Sets an enumerated value for an LDAP directory.
Format
#include <gskcms.h>
gsk_status gsk_set_directory_enum (
gsk_handle directory_handle,
GSKCMS_DIRECTORY_ENUM_ID enum_id,
GSKCMS_DIRECTORY_ENUM_VALUE enum_value)
Parameters
- directory_handle
- Specifies an LDAP directory handle returned by gsk_open_directory().
- enum_id
- Specifies the directory enumeration identifier.
- enum_value
- Specifies the directory enumeration value.
Results
The function return value will be
0 (GSK_OK) if no error is detected. Otherwise, it will be
one of the return codes listed in the gskcms.h include file.
These are some possible errors:
- [CMSERR_ATTRIBUTE_INVALID_ID]
- The enumeration identifier is not valid or cannot be used with
the specified handle.
- [CMSERR_ATTRIBUTE_INVALID_ENUMERATION]
- The enumeration value is not valid or cannot be used with the
specified enumeration ID.
- [CMSERR_BAD_HANDLE]
- The handle is not valid.
Usage
The gsk_set_directory_enum() routine
sets the enumerated value for an LDAP directory vector. The LDAP directory
must have a valid LDAP handle as initialized using gsk_open_directory()
These
enumeration identifiers are supported:
- GSKCMS_CRL_SECURITY_LEVEL
- Specifies the level of security to be used when contacting an
LDAP server in order to check for revoked certificates in a Certificate
Revocation List (CRL). CRLs located will be cached according to the
GSK_CRL_CACHE_TIMEOUT setting of the SSL environment. To enforce contact
with the LDAP server for each CRL check, CRL caching must be disabled.
See gsk_attribute_set_numeric_value() and Environment variables for additional information about
the GSK_CRL_CACHE_TIMEOUT setting.
Three levels of security are
available:
- GSKCMS_CRL_SECURITY_LEVEL_LOW - Certificate validation will not
fail if the LDAP server cannot be contacted.
- GSKCMS_CRL_SECURITY_LEVEL_MEDIUM - Certificate validation requires
the LDAP server to be contactable, but does not require a CRL to be
defined. This is the default setting.
- GSKCMS_CRL_SECURITY_LEVEL_HIGH - Certificate validation requires
the LDAP server to be contactable, and a CRL to be defined.