Library /sys$common/syshlp/helplib.hlb  —  CDSA  CDSA_API, CL CrlAddCert
 NAME

   CL_CrlAddCert,
   CSSM_CL_CrlAddCert - Revoke an input certificate (CDSA)

 SYNOPSIS

   # include <cssm.h>

    API:
        CSSM_RETURN CSSMAPI CSSM_CL_CrlAddCert
        (CSSM_CL_HANDLE CLHandle,
        CSSM_CC_HANDLE CCHandle,
        const CSSM_DATA *Cert,
        uint32 NumberOfFields,
        const CSSM_FIELD *CrlEntryFields,
        const CSSM_DATA *OldCrl,
        CSSM_DATA_PTR NewCrl)

    SPI:
        CSSM_RETURN CSSMCLI CL_CrlAddCert
        (CSSM_CL_HANDLE CLHandle,
        CSSM_CC_HANDLE CCHandle,
        const CSSM_DATA *Cert,
        uint32 NumberOfFields,
        const CSSM_FIELD *CrlEntryFields,
        const CSSM_DATA *OldCrl,
        CSSM_DATA_PTR NewCrl)

 LIBRARY

   Common Security Services Manager library (CDSA$INCSSM300_SHR.EXE)

 PARAMETERS

   CLHandle (input)
           The handle that describes the add-in certificate library module
           used to perform this function.

   CCHandle (input)
           The handle that describes the context of this cryptographic
           operation.

   Cert (input)
           A pointer to the CSSM_DATA structure containing the certificate
           to be revoked.

   NumberOfFields (input)
           The number of OID/value pairs specified in the CrlEntryFields
           input parameter.

   CrlEntryFields (input)
           An array of OID/value pairs specifying the initial values for
           descriptive data fields of the new CRL entry.

   OldCrl (input)
           A pointer to the CSSM_DATA structure containing the CRL to
           which the newly revoked certificate will be added.

   NewCrl (output)
           A pointer to the CSSM_DATA structure containing the updated
           CRL.  The NewCrl->Data is allocated by the service provider
           and must be deallocated by the application.

 DESCRIPTION

   This function revokes the input certificate by adding a record
   representing the certificate to the CRL. The values for the new entry
   in the CRL are specified by the list of OID/value input pairs. The
   reason for revocation is a typical value specified in the list. The
   new CRL entry is signed using the private key and signing algorithm
   specified in the CCHandle.

   The CCHandle must be a context created using the function
   CSSM_CSP_CreateSignatureContext() (CSSM API), or
   CSP_CreateSignatureContext() (CL SPI). The context must specify the
   Cryptographic Services Provider (CSP) module, the signing algorithm,
   and the signing key that must be used to perform this operation. The
   context must also provide the passphrase or a callback function to
   obtain the passphrase required to access and use the private key.

   The operation is valid only if the CRL has not been closed by the
   process of signing the CRL, by calling CSSM_CL_CrlSign() (CSSM API),
   or CL_CrlSign() (CL SPI). Once the CRL has been signed, entries cannot
   be added or removed.

 RETURN VALUE

   A CSSM_RETURN value indicating success or specifying a particular
   error condition. The value CSSM_OK indicates success. All other values
   represent an error condition.

 ERRORS

   Errors are described in the CDSA technical standard.  See CDSA.

        CSSMERR_CL_INVALID_CONTEXT_HANDLE
        CSSMERR_CL_INVALID_CERT_POINTER
        CSSMERR_CL_UNKNOWN_FORMAT
        CSSMERR_CL_INVALID_FIELD_POINTER
        CSSMERR_CL_UNKNOWN_TAG
        CSSMERR_CL_INVALID_NUMBER_OF_FIELDS
        CSSMERR_CL_INVALID_CRL_POINTER
        CSSMERR_CL_CRL_ALREADY_SIGNED

 SEE ALSO

   Books

   Intel CDSA Application Developer's Guide (see CDSA)

   Other Help Topics

   Functions for the CSSM API:

       CSSM_CL_CrlRemoveCert

   Functions for the CLI SPI:

       CL_CrlRemoveCert
Close Help