This function verifies that the signed CRL has not been altered since it was signed by the designated signer. It does this by verifying the digital signature over the fields specified by the VerifyScope parameter.

CSSM_BOOL CSSMAPI CSSM_CL_CrlVerify
             (CSSM_CL_HANDLE CLHandle,
             CSSM_CC_HANDLE CCHandle,
             const CSSM_DATA_PTR CrlToBeVerified,
             const CSSM_DATA_PTR SignerCert,
             const CSSM_FIELD_PTR VerifyScope,
             uint32 ScopeSize)

Input

CLHandle

The handle that describes the CL module used to perform this function.

CCHandle

The handle that describes the context of this cryptographic operation.

CrlToBeVerified

A pointer to the CSSM_DATA structure containing the CRL to be verified.

SignerCert

A pointer to the CSSM_DATA structure containing the certificate used to sign the CRL.

ScopeSize

The number of entries in the verify scope list. If the verification scope is not specified, the input value for scope size must be zero.

Input/optional

VerifyScope

A pointer to the CSSM_FIELD array containing the tag/value pairs of the fields to be verified. If the verification scope is NULL, the CL module assumes that a default set of fields were used in the signing process, and those same fields are used in the verification process.

A CSSM_TRUE return value signifies that the CRL verifies successfully. When CSSM_FALSE is returned, either the CRL verified unsuccessfully or an error has occurred. Use CSSM_GetError to obtain the error code.

CSSM_CL_CrlSign