Input

TPHandle

The handle that describes the TP module used to perform this function.

CSPHandle

The handle referencing a CSP to be used to verify signatures on the signer's certificate and on the CRL. The TP module is responsible for creating the cryptographic context structure required to perform the &tab;verification operation. If no CSP is specified, the TP module uses an&tab;assumed CSP to perform the operations.

DBList

A list of handle pairs specifying a DL module and a data store managed by that module. These data stores can be used to store or retrieve objects (such as certificate and CRLs) related to the signer's certificate. &tab;If no DL and database (DB) handle pairs are specified, the TP module &tab;can use an assumed DL module and an assumed data store, if required.

CrlToBeVerified

A pointer to the CSSM_DATA structure containing a signed CRL to be verified.

SignerCertGroup

A group of one or more certificates that partially or fully represent the signer of the CRL. The first certificate in the group is the target certificate representing the CRL signer. Use of subsequent certificates is specific to the trust domain. For example, in a hierarchical trust model subsequent &tab;members are intermediate certificates of a certificate chain.

VerifyScope

A pointer to the CSSM_FIELD array indicating the CRL fields to be included in the CRL signature verification process. A NULL input verifies &tab;the signature assuming the module's default set of fields was used in the &tab;signaturing process (this can include all fields in the CRL).

ScopeSize

The number of entries in the verify scope list. If the verification scope is not specified, the input parameter value for scope size must be zero.

Input/optional

CLHandle

The handle that describes the CL module that can be used to manipulate &tab;the certificates to be verified. If no CL module is specified, the TP module uses an assumed CL module, if required.