TP_CrlSign man page on DigitalUNIX

Man page or keyword search:  
man Server   12896 pages
apropos Keyword Search (all sections)
Output format
DigitalUNIX logo
[printable version]

TP_CrlSign(3)							 TP_CrlSign(3)

NAME
       TP_CrlSign,  CSSM_TP_CrlSign  -	Determine  if  signer  certificate  is
       trusted (CDSA)

SYNOPSIS
       # include <cdsa/cssm.h>

       API:  CSSM_RETURN  CSSMAPI  CSSM_TP_CrlSign  (CSSM_TP_HANDLE  TPHandle,
       CSSM_CL_HANDLE	  CLHandle,	CSSM_CC_HANDLE	   CCHandle,	 const
       CSSM_ENCODED_CRL *CrlToBeSigned, const CSSM_CERTGROUP *SignerCertGroup,
       const  CSSM_TP_VERIFY_CONTEXT *SignerVerifyContext, CSSM_TP_VERIFY_CON‐
       TEXT_RESULT_PTR	SignerVerifyResult,  CSSM_DATA_PTR   SignedCrl)	  SPI:
       CSSM_RETURN CSSMTPI TP_CrlSign (CSSM_TP_HANDLE TPHandle, CSSM_CL_HANDLE
       CLHandle, CSSM_CC_HANDLE	 CCHandle,  const  CSSM_ENCODED_CRL  *CrlToBe‐
       Signed,	 const	CSSM_CERTGROUP	*SignerCertGroup,  const  CSSM_TP_VER‐
       IFY_CONTEXT   *SignerVerifyContext,   CSSM_TP_VERIFY_CONTEXT_RESULT_PTR
       SignerVerifyResult, CSSM_DATA_PTR SignedCrl)

LIBRARY
       Common Security Services Manager library (libcssm.so)

PARAMETERS
       The  handle  that describes the add-in trust policy module used to per‐
       form this function.  The handle that describes the  add-in  certificate
       library	module	that  can be used to manipulate the certificates to be
       verified. If no certificate library module is specified, the TP	module
       uses  an assumed CL module, if required.	 The handle that describes the
       cryptographic context for signing the CRL. This context also identifies
       the  cryptographic  service  provider to be used to perform the signing
       operation. If this handle is not provided by the caller, the trust pol‐
       icy module can assume a default signing algorithm and a default CSP. If
       the trust policy module does not assume defaults or the default CSP  is
       not  available  on  the local system an error occurs.  A pointer to the
       CSSM_DATA structure containing a	 certificate  revocation  list	to  be
       signed.	 A  pointer  to the CSSM_CERTGROUP structure containing one or
       more related certificates that partially or fully represent the	signer
       of  the certificate revocation list. The first certificate in the group
       is the target certificate representing the CRL signer.  Use  of	subse‐
       quent  certificates  is specific to the trust domain. For example, in a
       hierarchical trust model subsequent members are	intermediate  certifi‐
       cates of a certificate chain.  A structure containing credentials, pol‐
       icy information, and contextual information to be used in the verifica‐
       tion  process. All of the input values in the context are optional. The
       service provider can define default values or can  attempt  to  operate
       without	input  for  all	 the other fields of this input structure. The
       operation can fail if a necessary input value is omitted and  the  ser‐
       vice  module can not define an appropriate default value.  A pointer to
       a structure containing information generation during  the  verification
       process. The information can include:

	      Evidence		  .PP (output/optional)
	      NumberOfEvidences	  .PP (output/optional)
	      A	 pointer to the CSSM_DATA structure containing the signed cer‐
	      tificate revocation list. The SignedCrl->Data  is	 allocated  by
	      the service provider and must be deallocated by the application.

DESCRIPTION
       The TP module decides whether the signer certificate is trusted to sign
       the entire certificate revocation list. The signer certificate group is
       first  authenticated and its applicability to perform this operation is
       determined.  Once the trust is established, this	 operation  signs  the
       entire  certificate revocation list. Individual records within the cer‐
       tificate revocation list were signed when they were added to the	 list.
       The caller must provide a credential that permits the caller to use the
       private key for this signing operation.	The credential can be provided
       in the cryptographic context CCHandle. If CCHandle is NULL, the creden‐
       tials in the SignerVerifyContext specify the credential value.

RETURN VALUE
       A CSSM_RETURN value indicating success or specifying a particular error
       condition. The value CSSM_OK indicates success. All other values repre‐
       sent an error condition.

ERRORS
       Errors  are  described	in   the   CDSA	  technical   standard.	   See
       CDSA_intro(3).	 CSSMERR_TP_INVALID_CL_HANDLE  CSSMERR_TP_INVALID_CON‐
       TEXT_HANDLE CSSMERR_TP_INVALID_CRL_TYPE CSSMERR_TP_INVALID_CRL_ENCODING
       CSSMERR_TP_INVALID_CRL_POINTER	     CSSMERR_TP_INVALID_CRL	  CSS‐
       MERR_TP_INVALID_CERTGROUP_POINTER   CSSMERR_TP_INVALID_CERTGROUP	  CSS‐
       MERR_TP_INVALID_CERTIFICATE	  CSSMERR_TP_INVALID_ACTION	  CSS‐
       MERR_TP_INVALID_ACTION_DATA    CSSMERR_TP_VERIFY_ACTION_FAILED	  CSS‐
       MERR_TP_INVALID_CRLGROUP_POINTER	   CSSMERR_TP_INVALID_CRLGROUP	  CSS‐
       MERR_TP_INVALID_CRL_AUTHORITY	    CSSMERR_TP_INVALID_CALLERAUTH_CON‐
       TEXT_POINTER	    CSSMERR_TP_INVALID_POLICY_IDENTIFIERS	  CSS‐
       MERR_TP_INVALID_TIMESTRING    CSSMERR_TP_INVALID_STOP_ON_POLICY	  CSS‐
       MERR_TP_INVALID_CALLBACK	      CSSMERR_TP_INVALID_ANCHOR_CERT	  CSS‐
       MERR_TP_CERTGROUP_INCOMPLETE	CSSMERR_TP_INVALID_DL_HANDLE	  CSS‐
       MERR_TP_INVALID_DB_HANDLE    CSSMERR_TP_INVALID_DB_LIST_POINTER	  CSS‐
       MERR_TP_INVALID_DB_LIST	    CSSMERR_TP_AUTHENTICATION_FAILED	  CSS‐
       MERR_TP_INSUFFICIENT_CREDENTIALS	      CSSMERR_TP_NOT_TRUSTED	  CSS‐
       MERR_TP_CERT_REVOKED CSSMERR_TP_CERT_SUSPENDED  CSSMERR_TP_CERT_EXPIRED
       CSSMERR_TP_CERT_NOT_VALID_YET   CSSMERR_TP_INVALID_CERT_AUTHORITY  CSS‐
       MERR_TP_INVALID_SIGNATURE  CSSMERR_TP_INVALID_NAME  CSSMERR_TP_CERTIFI‐
       CATE_CANT_OPERATE

SEE ALSO
       Books

       Intel CDSA Application Developer's Guide (see CDSA_intro(3))

       Reference Pages

       Functions for the CSSM API:

       CSSM_CL_CrlSign(3)

       Functions for the TP SPI:

       CL_CrlSign(3)

								 TP_CrlSign(3)
[top]

List of man pages available for DigitalUNIX

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Tweet
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
....................................................................
Vote for polarhome
Free Shell Accounts :: the biggest list on the net