest list on the net