Previous topic |
Next topic |
Contents |
Contact z/OS |
Library |
PDF
CSSM_TP_PassThrough z/OS Cryptographic Services PKI Services Guide and Reference SA23-2286-00 |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
PurposeThis function lets applications call TP module-specific operations that have been exported. For PKITP, the module-specific operations support certificate chain validation, based on the CA and SITE certificates that are contained within a key ring. Format
Parameters
The DB listThis DBList contains one or more handles to open DB stores. The last entry in this list must be a handle to an OCEPDL DB (a real or virtual SAF key ring). The key ring is used to declare the list of trusted CA and SITE certificates. Like the OCEP Trust Policy, certificate chains to verify must originate from one of these trusted CAs (anchors) or the end-entity certificate must be one of the SITE certificates. Also like the OCEP Trust Policy, if the security product (SAF) marks any certificate in the candidate chain NOTRUST, the certificate chain fails validation. The other entries in the list are used for LDAPDL DB stores. PKITP runs through these to locate CRLs and intermediate CA certificates. For each item PKITP requests, the LDAPDLs are queried in the order in which they appear in the list. The search stops the first time an LDAPDL returns an item or when the OCEPDL is reached. No query is made to the OCEPDL to locate CRLs or intermediate CA certificates. The initial policyThe
following optional, caller-provided and initialized structure defines
InitialPolicy. PKITP uses the default values if the structure is not
provided:
The evidenceThe
following optional, caller-provided structure defines the evidence.
This structure is used to return information relative to the validation
decision PKITP makes. The caller must free the data areas returned.
(The FreeEvidence pass-through function is provided for this.)
Error codesTable 1 lists
the error codes that are unique to PKI Services OCSF Trust
Policy (PKITP).
|
Copyright IBM Corporation 1990, 2014
|