*nix Documentation Project
·  Home
 +   man pages
·  Linux HOWTOs
·  FreeBSD Tips
·  *niX Forums

  man pages->Tru64 Unix man pages -> TP_CrlVerify (3)              
Title
Content
Arch
Section
 

TP_CrlVerify(3)

Contents


NAME    [Toc]    [Back]

       TP_CrlVerify,  CSSM_TP_CrlVerify - Verify integrity of the
       certificate revocation list (CDSA)

SYNOPSIS    [Toc]    [Back]

       # include <cdsa/cssm.h>

       API: CSSM_RETURN CSSMAPI CSSM_TP_CrlVerify (CSSM_TP_HANDLE
       TPHandle, CSSM_CL_HANDLE CLHandle, CSSM_CSP_HANDLE CSPHandle,
  const   CSSM_ENCODED_CRL   *CrlToBeVerified,   const
       CSSM_CERTGROUP *SignerCertGroup, const CSSM_TP_VERIFY_CONTEXT
   *VerifyContext,   CSSM_TP_VERIFY_CONTEXT_RESULT_PTR
       RevokerVerifyResult) SPI: CSSM_RETURN CSSMTPI TP_CrlVerify
       (CSSM_TP_HANDLE   TPHandle,    CSSM_CL_HANDLE    CLHandle,
       CSSM_CSP_HANDLE  CSPHandle, const CSSM_ENCODED_CRL *CrlToBeVerified,
 const CSSM_CERTGROUP  *SignerCertGroup,  const
       CSSM_TP_VERIFY_CONTEXT *VerifyContext, CSSM_TP_VERIFY_CONTEXT_RESULT_PTR
 RevokerVerifyResult)

LIBRARY    [Toc]    [Back]

       Common Security Services Manager library (libcssm.so)

PARAMETERS    [Toc]    [Back]

       The handle that describes the add-in trust  policy  module
       used  to perform this function.  The handle that describes
       the add-in certificate library module that can be used  to
       manipulate the certificates to be verified. If no certificate
 library module is specified, the TP  module  uses  an
       assumed  CL module, if required.  The handle referencing a
       Cryptographic Service Provider to be used to verify signatures
  on  the signer's certificate and on the CRL. The TP
       module is responsible for creating the cryptographic  context
 structure required to perform the verification operation.
 If no CSP  is  specified,  the  TP  module  uses  an
       assumed  CSP  to perform the operations.  A pointer to the
       CSSM_DATA structure containing a signed certificate  revocation
  list to be verified. The CRL type and encoding are
       included in this structure.  A pointer to  the  CSSM_CERTGROUP
  structure  containing  one or more related certificates
 that paretially or fully represent the signer of the
       certificate  revocation list. The first certificate in the
       group is  the  target  certificate  representing  the  CRL
       signer.  Use of subsequent certificates is specific to the
       trust domain. For example, in a hierarchical  trust  model
       subsequent members are intermediate certificates of a certificate
 chain - the caller can specify additional  points
       of trust represented by anchor certificates in the VerifyContext.
 The trust policy module can use these  additional
       points  of trust in the verification process.  A structure
       containing credentials, policy information, and contextual
       information to be used in the verification process. All of
       the input values in the context are optional. The  service
       provider can define default values or can attempt to operate
 without input for all the other fields of  this  input
       structure.   The  operation  can fail if a necessary input
       value is omitted and the service module can not define  an
       appropriate  default  value  A pointer to a structure containing
 information  generation  during  the  verification
       process. The information can include:


              Evidence           .PP (output/optional)
              NumberOfEvi-       .PP (output/optional)
              dences

DESCRIPTION    [Toc]    [Back]

       This function verifies the integrity  of  the  certificate
       revocation  list and determines whether it is trusted. The
       conditions for trust are part of the trust policy  module.
       It can include conditions such as validity of the signer's
       certificate, verification of the signature on the CRL, the
       identity  of the signer, the identity of the sender of the
       CRL, date the CRL was issued, the effective dates  on  the
       CRL, and so on.

       The  caller  can specify additional points of trust represented
 by anchor certificates in  the  VerifyContext.  The
       trust  policy  module  can  use these additional points of
       trust in the verification process.

RETURN VALUE    [Toc]    [Back]

       A CSSM_RETURN value indicating  success  or  specifying  a
       particular  error  condition.  The value CSSM_OK indicates
       success. All other values represent an error condition.

ERRORS    [Toc]    [Back]

       Errors are described in the CDSA technical standard.   See
       CDSA_intro(3).       CSSMERR_TP_INVALID_CL_HANDLE     CSSMERR_TP_INVALID_CSP_HANDLE
     CSSMERR_TP_INVALID_CRL_TYPE
       CSSMERR_TP_INVALID_CRL_ENCODING                       CSSMERR_TP_INVALID_CRL_POINTER
  CSSMERR_TP_INVALID_CRL   CSSMERR_TP_INVALID_CERTGROUP_POINTER
 CSSMERR_TP_INVALID_CERTGROUP
         CSSMERR_TP_INVALID_CERTIFICATE          CSSMERR_TP_INVALID_ACTION
 CSSMERR_TP_INVALID_ACTION_DATA CSSMERR_TP_VERIFY_ACTION_FAILED
       CSSMERR_TP_INVALID_CRLGROUP_POINTER
       CSSMERR_TP_INVALID_CRLGROUP       CSSMERR_TP_INVALID_CRL_AUTHORITY
   CSSMERR_TP_INVALID_CALLERAUTH_CONTEXT_POINTER
 CSSMERR_TP_INVALID_POLICY_IDENTIFIERS
       CSSMERR_TP_INVALID_TIMESTRING                         CSSMERR_TP_INVALID_STOP_ON_POLICY
 CSSMERR_TP_INVALID_CALLBACK
       CSSMERR_TP_INVALID_ANCHOR_CERT CSSMERR_TP_CERTGROUP_INCOMPLETE
           CSSMERR_TP_INVALID_DL_HANDLE          CSSMERR_TP_INVALID_DB_HANDLE
                             CSSMERR_TP_INVALID_DB_LIST_POINTER
 CSSMERR_TP_INVALID_DB_LIST
       CSSMERR_TP_AUTHENTICATION_FAILED       CSSMERR_TP_INSUFFICIENT_CREDENTIALS
        CSSMERR_TP_NOT_TRUSTED       CSSMERR_TP_CERT_REVOKED
    CSSMERR_TP_CERT_SUSPENDED     CSSMERR_TP_CERT_EXPIRED
   CSSMERR_TP_CERT_NOT_VALID_YET  CSSMERR_TP_INVALID_CERT_AUTHORITY
   CSSMERR_TP_INVALID_SIGNATURE
      CSSMERR_TP_INVALID_NAME      CSSMERR_TP_CERTIFICATE_CANT_OPERATE


SEE ALSO    [Toc]    [Back]

      
      
       Books

       Intel   CDSA   Application    Developer's    Guide    (see
       CDSA_intro(3))

       Reference Pages    [Toc]    [Back]

       Functions for the CSSM API:

       CSSM_CL_CrlVerify(3)

       Functions for the TP SPI:

       CL_CrlVerify(3)



                                                  TP_CrlVerify(3)
[ Back ]
 Similar pages
Name OS Title
CSSM_CL_CrlCache Tru64 Cache a copy of a certificate revocation list (CDSA)
CL_CrlCache Tru64 Cache a copy of a certificate revocation list (CDSA)
CL_CertVerify Tru64 Verify a signed certificate (CDSA)
CSSM_CL_CertVerify Tru64 Verify a signed certificate (CDSA)
gss_verify_mic HP-UX check a cryptographic message integrity code (MIC) against a message to verify its integrity
grpck Linux verify integrity of group files
pwck Linux verify integrity of password files
cr_verify HP-UX verify integrity of crash dump
ipsec_certmake Tru64 Creates X.509 certificates, requests, and Certificate Revocation Lists (CRLs)
CSSM_CL_CertGetAllFields Tru64 Return a list of input certificate values (CDSA)
Copyright © 2004-2005 DeniX Solutions SRL
newsletter delivery service