Previous topic |
Next topic |
Contents |
Contact z/OS |
Library |
PDF
gsk_decode_crl() z/OS Cryptographic Services System SSL Programming SC14-7495-00 |
|
Decodes an X.509 certificate revocation list.
Format
Parameters
ResultsThe function return value will be
0 if no error is detected. Otherwise, it will be one of the return
codes listed in the gskcms.h include file. This is a possible
error:
UsageThe gsk_decode_crl() routine decodes an X.509 certificate revocation list (CRL) and returns the decoded information to the application. The CRL must have been encoded as described in RFC 5280: Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. The derCertList field will contain the undecoded TBSCertList ASN.1 sequence for use in verifying the certificate signature, the tbsCertList field will contain the decoded TBSCertList ASN.1 sequence, and the signatureAlgorithm and signatureValue fields will contain the certificate signature. The gsk_encode_signature() routine can be used to recreate the encoded CRL from the x509_crl structure returned by the gsk_decode_crl() routine. Character strings will be returned using UTF-8 encoding. If necessary, the application can call iconv() to convert the string to a different encoding. The certificate extensions will be returned with the extension values in ASN.1 encoded format. The gsk_decode_certificate_extension() routine can be called to decode a particular certificate extension. This allows all of the certificate extensions to be returned even when one or more extensions cannot be processed by the System SSL runtime. |
Copyright IBM Corporation 1990, 2014
|