CSSM_TP_CertGroupPrune man page on DigitalUNIX

Man page or keyword search:  
man Server   12896 pages
apropos Keyword Search (all sections)
Output format
DigitalUNIX logo
[printable version]

TP_CertGroupPrune(3)					  TP_CertGroupPrune(3)

NAME
       TP_CertGroupPrune,   CSSM_TP_CertGroupPrune  -  Remove  locally	issued
       anchor certificates (CDSA)

SYNOPSIS
       # include <cdsa/cssm.h>

       API: CSSM_RETURN CSSMAPI CSSM_TP_CertGroupPrune (CSSM_TP_HANDLE	TPHan‐
       dle,  CSSM_CL_HANDLE  CLHandle,	const  CSSM_DL_DB_LIST	*DBList, const
       CSSM_CERTGROUP *OrderedCertGroup, CSSM_CERTGROUP_PTR  *PrunedCertGroup)
       SPI:  CSSM_RETURN  CSSMTPI  TP_CertGroupPrune (CSSM_TP_HANDLE TPHandle,
       CSSM_CL_HANDLE	CLHandle,   const   CSSM_DL_DB_LIST   *DBList,	 const
       CSSM_CERTGROUP *OrderedCertGroup, CSSM_CERTGROUP_PTR *PrunedCertGroup)

LIBRARY
       Common Security Services Manager library (libcssm.so)

PARAMETERS
       The  handle  to the trust policy module to perform this operation.  The
       handle to the certificate library module that can be used to manipulate
       and parse the certgroup certificates and the certificates in the speci‐
       fied data stores. If no certificate library module is specified, the TP
       module  uses an assumed CL module.  A list of handle pairs specifying a
       data storage library module and a data store,  identifying  certificate
       databases containing certificates (and possibly other security objects)
       that are managed by that module.	 The  data  stores  are	 searched  for
       anchor  certificates restricted to have local scope. These certificates
       are candidates for removal from the  subject  certificate  group.   The
       initial	complete  set of semantically-related certificates - for exam‐
       ple, the	 result	 of  a	CSSM_TP_CertGroupConstruct()  (CSSM  API),  or
       TP_CertGroupConstruct()	(TP  SPI), call - from which certificates will
       be selectively removed.	A pointer to a	certificate  group  containing
       those  certificates  which  are	verifiable  credentials outside of the
       local system. The CSSM_CERTGROUP and its substructure is	 allocated  by
       the service provider and must be deallocated by the application.

DESCRIPTION
       This  function  removes	any  locally issued anchor certificates from a
       constructed certificate group. The prune	 operation  can	 remove	 those
       certificates  that have been signed by any local certificate authority,
       as it is possible that these certificates will  not  be	meaningful  on
       other systems.

       This  operation	can  also  remove  additional certificates that can be
       added to the certificate group again  using  the	 CSSM_TP_CertGroupCon‐
       struct()	 (CSSM	API),  or TP_CertGroupConstruct() (TP SPI), operation.
       The pruned certificate group should be suitable for export to  external
       hosts/entities,	which  can in turn reconstruct and verify the certifi‐
       cate group.

       The DBList parameter specifies a set of data stores containing certifi‐
       cates that should be pruned from the group.

RETURN VALUE
       A CSSM_RETURN value indicating success or specifying a particular error
       condition. The value CSSM_OK indicates success. All other values repre‐
       sent an error condition.

ERRORS
       Errors	are   described	  in   the   CDSA   technical  standard.   See
       CDSA_intro(3).  CSSMERR_TP_INVALID_CL_HANDLE CSSMERR_TP_INVALID_DL_HAN‐
       DLE   CSSMERR_TP_INVALID_DB_HANDLE   CSSMERR_TP_INVALID_DB_LIST_POINTER
       CSSMERR_TP_INVALID_DB_LIST  CSSMERR_TP_INVALID_CERTGROUP_POINTER	  CSS‐
       MERR_TP_INVALID_CERTGROUP      CSSMERR_TP_INVALID_CERTIFICATE	  CSS‐
       MERR_TP_CERTGROUP_INCOMPLETE

SEE ALSO
       Books

       Intel CDSA Application Developer's Guide (see CDSA_intro(3))

       Reference Pages

       Functions for the CSSM API:

       CSSM_TP_CertGroupConstruct(3), CSSM_TP_CertGroupVerify(3)

       Functions for the TP SPI:

       TP_CertGroupConstruct(3), TP_CertGroupVerify(3)

							  TP_CertGroupPrune(3)
[top]

List of man pages available for DigitalUNIX

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Tweet
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
....................................................................
Vote for polarhome
Free Shell Accounts :: the biggest list on the net