Purpose
This
function updates persistent storage to reflect entries in the CRL. The TP
module determines whether the memory-resident CRL is trusted, and if it should
be applied to one or more of the persistent databases. Side effects of this
function can include saving a persistent copy of the CRL in a data store or
removing certificate records from a data store.
Format
CSSM_RETURN CSSMAPI CSSM_TP_ApplyCrlToDb
(CSSM_TP_HANDLE TPHandle,
CSSM_CL_HANDLE CLHandle,
CSSM_CSP_HANDLE CSPHandle,
const CSSM_DL_DB_LIST_PTR DBList,
const CSSM_DATA_PTR Crl)
Parameters
Input
- TPHandle
- The handle that describes the TP module used to perform this function.
- Crl
- A pointer to the CSSM_DATA structure containing a CRL to be applied
to the data store.
Input/optional
- CLHandle
- The handle that describes the Certificate Library (CL) module that can
be used to manipulate the CRL as it is applied to the data store and to manipulate
the certificates affected by the CRL, if required. If no CL module is specified,
the TP module uses an assumed CL module, if required.
- CSPHandle
- The handle referencing a Cryptographic Service Provider (CSP) to be
used to verify signatures on the CRL determining whether to trust the CRL
and apply it to the data store. The TP module is responsible for creating
the cryptographic context structures required to perform the verification
operation. If no CSP is specified, the TP module uses an assumed CSP to perform
these operations.
- DBList
- A list of handle pairs specifying a Data Storage Library (DL) module
and a data store managed by that module. These data stores can contain certificates
that might be affected by the CRL, they may contain CRLs, or both. If no
DL and database (DB) handle pairs are specified, the TP module must use an
assumed DL module and an assumed data store for this operation.
Return Value
A CSSM_OK return value signifies that the revocations contained in the
CRL have been appropriately applied to the specified database. When CSSM_FAIL
is returned, an error has occurred. Use CSSM_GetError to obtain the error
code.
Related Information
CSSM_CL_CrlGetFirstItem
CSSM_CL_CrlGetNextItem
CSSM_DL_CertRevoke
|