skip book previous and next navigation links
go up to top of book: HP Open Source Security for OpenVMS Volume 1:... HP Open Source Security for OpenVMS Volume 1:...
go to beginning of reference: API Functions API Functions
go to previous page: CL_CrlAbortQuery CL_CrlAbortQuery
go to next page: CL_CrlCacheCL_CrlCache
end of book navigation links


CL_CrlAddCert
Library
Description
Errors
 Parameters
Return Value
See Also

NAME

CL_CrlAddCert: CSSM_CL_CrlAddCert - Revoke an input certificate (CDSA)

SYNOPSIS  

# include <cssm.h>

API:
CSSM_RETURN CSSMAPI CSSM_CL_CrlAddCert
(CSSM_CL_HANDLE CLHandle,
CSSM_CC_HANDLE CCHandle,
const CSSM_DATA *Cert,
uint32 NumberOfFields,
const CSSM_FIELD *CrlEntryFields,
const CSSM_DATA *OldCrl,
CSSM_DATA_PTR NewCrl)
SPI:
CSSM_RETURN CSSMCLI CL_CrlAddCert
(CSSM_CL_HANDLE CLHandle,
CSSM_CC_HANDLE CCHandle,
const CSSM_DATA *Cert,
uint32 NumberOfFields,
const CSSM_FIELD *CrlEntryFields,
const CSSM_DATA *OldCrl,
CSSM_DATA_PTR NewCrl)

return to top LIBRARY  

Common Security Services Manager library (cdsa$incssm300_shr.exe)

return to top PARAMETERS  

CLHandle (input)
 The handle that describes the add-in certificate library module used to perform this function.
CCHandle (input)
 The handle that describes the context of this cryptographic operation.
Cert (input) A pointer to the CSSM_DATA structure containing the certificate to be revoked.
NumberOfFields (input)
 The number of OID/value pairs specified in the CrlEntryFields input parameter.
CrlEntryFields (input)
 An array of OID/value pairs specifying the initial values for descriptive data fields of the new CRL entry.
OldCrl (input)
 A pointer to the CSSM_DATA structure containing the CRL to which the newly revoked certificate will be added.
NewCrl (output)
 A pointer to the CSSM_DATA structure containing the updated CRL. The NewCrl->Data is allocated by the service provider and must be deallocated by the application.

return to top DESCRIPTION  

This function revokes the input certificate by adding a record representing the certificate to the CRL. The values for the new entry in the CRL are specified by the list of OID/value input pairs. The reason for revocation is a typical value specified in the list. The new CRL entry is signed using the private key and signing algorithm specified in the CCHandle.

The CCHandle must be a context created using the function CSSM_CSP_CreateSignatureContext() (CSSM API), or CSP_CreateSignatureContext() (CL SPI). The context must specify the Cryptographic Services Provider (CSP) module, the signing algorithm, and the signing key that must be used to perform this operation. The context must also provide the passphrase or a callback function to obtain the passphrase required to access and use the private key.

The operation is valid only if the CRL has not been closed by the process of signing the CRL, by calling CSSM_CL_CrlSign() (CSSM API), or CL_CrlSign() (CL SPI). Once the CRL has been signed, entries cannot be added or removed.

return to top RETURN VALUE  

A CSSM_RETURN value indicating success or specifying a particular error condition. The value CSSM_OK indicates success. All other values represent an error condition.

return to top ERRORS  

Errors are described in the CDSA Technical Standard. 
CSSMERR_CL_INVALID_CONTEXT_HANDLE
CSSMERR_CL_INVALID_CERT_POINTER
CSSMERR_CL_UNKNOWN_FORMAT
CSSMERR_CL_INVALID_FIELD_POINTER
CSSMERR_CL_UNKNOWN_TAG
CSSMERR_CL_INVALID_NUMBER_OF_FIELDS
CSSMERR_CL_INVALID_CRL_POINTER
CSSMERR_CL_CRL_ALREADY_SIGNED

return to top SEE ALSO  

Books

Intel CDSA Application Developer's Guide

Online Help

Functions for the CSSM API:

CSSM_CL_CrlRemoveCert

Functions for the CLI SPI:

CL_CrlRemoveCert

go to previous page: CL_CrlAbortQuery CL_CrlAbortQuery
go to next page: CL_CrlCacheCL_CrlCache