Manualshelf

Common Data Security Architecture (CDSA) White Paper

ManualsBrandsHP ManualsSoftwareHP-UX Security Products and Features Software
31323334353637383940
Chapter 1 37
Common Data Security Architecture (CDSA) White Paper
Certificate Library Services (CL) API
CL_PassThrough function in the CL. The CL interprets the input parameters to enable the
appropriate operation to be performed.
NOTE Certificate and CRL operations initiated by an application are performed
with APIs whose names have the form CSSM_CL_*().
Other interfaces, whose names have the form CL_*() are intended for use
by add-on module developers only, for operations between the CSSM and
the CL module.
Interaction between CSSM and Certificate Library Interface
CSSM provides the general-security APIs that safeguard the CL manipulations of certificates
and certificate revocation lists.
The CSSM module information files (located in /var/cdsa/cssm) contain specifications of
CL-supported functions for use by the application.
The Certificate Library Interface (CLI) works with the CSSM APIs to make CL functions
available to applications. CL functions perform syntactic operations (including creation, field
management, signing, and verification, as well as extensibility operations and module
management) on certificates and CRLs, so that applications may focus on the use of
certificates rather than the mechanics of format manipulation.
Operations on Certificates
CSSM provides the general-security APIs that safeguard the CL manipulations of certificates
and certificate revocation lists. The CL module provides functionality that includes:
Certificate operations
Certificate revocation list (CRL) operations
Extensibility functions.
The CSSM module information files contain specifications of CL supported functions. The
application can obtain and use this information.
Certificate Library Interface
The Certificate Library Interface (CLI) specifies the CL functions available to applications via
CSSM to support certificate and certificate revocation list (CRL) formats. These functions
work with the CSSM APIs to perform certificate operations, certificate revocation list
operations, extensibility functions, and module management functions.