VMS Help  —  CDSA  CDSA_API, TP CrlVerify
 NAME
   TP_CrlVerify,
   CSSM_TP_CrlVerify - Verify integrity of the certificate
                       revocation list (CDSA)

 SYNOPSIS
   # include <cssm.h>

    API:
        CSSM_RETURN CSSMAPI CSSM_TP_CrlVerify
        (CSSM_TP_HANDLE TPHandle,
        CSSM_CL_HANDLE CLHandle,
        CSSM_CSP_HANDLE CSPHandle,
        const CSSM_ENCODED_CRL *CrlToBeVerified,
        const CSSM_CERTGROUP *SignerCertGroup,
        const CSSM_TP_VERIFY_CONTEXT *VerifyContext,
        CSSM_TP_VERIFY_CONTEXT_RESULT_PTR RevokerVerifyResult)
    SPI:
        CSSM_RETURN CSSMTPI TP_CrlVerify
        (CSSM_TP_HANDLE TPHandle,
        CSSM_CL_HANDLE CLHandle,
        CSSM_CSP_HANDLE CSPHandle,
        const CSSM_ENCODED_CRL *CrlToBeVerified,
        const CSSM_CERTGROUP *SignerCertGroup,
        const CSSM_TP_VERIFY_CONTEXT *VerifyContext,
        CSSM_TP_VERIFY_CONTEXT_RESULT_PTR RevokerVerifyResult)

 LIBRARY
   Common Security Services Manager library (CDSA$INCSSM300_SHR.EXE)

 PARAMETERS
   TPHandle (input)
           The handle that describes the add-in trust policy module
           used to perform this function.

   CLHandle (input/optional)
           The handle that describes the add-in certificate library
           module that can be used to manipulate the certificates to
           be verified. If no certificate library module is specified,
           the TP module uses an assumed CL module, if required.

   CSPHandle (input/optional)
           The handle referencing a Cryptographic Service Provider to be
           used to verify signatures on the signer's certificate and on
           the CRL.  The TP module is responsible for creating the
           cryptographic context structure required to perform the
           verification operation. If no CSP is specified, the TP module
           uses an assumed CSP to perform the operations.

   CrlToBeVerified (input)
           A pointer to the CSSM_DATA structure containing a signed
           certificate revocation list to be verified. The CRL type and
           encoding are included in this structure.

   SignerCertGroup (input)
           A pointer to the CSSM_CERTGROUP structure containing one or
           more related certificates that paretially or fully represent
           the signer of the certificate revocation list. The first
           certificate in the group is the target certificate
           representing the CRL signer. Use of subsequent certificates
           is specific to the trust domain. For example, in a
           hierarchical trust model subsequent members are intermediate
           certificates of a certificate chain - the caller can specify
           additional points of trust represented by anchor
           certificates in the VerifyContext. The trust policy module
           can use these additional points of trust in the verification
           process.

   VerifyContext (input/optional)
           A structure containing credentials, policy information, and
           contextual information to be used in the verification process.
           All of the input values in the context are optional. The
           service provider can define default values or can attempt to
           operate without input for all the other fields of this input
           structure.  The operation can fail if a necessary input value
           is omitted and the service module can not define an
           appropriate default value

   RevokerVerifyResult (output/optional)
           A pointer to a structure containing information generation
           during the verification process. The information can include:

           Evidence            (output/optional)
           NumberOfEvidences   (output/optional)

 DESCRIPTION
   This function verifies the integrity of the certificate revocation
   list and determines whether it is trusted. The conditions for trust
   are part of the trust policy module. It can include conditions such
   as validity of the signer's certificate, verification of the
   signature on the CRL, the identity of the signer, the identity of
   the sender of the CRL, date the CRL was issued, the effective dates
   on the CRL, and so on.

   The caller can specify additional points of trust represented by
   anchor certificates in the VerifyContext. The trust policy module
   can use these additional points of trust in the verification process.

 RETURN VALUE
   A CSSM_RETURN value indicating success or specifying a particular
   error condition. The value CSSM_OK indicates success. All other
   values represent an error condition.

 ERRORS
   Errors are described in the CDSA technical standard.  See CDSA.

        CSSMERR_TP_INVALID_CL_HANDLE
        CSSMERR_TP_INVALID_CSP_HANDLE
        CSSMERR_TP_INVALID_CRL_TYPE
        CSSMERR_TP_INVALID_CRL_ENCODING
        CSSMERR_TP_INVALID_CRL_POINTER
        CSSMERR_TP_INVALID_CRL
        CSSMERR_TP_INVALID_CERTGROUP_POINTER
        CSSMERR_TP_INVALID_CERTGROUP
        CSSMERR_TP_INVALID_CERTIFICATE
        CSSMERR_TP_INVALID_ACTION
        CSSMERR_TP_INVALID_ACTION_DATA
        CSSMERR_TP_VERIFY_ACTION_FAILED
        CSSMERR_TP_INVALID_CRLGROUP_POINTER
        CSSMERR_TP_INVALID_CRLGROUP
        CSSMERR_TP_INVALID_CRL_AUTHORITY
        CSSMERR_TP_INVALID_CALLERAUTH_CONTEXT_POINTER
        CSSMERR_TP_INVALID_POLICY_IDENTIFIERS
        CSSMERR_TP_INVALID_TIMESTRING
        CSSMERR_TP_INVALID_STOP_ON_POLICY
        CSSMERR_TP_INVALID_CALLBACK
        CSSMERR_TP_INVALID_ANCHOR_CERT
        CSSMERR_TP_CERTGROUP_INCOMPLETE
        CSSMERR_TP_INVALID_DL_HANDLE
        CSSMERR_TP_INVALID_DB_HANDLE
        CSSMERR_TP_INVALID_DB_LIST_POINTER
        CSSMERR_TP_INVALID_DB_LIST
        CSSMERR_TP_AUTHENTICATION_FAILED
        CSSMERR_TP_INSUFFICIENT_CREDENTIALS
        CSSMERR_TP_NOT_TRUSTED
        CSSMERR_TP_CERT_REVOKED
        CSSMERR_TP_CERT_SUSPENDED
        CSSMERR_TP_CERT_EXPIRED
        CSSMERR_TP_CERT_NOT_VALID_YET
        CSSMERR_TP_INVALID_CERT_AUTHORITY
        CSSMERR_TP_INVALID_SIGNATURE
        CSSMERR_TP_INVALID_NAME
        CSSMERR_TP_CERTIFICATE_CANT_OPERATE

 SEE ALSO
   Books

   Intel CDSA Application Developer's Guide (see CDSA)

   Other Help Topics

   Functions for the CSSM API:

       CSSM_CL_CrlVerify

   Functions for the TP SPI:

       CL_CrlVerify
Close Help