Common Data Security Architecture (CDSA) White Paper

Chapter 1 41

Certiﬁcate Library Services (CL) API

Extensibility Functions

CL_PassThrough ( )

Performs a function indicated by an operation ID, which identiﬁes an operation exported by

CL for use by an application or other module. These operations are speciﬁc to the data format

of the certiﬁcates and CRLs manipulated by the CL module.

The HPUX bundled CL supports the following pass-through functions. Each pass-through ID

deﬁned in cdsa/x509defs.h represents a pass-through function available to applications. To

perform the function, applications invoke the CL API CSSM_CL_PassThrough(), which has

the following syntax:

output = CSSM_CL_PassThrough(CLHandle, PassThroughID, Input);

• CLHandle is the handle returned by CSSM_ModuleAttach() when attaching the CL.

• PassThroughID is a pass-through number to indicate the function to be performed.

• Input is the input parameter required to perform the speciﬁc function. Each pass-through

ID has a speciﬁc input requirement.

• Output is the result returned by the function.

The information that follows speciﬁes the function performed, input requirement and output

for each pass-through ID. For further details about the data structures, see the CSSM(4)

manpage:

INTEL_X509V3_PASSTHROUGH_ENCODE_CERTIFICATE

Function Encode a certiﬁcate

Input Pointer to a certiﬁcate in the format of X509_SIGNED_CERTIFICATE

Output Pointer to a DER-encoded certiﬁcate in the format of CSSM_DATA

INTEL_X509V3_PASSTHROUGH_DECODE_CERTIFICATE

Function Decode a certiﬁcate

Input Pointer to a DER-encoded certiﬁcate in the format of CSSM_DATA

Output Pointer to a certiﬁcate in the format of X509_SIGNED_CERTIFICATE

INTEL_X509V3_PASSTHROUGH_FREE_CERTIFICATE

Function Free a certiﬁcate structure and all of the pointers inside

Input Pointer to a certiﬁcate in the format of X509_SIGNED_CERTIFICATE

Output A CSSM_BOOL to indicate success/failure

INTEL_X509V3_PASSTHROUGH_CREATE_ENCODED_NAME