gsk_decode

Decodes an X.509 certificate revocation list.

Format

   #include <gskcms.h>

   gsk_status gsk_decode_crl (  
                               gsk_buffer *         stream, 
                               x509_crl *           crl)

Parameters

stream: Specifies the encoded certificate revocation list.
crl: Returns the decoded information. The application should call the gsk_free_crl() routine to release the decoded certificate revocation list when it is no longer needed.

Results

The function return value will be 0 if no error is detected. Otherwise, it will be one of the return codes listed in the gskcms.h include file. This is a possible error:

[ASN_NO_MEMORY]: Insufficient memory is available.

Usage

The gsk_decode_crl() routine decodes an X.509 certificate revocation list (CRL) and returns the decoded information to the application. The CRL must have been encoded as described in RFC 5280: Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. The derCertList field will contain the undecoded TBSCertList ASN.1 sequence for use in verifying the certificate signature, the tbsCertList field will contain the decoded TBSCertList ASN.1 sequence, and the signatureAlgorithm and signatureValue fields will contain the certificate signature. The gsk_encode_signature() routine can be used to recreate the encoded CRL from the x509_crl structure returned by the gsk_decode_crl() routine.

Character strings will be returned using UTF-8 encoding. If necessary, the application can call iconv() to convert the string to a different encoding.

The certificate extensions will be returned with the extension values in ASN.1 encoded format. The gsk_decode_certificate_extension() routine can be called to decode a particular certificate extension. This allows all of the certificate extensions to be returned even when one or more extensions cannot be processed by the System SSL runtime.