TP_CertRemoveFromCrlTemplate(3)TP_CertRemoveFromCrlTemplate(3)NAME
TP_CertRemoveFromCrlTemplate, CSSM_TP_CertRemoveFromCrlTemplate -
Determine if the revoking certificate group can remove the subject cer‐
tificate group from the CRL template (CDSA)
SYNOPSIS
# include <cdsa/cssm.h>
API: CSSM_RETURN CSSMAPI CSSM_TP_CertRemoveFromCrlTemplate
(CSSM_TP_HANDLE TPHandle, CSSM_CL_HANDLE CLHandle, CSSM_CSP_HANDLE
CSPHandle, const CSSM_DATA *OldCrlTemplate, const CSSM_CERTGROUP *Cert‐
GroupToBeRemoved, const CSSM_CERTGROUP *RevokerCertGroup, const
CSSM_TP_VERIFY_CONTEXT *RevokerVerifyContext, CSSM_TP_VERIFY_CON‐
TEXT_RESULT_PTR RevokerVerifyResult, CSSM_DATA_PTR NewCrlTemplate) SPI:
CSSM_RETURN CSSMTPI TP_CertRemoveFromCrlTemplate (CSSM_TP_HANDLE TPHan‐
dle, CSSM_CL_HANDLE CLHandle, CSSM_CSP_HANDLE CSPHandle, const
CSSM_DATA *OldCrlTemplate, const CSSM_CERTGROUP *CertGroupToBeRemoved,
const CSSM_CERTGROUP *RevokerCertGroup, const CSSM_TP_VERIFY_CONTEXT
*RevokerVerifyContext, CSSM_TP_VERIFY_CONTEXT_RESULT_PTR RevokerVeri‐
fyResult, CSSM_DATA_PTR NewCrlTemplate)
LIBRARY
Common Security Services Manager library (libcssm.so)
PARAMETERS
The handle that describes the add-in trust policy module used to per‐
form this function. The handle that describes the add-in certificate
library module used to perform this function. The handle that
describes the add-in cryptographic service provider module used to per‐
form this function. A pointer to the CSSM_DATA structure containing an
existing certificate revocation list. If this input is NULL, a new list
is created or the operation fails. A group of one or more certificates
to be removed from the the CRL template. A group of one or more cer‐
tificates that partially or fully represent the revoking entity for
this operation. The first certificate in the group is the target cer‐
tificate representing the revoker. The use of subsequent certificates
is specific to the trust domain. A structure containing policy ele‐
ments useful in verifying certificates and their use with respect to a
security policy. Optional elements in the verify context left unspeci‐
fied will cause the internal default values to be used. Default values
are specified in the TP module vendor release documents. This context
is used to verify the revoker certificate group. A pointer to a struc‐
ture containing information generated during the verification process.
The information can include:
Evidence .PP (output/optional)
NumberOfEvidences .PP (output/optional)
A pointer to the CSSM_DATA structure containing the updated cer‐
tificate revocation list. If the pointer is NULL, an error has
occurred.
DESCRIPTION
The TP module determines whether the revoking certificate group can
remove the subject certificate group from the CRL template. The revoker
certificate group is first authenticated and its applicability to per‐
form this operation is determined. Once the trust is established, the
TP removes the certificates from the CRL template.
RETURN VALUE
A CSSM_RETURN value indicating success or specifying a particular error
condition. The value CSSM_OK indicates success. All other values repre‐
sent an error condition.
ERRORS
Errors are described in the CDSA technical standard. See
CDSA_intro(3). CSSMERR_TP_INVALID_CL_HANDLE CSS‐
MERR_TP_INVALID_CSP_HANDLE CSSMERR_TP_INVALID_CRL_POINTER CSS‐
MERR_TP_INVALID_CRL CSSMERR_TP_UNKNOWN_FORMAT CSS‐
MERR_TP_CRL_ALREADY_SIGNED CSSMERR_TP_INVALID_CERTGROUP_POINTER CSS‐
MERR_TP_INVALID_CERTGROUP CSSMERR_TP_INVALID_CERTIFICATE CSS‐
MERR_TP_INVALID_ACTION CSSMERR_TP_INVALID_ACTION_DATA CSSMERR_TP_VER‐
IFY_ACTION_FAILED CSSMERR_TP_INVALID_CRLGROUP_POINTER CSS‐
MERR_TP_INVALID_CRLGROUP CSSMERR_TP_INVALID_CRL_AUTHORITY CSS‐
MERR_TP_INVALID_CALLERAUTH_CONTEXT_POINTER CSSMERR_TP_INVALID_POL‐
ICY_IDENTIFIERS CSSMERR_TP_INVALID_TIMESTRING CSS‐
MERR_TP_INVALID_STOP_ON_POLICY CSSMERR_TP_INVALID_CALLBACK CSS‐
MERR_TP_INVALID_ANCHOR_CERT CSSMERR_TP_CERTGROUP_INCOMPLETE CSS‐
MERR_TP_INVALID_DL_HANDLE CSSMERR_TP_INVALID_DB_HANDLE CSS‐
MERR_TP_INVALID_DB_LIST_POINTER CSSMERR_TP_INVALID_DB_LIST CSS‐
MERR_TP_AUTHENTICATION_FAILED CSSMERR_TP_INSUFFICIENT_CREDENTIALS CSS‐
MERR_TP_NOT_TRUSTED CSSMERR_TP_CERT_REVOKED CSSMERR_TP_CERT_SUSPENDED
CSSMERR_TP_CERT_EXPIRED CSSMERR_TP_CERT_NOT_VALID_YET CSS‐
MERR_TP_INVALID_CERT_AUTHORITY CSSMERR_TP_INVALID_SIGNATURE CSS‐
MERR_TP_INVALID_NAME CSSMERR_TP_CERTIFICATE_CANT_OPERATE
SEE ALSO
Books
Intel CDSA Application Developer's Guide (see CDSA_intro(3))
Reference Pages
Functions for the CSSM API:
CSSM_CL_CrlAddCert(3)
Functions for the TP SPI:
CL_CrlAddCert(3)TP_CertRemoveFromCrlTemplate(3)