Manualshelf

Common Data Security Architecture (CDSA) White Paper

ManualsBrandsHP ManualsSoftwareHP-UX Security Products and Features Software
31323334353637383940
40 Chapter1
Common Data Security Architecture (CDSA) White Paper
Certificate Library Services (CL) API
Revokes the input certificate by adding a record of the certificate to the CRL. The CRL entry
consists of OID/values provided by the application. The new record is signed using the
revoker’s certificate and the updated CRL is returned to the calling application. The CL
defines which fields must or cannot be set using this function. This operation is valid only if
the CRL has not been signed. Once the CRL has been signed, entries can not be added or
removed.
CL_CrlRemoveCert ( )
Reinstates the input certificate by removing the record representing the certificate from the
CRL, then returning updated CRL to the calling application. This operation is valid only if
the CRL has not been signed. Once the CRL has been signed, entries can not be added or
removed.
CL_CrlSign ( )
Creates a digital signature for the entire CRL using the signer’s certificate. The
cryptographic context handle indicates the algorithm and parameters to be used for signing.
CL_CrlVerify ( )
Verifies the signer certificate’s signature on the subject CRL. The cryptographic context
handle indicates the algorithm and parameters to be used for verification.
CL_IsCertInCrl ( )
Searches the CRL for a record corresponding to the input certificate.
CL_CrlGetFirstFieldValue ( )
Returns the first field in the CRL that matches the input OID. If an application requests a
multiply-occurring OID, a results handle and a count of the number of matching instances are
returned with the first instance of the OID. The application uses the results handle to obtain
the additional matching instances by repeated calls to CL_CrlGetNextFieldValue. CRL
queries can be performed on both signed and unsigned CRLs.
CL_CrlGetNextFieldValue ( )
Returns the next field associated with the input results handle, which had been obtained by
calling CSSM_CL_CrlGetFirstFieldValue.
CL_CrlAbortQuery ( )
Releases a handle assigned by the CL_CrlGetFirstFieldValue function to identify the results
of a CRL query, thus allowing the CL to release all intermediate state information associated
with the query operation.
CL_CrlDescribeFormat ( )
Returns a list of the types of fields in the CRL format supported by the CL module.