VMS Help
CDSA, CDSA_API, TP CertRemoveFromCrlTemplate
 *Conan The Librarian 

 NAME
   TP_CertRemoveFromCrlTemplate,
   CSSM_TP_CertRemoveFromCrlTemplate - Determine if the revoking
                                       certificate group can remove
                                       the subject certificate group
                                       from the CRL template (CDSA)

 SYNOPSIS
   # include <cssm.h>

    API:
        CSSM_RETURN CSSMAPI CSSM_TP_CertRemoveFromCrlTemplate
        (CSSM_TP_HANDLE TPHandle,
        CSSM_CL_HANDLE CLHandle,
        CSSM_CSP_HANDLE CSPHandle,
        const CSSM_DATA *OldCrlTemplate,
        const CSSM_CERTGROUP *CertGroupToBeRemoved,
        const CSSM_CERTGROUP *RevokerCertGroup,
        const CSSM_TP_VERIFY_CONTEXT *RevokerVerifyContext,
        CSSM_TP_VERIFY_CONTEXT_RESULT_PTR RevokerVerifyResult,
        CSSM_DATA_PTR NewCrlTemplate)
    SPI:
        CSSM_RETURN CSSMTPI TP_CertRemoveFromCrlTemplate
        (CSSM_TP_HANDLE TPHandle,
        CSSM_CL_HANDLE CLHandle,
        CSSM_CSP_HANDLE CSPHandle,
        const CSSM_DATA *OldCrlTemplate,
        const CSSM_CERTGROUP *CertGroupToBeRemoved,
        const CSSM_CERTGROUP *RevokerCertGroup,
        const CSSM_TP_VERIFY_CONTEXT *RevokerVerifyContext,
        CSSM_TP_VERIFY_CONTEXT_RESULT_PTR RevokerVerifyResult,
        CSSM_DATA_PTR NewCrlTemplate)

 LIBRARY
   Common Security Services Manager library (CDSA$INCSSM300_SHR.EXE)

 PARAMETERS
   TPHandle (input)
           The handle that describes the add-in trust policy module
           used to perform this function.

   CLHandle (input/optional)
           The handle that describes the add-in certificate library
           module used to perform this function.

   CSPHandle (input/optional)
           The handle that describes the add-in cryptographic service
           provider module used to perform this function.

   OldCrlTemplate (input/optional)
           A pointer to the CSSM_DATA structure containing an existing
           certificate revocation list. If this input is NULL, a new
           list is created or the operation fails.

   CertGroupToBeRemoved (input)
           A group of one or more certificates to be removed from the
           the CRL template.

   RevokerCertGroup (input)
           A group of one or more certificates that partially or fully
           represent the revoking entity for this operation. The first
           certificate in the group is the target certificate representing
           the revoker. The use of subsequent certificates is specific to
           the trust domain.

   RevokerVerifyContext (input)
           A structure containing policy elements useful in verifying
           certificates and their use with respect to a security policy.
           Optional elements in the verify context left unspecified will
           cause the internal default values to be used. Default values
           are specified in the TP module vendor release documents.
           This context is used to verify the revoker certificate group.

   RevokerVerifyResult (output/optional)
           A pointer to a structure containing information generated
           during the verification process. The information can include:

           Evidence            (output/optional)
           NumberOfEvidences   (output/optional)

   NewCrlTemplate (output)
           A pointer to the CSSM_DATA structure containing the updated
           certificate revocation list. If the pointer is NULL, an error
           has occurred.

 DESCRIPTION
   The TP module determines whether the revoking certificate group can
   remove the subject certificate group from the CRL template. The
   revoker certificate group is first authenticated and its applicability
   to perform this operation is determined. Once the trust is established,
   the TP removes the certificates from the CRL template.

 RETURN VALUE
   A CSSM_RETURN value indicating success or specifying a particular
   error condition. The value CSSM_OK indicates success. All other
   values represent an error condition.

 ERRORS
   Errors are described in the CDSA technical standard.  See CDSA.

        CSSMERR_TP_INVALID_CL_HANDLE
        CSSMERR_TP_INVALID_CSP_HANDLE
        CSSMERR_TP_INVALID_CRL_POINTER
        CSSMERR_TP_INVALID_CRL
        CSSMERR_TP_UNKNOWN_FORMAT
        CSSMERR_TP_CRL_ALREADY_SIGNED
        CSSMERR_TP_INVALID_CERTGROUP_POINTER
        CSSMERR_TP_INVALID_CERTGROUP
        CSSMERR_TP_INVALID_CERTIFICATE
        CSSMERR_TP_INVALID_ACTION
        CSSMERR_TP_INVALID_ACTION_DATA
        CSSMERR_TP_VERIFY_ACTION_FAILED
        CSSMERR_TP_INVALID_CRLGROUP_POINTER
        CSSMERR_TP_INVALID_CRLGROUP
        CSSMERR_TP_INVALID_CRL_AUTHORITY
        CSSMERR_TP_INVALID_CALLERAUTH_CONTEXT_POINTER
        CSSMERR_TP_INVALID_POLICY_IDENTIFIERS
        CSSMERR_TP_INVALID_TIMESTRING
        CSSMERR_TP_INVALID_STOP_ON_POLICY
        CSSMERR_TP_INVALID_CALLBACK
        CSSMERR_TP_INVALID_ANCHOR_CERT
        CSSMERR_TP_CERTGROUP_INCOMPLETE
        CSSMERR_TP_INVALID_DL_HANDLE
        CSSMERR_TP_INVALID_DB_HANDLE
        CSSMERR_TP_INVALID_DB_LIST_POINTER
        CSSMERR_TP_INVALID_DB_LIST
        CSSMERR_TP_AUTHENTICATION_FAILED
        CSSMERR_TP_INSUFFICIENT_CREDENTIALS
        CSSMERR_TP_NOT_TRUSTED
        CSSMERR_TP_CERT_REVOKED
        CSSMERR_TP_CERT_SUSPENDED
        CSSMERR_TP_CERT_EXPIRED
        CSSMERR_TP_CERT_NOT_VALID_YET
        CSSMERR_TP_INVALID_CERT_AUTHORITY
        CSSMERR_TP_INVALID_SIGNATURE
        CSSMERR_TP_INVALID_NAME
        CSSMERR_TP_CERTIFICATE_CANT_OPERATE

 SEE ALSO
   Books

   Intel CDSA Application Developer's Guide (see CDSA)

   Other Help Topics

   Functions for the CSSM API:

       CSSM_CL_CrlAddCert

   Functions for the TP SPI:

       CL_CrlAddCert
  Close     Help