NAME    [Toc]    [Back]

       TP_CertRevoke,   CSSM_TP_CertRevoke  -  Determine  if  the
       revoking certificate group can revoke the subject certificate
 group (CDSA)

SYNOPSIS    [Toc]    [Back]

       # include <cdsa/cssm.h>

       API:  CSSM_RETURN CSSMAPI CSSM_TP_CertRevoke (CSSM_TP_HANDLE
  TPHandle,  CSSM_CL_HANDLE  CLHandle,  CSSM_CSP_HANDLE
       CSPHandle,    const   CSSM_DATA   *OldCrlTemplate,   const
       CSSM_CERTGROUP *CertGroupToBeRevoked, const CSSM_CERTGROUP
       *RevokerCertGroup,  const  CSSM_TP_VERIFY_CONTEXT  *RevokerVerifyContext,
 CSSM_TP_VERIFY_CONTEXT_RESULT_PTR  RevokerVerifyResult,
      CSSM_TP_CERTCHANGE_REASON     Reason,
       CSSM_DATA_PTR  NewCrlTemplate)  SPI:  CSSM_RETURN  CSSMTPI
       TP_CertRevoke   (CSSM_TP_HANDLE  TPHandle,  CSSM_CL_HANDLE
       CLHandle, CSSM_CSP_HANDLE CSPHandle, const CSSM_DATA *OldCrlTemplate,
  const  CSSM_CERTGROUP *CertGroupToBeRevoked,
       const CSSM_CERTGROUP *RevokerCertGroup, const CSSM_TP_VERIFY_CONTEXT
   *RevokerVerifyContext,   CSSM_TP_VERIFY_CONTEXT_RESULT_PTR
                       RevokerVerifyResult,
       CSSM_TP_CERTCHANGE_REASON Reason, CSSM_DATA_PTR NewCrlTemplate)

LIBRARY    [Toc]    [Back]

       Common Security Services Manager library (libcssm.so)

PARAMETERS    [Toc]    [Back]

       The handle that describes the add-in trust  policy  module
       used  to perform this function.  The handle that describes
       the add-in certificate library module used to perform this
       function.   The  handle  that describes the add-in cryptographic
 service provider module used to perform this function.
   A pointer to the CSSM_DATA structure containing an
       existing certificate revocation list.  If  this  input  is
       NULL,  a  new  list  is created or the operation fails.  A
       group of one or more certificates that partially or  fully
       represent the certificate to be revoked by this operation.
       The first certificate in the group is the target  certificate.
  The  use  of subsequent certificates is specific to
       the trust domain. For example,  in  a  hierarchical  trust
       model  subsequent members are intermediate certificates of
       a certificate chain.  A group of one or more  certificates
       that  partially or fully represent the revoking entity for
       this operation. The first certificate in the group is  the
       target  certificate  representing  the revoker. The use of
       subsequent certificates is specific to the  trust  domain.
       A structure containing policy elements useful in verifying
       certificates and their use with respect to a security policy.
 Optional elements in the verify context left unspecified
 will cause the internal default values  to  be  used.
       Default  values  are  specified  in  the  TP module vendor
       release documents.  This context is  used  to  verify  the
       revoker  certificate group.  A pointer to a structure containing
 information generated during the verification process.
 The information can include:




              Evidence            .PP (output/optional)
              NumberOfEvidences   .PP (output/optional)
              The reason for revoking the subject certificate.  A
              pointer to the CSSM_DATA structure  containing  the
              updated certificate revocation list. If the pointer
              is NULL, an error has occurred.

DESCRIPTION    [Toc]    [Back]

       The TP module determines whether the revoking  certificate
       group  can  revoke  the  subject  certificate  group.  The
       revoker certificate group is first authenticated  and  its
       applicability  to  perform  this  operation is determined.
       Once the trust is established, the TP revokes the  subject
       certificate  by  adding  it  to the certificate revocation
       list.

RETURN VALUE    [Toc]    [Back]

       A CSSM_RETURN value indicating  success  or  specifying  a
       particular  error  condition.  The value CSSM_OK indicates
       success. All other values represent an error condition.

ERRORS    [Toc]    [Back]

       Errors are described in the CDSA technical standard.   See
       CDSA_intro(3).       CSSMERR_TP_INVALID_CL_HANDLE     CSSMERR_TP_INVALID_CSP_HANDLE
  CSSMERR_TP_INVALID_CRL_POINTER
       CSSMERR_TP_INVALID_CRL    CSSMERR_TP_UNKNOWN_FORMAT   CSSMERR_TP_CRL_ALREADY_SIGNED
        CSSMERR_TP_INVALID_CERTGROUP_POINTER
       CSSMERR_TP_INVALID_CERTGROUP      CSSMERR_TP_INVALID_CERTIFICATE
 CSSMERR_TP_INVALID_ACTION CSSMERR_TP_INVALID_ACTION_DATA
                CSSMERR_TP_VERIFY_ACTION_FAILED
 CSSMERR_TP_INVALID_CRLGROUP_POINTER CSSMERR_TP_INVALID_CRLGROUP
  CSSMERR_TP_INVALID_CRL_AUTHORITY
       CSSMERR_TP_INVALID_CALLERAUTH_CONTEXT_POINTER         CSSMERR_TP_INVALID_POLICY_IDENTIFIERS
                    CSSMERR_TP_INVALID_TIMESTRING
 CSSMERR_TP_INVALID_STOP_ON_POLICY
            CSSMERR_TP_INVALID_CALLBACK            CSSMERR_TP_INVALID_ANCHOR_CERT
    CSSMERR_TP_CERTGROUP_INCOMPLETE
           CSSMERR_TP_INVALID_DL_HANDLE          CSSMERR_TP_INVALID_DB_HANDLE
                             CSSMERR_TP_INVALID_DB_LIST_POINTER
 CSSMERR_TP_INVALID_DB_LIST
       CSSMERR_TP_AUTHENTICATION_FAILED       CSSMERR_TP_INSUFFICIENT_CREDENTIALS
        CSSMERR_TP_NOT_TRUSTED       CSSMERR_TP_CERT_REVOKED
    CSSMERR_TP_CERT_SUSPENDED     CSSMERR_TP_CERT_EXPIRED
   CSSMERR_TP_CERT_NOT_VALID_YET  CSSMERR_TP_INVALID_CERT_AUTHORITY
   CSSMERR_TP_INVALID_SIGNATURE
      CSSMERR_TP_INVALID_NAME      CSSMERR_TP_CERTIFICATE_CANT_OPERATE
 CSSMERR_TP_INVALID_REASON

SEE ALSO    [Toc]    [Back]

       Books

       Intel   CDSA   Application    Developer's    Guide    (see
       CDSA_intro(3))

       Reference Pages    [Toc]    [Back]

       Functions for the CSSM API:

       CSSM_CL_CrlAddCert(3)

       Functions for the TP SPI:

       CL_CrlAddCert(3)



                                                 TP_CertRevoke(3)