NAME    [Toc]    [Back]

       CL_CrlAddCert,  CSSM_CL_CrlAddCert  - Revoke an input certificate
 (CDSA)

SYNOPSIS    [Toc]    [Back]

       # include <cdsa/cssm.h>

       API: CSSM_RETURN CSSMAPI CSSM_CL_CrlAddCert  (CSSM_CL_HANDLE
  CLHandle,  CSSM_CC_HANDLE  CCHandle,  const CSSM_DATA
       *Cert, uint32 NumberOfFields, const CSSM_FIELD  *CrlEntryFields,
  const  CSSM_DATA  *OldCrl,  CSSM_DATA_PTR NewCrl)
       SPI:  CSSM_RETURN  CSSMCLI  CL_CrlAddCert  (CSSM_CL_HANDLE
       CLHandle,  CSSM_CC_HANDLE CCHandle, const CSSM_DATA *Cert,
       uint32 NumberOfFields, const  CSSM_FIELD  *CrlEntryFields,
       const CSSM_DATA *OldCrl, CSSM_DATA_PTR NewCrl)

LIBRARY    [Toc]    [Back]

       Common Security Services Manager library (libcssm.so)

PARAMETERS    [Toc]    [Back]

       The  handle  that describes the add-in certificate library
       module used to perform this  function.   The  handle  that
       describes  the context of this cryptographic operation.  A
       pointer to the CSSM_DATA structure containing the certificate
  to be revoked.  The number of OID/value pairs specified
 in the CrlEntryFields input parameter.  An  array  of
       OID/value pairs specifying the initial values for descriptive
 data fields of the new CRL entry.  A pointer  to  the
       CSSM_DATA  structure containing the CRL to which the newly
       revoked certificate will  be  added.   A  pointer  to  the
       CSSM_DATA   structure  containing  the  updated  CRL.  The
       NewCrl->Data is allocated by the service provider and must
       be deallocated by the application.

DESCRIPTION    [Toc]    [Back]

       This  function  revokes  the input certificate by adding a
       record representing the certificate to the CRL. The values
       for  the new entry in the CRL are specified by the list of
       OID/value input pairs. The reason for revocation is a typical
  value  specified  in  the list. The new CRL entry is
       signed using the private key and signing algorithm  specified
 in the CCHandle.

       The  CCHandle must be a context created using the function
       CSSM_CSP_CreateSignatureContext() (CSSM API), or  CSP_CreateSignatureContext()
  (CL  SPI). The context must specify
       the Cryptographic  Services  Provider  (CSP)  module,  the
       signing  algorithm,  and the signing key that must be used
       to perform this operation. The context must  also  provide
       the  passphrase  or  a  callback  function  to  obtain the
       passphrase required to access and use the private key.

       The operation is valid only if the CRL has not been closed
       by the process of signing the CRL, by calling CSSM_CL_CrlSign()
 (CSSM API), or CL_CrlSign() (CL SPI). Once the  CRL
       has been signed, entries cannot be added or removed.

RETURN VALUE    [Toc]    [Back]

       A  CSSM_RETURN  value  indicating  success or specifying a
       particular error condition. The  value  CSSM_OK  indicates
       success. All other values represent an error condition.

ERRORS    [Toc]    [Back]

       Errors  are described in the CDSA technical standard.  See
       CDSA_intro(3).    CSSMERR_CL_INVALID_CONTEXT_HANDLE   CSSMERR_CL_INVALID_CERT_POINTER
     CSSMERR_CL_UNKNOWN_FORMAT
       CSSMERR_CL_INVALID_FIELD_POINTER    CSSMERR_CL_UNKNOWN_TAG
       CSSMERR_CL_INVALID_NUMBER_OF_FIELDS                   CSSMERR_CL_INVALID_CRL_POINTER
 CSSMERR_CL_CRL_ALREADY_SIGNED

SEE ALSO    [Toc]    [Back]

       Books

       Intel   CDSA   Application    Developer's    Guide    (see
       CDSA_intro(3))

       Reference Pages    [Toc]    [Back]

       Functions for the CSSM API:

       CSSM_CL_CrlRemoveCert(3)

       Functions for the CLI SPI:

       CL_CrlRemoveCert(3)



                                                 CL_CrlAddCert(3)