IBM Standard Trust Policy Library, Version 1.0

The IBM Standard Trust Policy Library provides a simple generic service for verifying chains of X.509 certificates. The current version does not support operations that require DL operations. This module expects X.509 Version 3 signed certificates in ASN/DER-encoded format. In order to verify a given certificate, the application should supply the complete chain (see Table 7). This is to be used in conjunction with the IBM Certificate Library, Version 1.0 service provider and the IBM Software Service Cryptographic Provider, Version 1.0.

Notes:

CSSM_TP_CertGroupVerify - The application should supply one anchor certificate and an ordered chain of certificates in the CertToBeVerified argument.

These function arguments are ignored: Evidence, EvidenceSize, Action, policyIdentifers, NumberOfPolicyIdentifiers, VerificationAbortOn, VerifyScope, ScopeSize, DBList, Data.

This function returns these error codes as shown in Table 8.

Table 8. CSSM_TP_CertGroupVerify Error Codes
Error Code	Description
CSSM_TP_INVALID_TP_HANDLE	TPHandle argument is NULL or invalid.
CSSM_TP_INVALID_CL_HANDLE	CLHandle argument is NULL or invalid.
CSSM_TP_INVALID_CSP_HANDLE	CSPHandle argument is NULL or invalid.
CSSM_TP_INVALID_DATA_POINTER	CertToBeVerified argument is NULL or invalid. This argument is invalid if the length is set to 0 or the pointer to data is NULL.
CSSM_TP_INVALID_CC_HANDLE	This error occurs if TP is unable to create a cryptographic context using the supplied CSPHandle and the certificates.
CSSM_TP_ANCHOR_NOT_SELF_SIGNED	The supplied anchor certificate is not self-signed.
CSSM_TP_ANCHOR_NOT_FOUND	The supplied anchor certificate is not the anchor for any of the certificates in the supplied chain.
CSSM_TP_CERT_VERIFY_FAIL	The supplied certificate chain cannot be verified.