|
|
TP_CertGroupPrune(3)
Contents |
TP_CertGroupPrune, CSSM_TP_CertGroupPrune - Remove locally
issued anchor certificates (CDSA)
# include <cdsa/cssm.h>
API: CSSM_RETURN CSSMAPI CSSM_TP_CertGroupPrune
(CSSM_TP_HANDLE TPHandle, CSSM_CL_HANDLE CLHandle, const
CSSM_DL_DB_LIST *DBList, const CSSM_CERTGROUP *OrderedCertGroup,
CSSM_CERTGROUP_PTR *PrunedCertGroup) SPI:
CSSM_RETURN CSSMTPI TP_CertGroupPrune (CSSM_TP_HANDLE
TPHandle, CSSM_CL_HANDLE CLHandle, const CSSM_DL_DB_LIST
*DBList, const CSSM_CERTGROUP *OrderedCertGroup,
CSSM_CERTGROUP_PTR *PrunedCertGroup)
Common Security Services Manager library (libcssm.so)
The handle to the trust policy module to perform this
operation. The handle to the certificate library module
that can be used to manipulate and parse the certgroup
certificates and the certificates in the specified data
stores. If no certificate library module is specified, the
TP module uses an assumed CL module. A list of handle
pairs specifying a data storage library module and a data
store, identifying certificate databases containing certificates
(and possibly other security objects) that are
managed by that module. The data stores are searched for
anchor certificates restricted to have local scope. These
certificates are candidates for removal from the subject
certificate group. The initial complete set of semantically-related
certificates - for example, the result of a
CSSM_TP_CertGroupConstruct() (CSSM API), or TP_CertGroupConstruct()
(TP SPI), call - from which certificates will
be selectively removed. A pointer to a certificate group
containing those certificates which are verifiable credentials
outside of the local system. The CSSM_CERTGROUP and
its substructure is allocated by the service provider and
must be deallocated by the application.
This function removes any locally issued anchor certificates
from a constructed certificate group. The prune
operation can remove those certificates that have been
signed by any local certificate authority, as it is possible
that these certificates will not be meaningful on
other systems.
This operation can also remove additional certificates
that can be added to the certificate group again using the
CSSM_TP_CertGroupConstruct() (CSSM API), or TP_CertGroupConstruct()
(TP SPI), operation. The pruned certificate
group should be suitable for export to external
hosts/entities, which can in turn reconstruct and verify
the certificate group.
The DBList parameter specifies a set of data stores containing
certificates that should be pruned from the group.
A CSSM_RETURN value indicating success or specifying a
particular error condition. The value CSSM_OK indicates
success. All other values represent an error condition.
Errors are described in the CDSA technical standard. See
CDSA_intro(3). CSSMERR_TP_INVALID_CL_HANDLE CSSMERR_TP_INVALID_DL_HANDLE
CSSMERR_TP_INVALID_DB_HANDLE
CSSMERR_TP_INVALID_DB_LIST_POINTER CSSMERR_TP_INVALID_DB_LIST
CSSMERR_TP_INVALID_CERTGROUP_POINTER
CSSMERR_TP_INVALID_CERTGROUP CSSMERR_TP_INVALID_CERTIFICATE
CSSMERR_TP_CERTGROUP_INCOMPLETE
Books
Intel CDSA Application Developer's Guide (see
CDSA_intro(3))
Reference Pages [Toc] [Back]
Functions for the CSSM API:
CSSM_TP_CertGroupConstruct(3), CSSM_TP_CertGroupVerify(3)
Functions for the TP SPI:
TP_CertGroupConstruct(3), TP_CertGroupVerify(3)
TP_CertGroupPrune(3)
[ Back ] | 