Parameters

directory_handle

Specifies an LDAP directory handle returned by gsk_open_directory().

enum_id

Specifies the directory enumeration identifier.

enum_value

Specifies the directory enumeration value.

Results

The function return value will be 0 (GSK_OK) if no error is detected. Otherwise, it will be one of the return codes listed in the gskcms.h include file. These are some possible errors:

[CMSERR_ATTRIBUTE_INVALID_ID]

The enumeration identifier is not valid or cannot be used with the specified handle.

[CMSERR_ATTRIBUTE_INVALID_ENUMERATION]

The enumeration value is not valid or cannot be used with the specified enumeration ID.

[CMSERR_BAD_HANDLE]

The handle is not valid.

Usage

The gsk_set_directory_enum() routine sets the enumerated value for an LDAP directory vector. The LDAP directory must have a valid LDAP handle as initialized using gsk_open_directory()

These enumeration identifiers are supported:

GSKCMS_CRL_SECURITY_LEVEL

Specifies the level of security to be used when contacting an LDAP server in order to check for revoked certificates in a Certificate Revocation List (CRL). CRLs located will be cached according to the GSK_CRL_CACHE_TIMEOUT setting of the SSL environment. To enforce contact with the LDAP server for each CRL check, CRL caching must be disabled. See gsk_attribute_set_numeric_value() and Environment variables for additional information about the GSK_CRL_CACHE_TIMEOUT setting.

Three levels of security are available:

• GSKCMS_CRL_SECURITY_LEVEL_LOW - Certificate validation will not fail if the LDAP server cannot be contacted.
• GSKCMS_CRL_SECURITY_LEVEL_MEDIUM - Certificate validation requires the LDAP server to be contactable, but does not require a CRL to be defined. This is the default setting.
• GSKCMS_CRL_SECURITY_LEVEL_HIGH - Certificate validation requires the LDAP server to be contactable, and a CRL to be defined.