CL_CrlAddCert(3)CL_CrlAddCert(3)NAME
CL_CrlAddCert, CSSM_CL_CrlAddCert - Revoke an input certificate (CDSA)
SYNOPSIS
# include <cdsa/cssm.h>
API: CSSM_RETURN CSSMAPI CSSM_CL_CrlAddCert (CSSM_CL_HANDLE CLHandle,
CSSM_CC_HANDLE CCHandle, const CSSM_DATA *Cert, uint32 NumberOfFields,
const CSSM_FIELD *CrlEntryFields, const CSSM_DATA *OldCrl,
CSSM_DATA_PTR NewCrl) SPI: CSSM_RETURN CSSMCLI CL_CrlAddCert
(CSSM_CL_HANDLE CLHandle, CSSM_CC_HANDLE CCHandle, const CSSM_DATA
*Cert, uint32 NumberOfFields, const CSSM_FIELD *CrlEntryFields, const
CSSM_DATA *OldCrl, CSSM_DATA_PTR NewCrl)
LIBRARY
Common Security Services Manager library (libcssm.so)
PARAMETERS
The handle that describes the add-in certificate library module used to
perform this function. The handle that describes the context of this
cryptographic operation. A pointer to the CSSM_DATA structure contain‐
ing the certificate to be revoked. The number of OID/value pairs spec‐
ified in the CrlEntryFields input parameter. An array of OID/value
pairs specifying the initial values for descriptive data fields of the
new CRL entry. A pointer to the CSSM_DATA structure containing the CRL
to which the newly revoked certificate will be added. A pointer to the
CSSM_DATA structure containing the updated CRL. The NewCrl->Data is
allocated by the service provider and must be deallocated by the appli‐
cation.
DESCRIPTION
This function revokes the input certificate by adding a record repre‐
senting the certificate to the CRL. The values for the new entry in the
CRL are specified by the list of OID/value input pairs. The reason for
revocation is a typical value specified in the list. The new CRL entry
is signed using the private key and signing algorithm specified in the
CCHandle.
The CCHandle must be a context created using the function CSSM_CSP_Cre‐
ateSignatureContext() (CSSM API), or CSP_CreateSignatureContext() (CL
SPI). The context must specify the Cryptographic Services Provider
(CSP) module, the signing algorithm, and the signing key that must be
used to perform this operation. The context must also provide the
passphrase or a callback function to obtain the passphrase required to
access and use the private key.
The operation is valid only if the CRL has not been closed by the
process of signing the CRL, by calling CSSM_CL_CrlSign() (CSSM API), or
CL_CrlSign() (CL SPI). Once the CRL has been signed, entries cannot be
added or removed.
RETURN VALUE
A CSSM_RETURN value indicating success or specifying a particular error
condition. The value CSSM_OK indicates success. All other values repre‐
sent an error condition.
ERRORS
Errors are described in the CDSA technical standard. See
CDSA_intro(3). CSSMERR_CL_INVALID_CONTEXT_HANDLE CSS‐
MERR_CL_INVALID_CERT_POINTER CSSMERR_CL_UNKNOWN_FORMAT CSS‐
MERR_CL_INVALID_FIELD_POINTER CSSMERR_CL_UNKNOWN_TAG CSS‐
MERR_CL_INVALID_NUMBER_OF_FIELDS CSSMERR_CL_INVALID_CRL_POINTER CSS‐
MERR_CL_CRL_ALREADY_SIGNED
SEE ALSO
Books
Intel CDSA Application Developer's Guide (see CDSA_intro(3))
Reference Pages
Functions for the CSSM API:
CSSM_CL_CrlRemoveCert(3)
Functions for the CLI SPI:
CL_CrlRemoveCert(3)CL_CrlAddCert(3)