z/OS Open Cryptographic Services Facility Application Programming
Previous topic | Next topic | Contents | Index | Contact z/OS | Library | PDF


CSSM_TP_ApplyCrlToDb

z/OS Open Cryptographic Services Facility Application Programming
SC24-5899-01

Purpose

This function updates persistent storage to reflect entries in the CRL. The TP module determines whether the memory-resident CRL is trusted, and if it should be applied to one or more of the persistent databases. Side effects of this function can include saving a persistent copy of the CRL in a data store or removing certificate records from a data store.

Format

CSSM_RETURN CSSMAPI CSSM_TP_ApplyCrlToDb 
               (CSSM_TP_HANDLE TPHandle,
               CSSM_CL_HANDLE CLHandle,
               CSSM_CSP_HANDLE CSPHandle,
               const CSSM_DL_DB_LIST_PTR DBList,
               const CSSM_DATA_PTR Crl)

Parameters

Input

TPHandle
The handle that describes the TP module used to perform this function.
Crl
A pointer to the CSSM_DATA structure containing a CRL to be applied to the data store.

Input/optional

CLHandle
The handle that describes the Certificate Library (CL) module that can be used to manipulate the CRL as it is applied to the data store and to manipulate the certificates affected by the CRL, if required. If no CL module is specified, the TP module uses an assumed CL module, if required.
CSPHandle
The handle referencing a Cryptographic Service Provider (CSP) to be used to verify signatures on the CRL determining whether to trust the CRL and apply it to the data store. The TP module is responsible for creating the cryptographic context structures required to perform the verification operation. If no CSP is specified, the TP module uses an assumed CSP to perform these operations.
DBList
A list of handle pairs specifying a Data Storage Library (DL) module and a data store managed by that module. These data stores can contain certificates that might be affected by the CRL, they may contain CRLs, or both. If no DL and database (DB) handle pairs are specified, the TP module must use an assumed DL module and an assumed data store for this operation.

Return Value

A CSSM_OK return value signifies that the revocations contained in the CRL have been appropriately applied to the specified database. When CSSM_FAIL is returned, an error has occurred. Use CSSM_GetError to obtain the error code.

Related Information

CSSM_CL_CrlGetFirstItem
CSSM_CL_CrlGetNextItem
CSSM_DL_CertRevoke

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014