HP UX Security Products and Features Software Certificate Revocation List Operations

Common Data Security Architecture (CDSA) White Paper

Certificate Library Services (CL) API

Returns the first field in the certificate matching the input OID. If the certificate contains more than one instance of the requested OID, the CL returns a handle used for obtaining and tallying the additional instances of the OID in the certificate. The application obtains the additional matching instances by repeated calls to CL_CertGetNextFieldValue.

CL_CertGetNextFieldValue ( )

Returns the next field that matched the OID given in the CL_CertGetFirstFieldValue function.

CL_CertAbortQuery ( )

Releases the handle assigned by the CL_CertGetFirstFieldValue function to identify the results of a certificate query. It is only supported by certificate library modules that allow multiple instances of an OID in a single certificate.

CL_CertGetKeyInfo ( )

Retrieves the public key information stored in the certificate, based on which portions of the CSSM_KEY data structure the CL has specified for the CSSM to reveal.

CL_CertGetAllFields ( )

Returns a list of all the fields in the input certificate, as described by their OID/value pairs.

CL_CertDescribeFormat ( )

Returns a list of the kinds of data objects comprising the CL module’s own certificate format.

Certificate Revocation List Operations This section summarizes the functions that comprise the CRL operations in the certificate library interface, as to operation and parameter definitions.

CL_CrlCreateTemplate ( )

Creates a CRL in the default CRL format based on the OID/value pairs provided by the application. The CL makes its supported OIDs available to the application by two means: via the CrlTemplate registered with CSSM and the CL_CrlDescribeFormat function. The CL defines which fields are required to create a CRL, or conversely, which fields cannot be set using this function. The returned CRL template is not valid until it has been signed.

CL_CrlSetFields ( )

Sets the fields of an existing CRL to new values, based on the OID/value pairs provided by the application. The CL defines the fields that must or cannot be set using this function, and for specifying module-specific behavior, such as overwriting existing fields, adding new fields, or modifying CRL records. This operation is valid only if the CRL has not been signed. Once the CRL has been signed, fields cannot be changed.

CL_CrlAddCert ( )