RSA Security logo

RSA BSAFE Cert-C
API Reference

crlapi.h File Reference

This file defines the Cert-C CRL object API and data types.

#include "basetype.h"
#include "certext.h"

Go to the source code of this file.

Data Structures

 CRL_ENTRY_INFO
 Allows viewing and alteration of CRL entry aspects. More...

 CRL_FIELDS
 Allows viewing and updating of a CRL_OBJ object. More...


Typedefs

typedef CRL_ENTRY_INFO CRL_ENTRY_INFO
 Allows viewing and alteration of CRL entry aspects. More...

typedef CRL_FIELDS CRL_FIELDS
 Allows viewing and updating of a CRL_OBJ object. More...


Functions

int C_GetCRLEntriesCount (CRL_ENTRIES_OBJ crlEntriesObject, unsigned int *count)
 Sets count to the number of revocation entries contained in crlEntriesObject, which is typically the crlEntries member of a CRL_FIELDS structure. More...

int C_GetCRLEntry (CRL_ENTRIES_OBJ crlEntriesObject, CRL_ENTRY_INFO *crlEntryInfo, unsigned int crlEntryIndex)
 Gets the entry in the CRL list of crlEntriesObject at position crlEntryIndex. More...

int C_AddCRLEntry (CRL_ENTRIES_OBJ crlEntriesObject, CRL_ENTRY_INFO *crlEntryInfo, unsigned int *index)
 Adds a new CRL entry into the crlEntriesObject with the value given in crlEntryInfo. More...

int C_DeleteCRLEntry (CRL_ENTRIES_OBJ crlEntriesObject, unsigned int crlEntryIndex)
 Deletes the entry in crlEntriesObject referenced by crlEntryIndex. More...

int C_FindCRLEntryBySerialNumber (CRL_ENTRIES_OBJ crlEntriesObject, unsigned char *serialNumber, unsigned int serialNumberLen, unsigned int *crlEntryIndex)
 Searches for the CRL entry list in crlEntriesObject for an entry with the given serialNumber. More...

void C_ResetCRLEntries (CRL_ENTRIES_OBJ crlEntriesObject)
 Returns crlEntriesObject to the state it was in after it was created, by setting the number of entries to 0 (zero) and freeing any memory that was held by the object. More...

int C_CreateCRLObject (CRL_OBJ *crlObj, CERTC_CTX ctx)
 Stores a copy of ctx, the Cert-C context, in the resulting crlObj. More...

int C_CreateCRLObjectReference (CERTC_CTX ctx, CRL_OBJ crlObj, CRL_OBJ *crlObjRef)
 Creates a new reference to an existing crlObj. More...

void C_DestroyCRLObject (CRL_OBJ *crlObject)
 Frees the memory used by crlObject, and sets crlObject to (CRL_OBJ)NULL_PTR. More...

int C_PrepareUnsignedCRLForIssuer (CRL_OBJ crlObject, NAME_OBJ issuerName)
 Sets the CRL version in crlObject to CRL_VERSION_1, the issuer to issuerName, the signature algorithm to SA_MD2_WITH_RSA_ENCRYPTION, and the CRL_ENTRIES_OBJ to an empty list. More...

int C_SetCRLFields (CRL_OBJ crlObject, CRL_FIELDS *crlFields)
 Sets crlObject with the value in crlFields. More...

int C_GetCRLFields (CRL_OBJ crlObject, CRL_FIELDS *crlFields)
 Fills crlFields with the value found in crlObject. More...

int C_GetCRLDER (CRL_OBJ crlObject, unsigned char **der, unsigned int *derLen)
 Obtains the DER encoding of the value of crlObject, and stores a pointer to the DER encoding in der and its length in derLen. More...

int C_SetCRLBER (CRL_OBJ crlObject, unsigned char *ber, unsigned int berLen)
 Modifies the value of crlObject to the BER-encoded CRL given by ber and berLen. More...

int C_GetCRLInnerDER (CRL_OBJ crlObject, unsigned char **innerDER, unsigned int *innerDERLen)
 Obtains the DER encoding of the "to be signed" value of crlObject, and stores a pointer to the DER encoding in innerDER and its length in innerDERLen. More...

int C_SetCRLInnerBER (CRL_OBJ crlObject, unsigned char *innerBER, unsigned int innerBERLen)
 Sets the value of crlObject to the BER encoding of a CRL's "to be signed" value given by innerBER, of length innerBERLen. More...

int C_SignCRL (CRL_OBJ crlObj, B_KEY_OBJ privateKey,...)
 Signs a CRL using privateKey. More...

int C_VerifyCRLSignature (CRL_OBJ crlObj, B_KEY_OBJ publicKey,...)
 Uses publicKey, the public key of the issuer, to check the signature of the CRL in crlObj. More...

Typedef Documentation

typedef struct CRL_ENTRY_INFO CRL_ENTRY_INFO
 

Allows viewing and alteration of CRL entry aspects. The CRL_ENTRY_INFO structure allows viewing and alteration of aspects of a CRL entry in a CRL_ENTRIES_OBJ object, by calling the C_GetCRLEntry() and C_AddCRLEntry() functions.

Parameters:
serialNumber An ITEM structure that represents the serial number of the certificate being revoked. The data member points to a string that contains the serial number, and the len member contains the length of the serial number. Both are in canonical format. A serial number of length 0 (zero) means the serial number is 0 (zero).
actionTime A UINT4 value that indicates the time at which this entry was added to the CRL. The time is specified as the number of seconds since 12:00 A.M. GMT, January 1, 1970.

Note: If crlEntriesObject belongs to CRL_VERSION_1, then the actionTime indicates the time at which the certificate was revoked.
  • If crlEntriesObject belongs to CRL_VERSION_2, then the actionTime indicates the time at which the certificate was revoked or put on hold (depending on which CRL entry extension is in the crlEntryExtensions field).
    • crlEntryExtensions An EXTENSIONS_OBJ object that contains X.509 v3 CRL entry extensions, if present. If the crlEntriesObject belongs to CRL_VERSION_2, then the following cases apply: If the crlEntryExtensions field in crlEntryInfo has no entries, then the certificate is being revoked. If the crlEntryExtensions field is not empty and the Reason Code CRL entry extension is not given, then the certificate is being revoked. If the crlEntryExtensions field is not empty and the Reason Code CRL entry extension is given, then the following cases apply:

    Note: If you are revoking the certificate referenced by the serialNumber field because the subject's private key is compromised or suspected to be compromised, then use one of the following Reason Code types:

    Reason Code Type Description
    CR_KEY_COMPROMISE It is known or suspected that the end-entity certificate subject's private key, or other aspects of the subject validated in the certificate, has been compromised.
    CR_CA_COMPROMISE It is known or suspected that the CA certificate subject's private key, or other aspects of the subject validated in the certificate, has been compromised.

    Note: Use the Invalidity Date extension in the crlEntryExtensions field to contain the time that you suspect the key was compromised. Omit this extension if the time is unknown or is not needed.

    Note: If you are revoking the certificate referenced by serialNumber, but do not suspect that the subject's private key has been compromised, set the Reason Code to one of the following types:

    Reason Code Type Description
    CR_UNSPECIFIED The reason code is unspecified.
    CR_AFFILIATION_CHANGED The subject's name or other information in the certificate has been modified, but there is no cause to suspect that the private key has been compromised.
    CR_SUPERSEDED The certificate has been superseded, but there is no cause to suspect that the private key has been compromised.
    CR_CESSATION_OF_OPERATION The certificate is no longer needed for the purpose for which it was issued, but there is no cause to suspect that the private key has been compromised.

    If you are placing the certificate on hold for further action, set the Reason Code to the following type:

    Reason Code Type Description
    CR_CERTIFICATE_HOLD The certificate is being placed on hold.


    Note: If you are deleting the certificate from a delta CRL due to certificate expiration or hold release, set the Reason Code to the following type:

    Reason Code Type Description
    CR_REMOVE_FROM_CRL For use with delta CRLs only: the existing CRL entry should now be removed due to certificate expiration or hold release.

    reserved Set this field to NULL_PTR; it is reserved for future use.

    typedef struct CRL_FIELDS CRL_FIELDS
     

    Allows viewing and updating of a CRL_OBJ object. The CRL_FIELDS structure allows you to view and update information in an opaque CRL_OBJ object, by calling the C_GetCRLFields() and C_SetCRLFields() functions.

    Parameters:
    version A UINT2 value that indicates the CRL version number. Cert-C recognizes the following two types:

    CRL Version Number Description
    CRL_VERSION_1 1988 format (This is the default.)
    CRL_VERSION_2 1995 format (Supports the crlExtensions field.)

    signatureAlgorithm An int value that indicates the algorithm used to sign the CRL. In the case of an unsigned CRL, use this algorithm to sign the CRL. Cert-C supports the following signature algorithms:

    Signature Algorithm Description
    SA_MD2_WITH_RSA_ENCRYPTION Signature operations that involve the MD2 digest algorithm and RSA public-key algorithm
    SA_MD5_WITH_RSA_ENCRYPTION Signature operations that involve the MD5 digest algorithm and RSA public-key algorithm
    SA_SHA1_WITH_RSA_ENCRYPTION Signature operations that involve the SHA-1 digest algorithm and RSA public-key algorithm
    SA_OIW_SHA1_WITH_RSA_ENCRYPTION Signature operations that involve the SHA-1 digest algorithm, the OAEP masking according to OIW (OSI Implementers' Workshop) syntax, and RSA public-key algorithm
    SA_DSA_WITH_SHA1 Signature operations that involve the SHA-1 digest algorithm and the Digital Signature Algorithm

    issuerName A NAME_OBJ object that contains the CRL issuer's DN.
    lastUpdate A UINT4 value that indicates the time at which the CRL was last signed. The time is specified as the number of seconds since 12:00 A.M. GMT, January 1, 1970.
    nextUpdate A UINT4 value that indicates the time at which the next update of the CRL is expected, that is, the point at which the CRL expires. The time is specified as the number of seconds since 12:00 A.M. GMT, January 1, 1970.
    crlEntries A CRL_ENTRIES_OBJ object that contains the list of certificate serial numbers and their revocation times. This is where all revocation entries are stored.
    crlExtensions An EXTENSIONS_OBJ object that contains X.509 v3 extensions for the CRL. This field applies to CRLs of version CRL_VERSION_2 only. If the version is CRL_VERSION_1, then it should not contain any extension entries when C_SetCRLFields() is called.
    reserved Set this field to NULL_PTR; it is reserved for future use.

    Function Documentation

    int C_AddCRLEntry CRL_ENTRIES_OBJ    crlEntriesObject,
    CRL_ENTRY_INFO   crlEntryInfo,
    unsigned int *    index
    ;
     

    Adds a new CRL entry into the crlEntriesObject with the value given in crlEntryInfo. The data structure for crlEntryInfo is CRL_ENTRY_INFO.

    Parameters:
    crlEntriesObject This input and output parameter is the CRL entries object to be updated.
    crlEntryInfo This input parameter points to a CRL_ENTRY_INFO structure for the CRL entries information. Separate copies of the crlEntryExtensions and serialNumber (with leading zeroes stripped) are created internally for the crlEntriesObject, so that they can be changed after this call.
    index This output parameter is the CRL entries index. Regardless of the CRL version, the index of the new entry is returned in index. If this parameter is NULL, it is ignored.
    Returns:
    If successful, returns 0. If not, returns a Cert-C error code.

    int C_CreateCRLObject CRL_OBJ   crlObj,
    CERTC_CTX    ctx
    ;
     

    Stores a copy of ctx, the Cert-C context, in the resulting crlObj. If C_CreateCRLObject() is unsuccessful, no memory will be allocated and crlObj will be set to (CRL_OBJ)NULL_PTR.

    Parameters:
    crlObj This output parameter points to where the new CRL object is stored.
    ctx This input parameter is the Cert-C context.
    Returns:
    If successful, returns 0. If not, returns a Cert-C error code.

    int C_CreateCRLObjectReference CERTC_CTX    ctx,
    CRL_OBJ    crlObj,
    CRL_OBJ   crlObjRef
    ;
     

    Creates a new reference to an existing crlObj. Many references to a CRL object can be created, and, just as with the original crlObj, each reference must be destroyed using C_DestroyCRLObject().

    The reference can be treated exactly as any other CRL object, with one exception: modifying one reference to a CRL object modifies all references to that object.

    Parameters:
    ctx This input parameter is the Cert-C context.
    crlObj This input parameter is the CRL object from which a new reference will be created.
    crlObjRef This output parameter is a pointer to the location of the new CRL object reference.
    Returns:
    If successful, returns 0. If not, returns a Cert-C error code.

    int C_DeleteCRLEntry CRL_ENTRIES_OBJ    crlEntriesObject,
    unsigned int    crlEntryIndex
    ;
     

    Deletes the entry in crlEntriesObject referenced by crlEntryIndex. The entries after crlEntryIndex are all shifted back by one. The crlEntriesObject is typically the crlEntries member of a CRL_FIELDS structure.

    Parameters:
    crlEntriesObject This is both an input and an output parameter; it is the CRL entries object.
    crlEntryIndex This input parameter is the index of the CRL entry to delete.
    Returns:
    If successful, returns 0. If not, returns a Cert-C error code.

    void C_DestroyCRLObject CRL_OBJ   crlObject ;
     

    Frees the memory used by crlObject, and sets crlObject to (CRL_OBJ)NULL_PTR. If crlObject is already (CRL_OBJ)NULL_PTR, then no action is taken.

    Parameters:
    crlObject This is both an input and an output parameter. As an input parameter, it is the CRL object that Cert-C should destroy. As an output parameter, it is (CRL_OBJ)NULL_PTR.
    Returns:
    None.

    int C_FindCRLEntryBySerialNumber CRL_ENTRIES_OBJ    crlEntriesObject,
    unsigned char *    serialNumber,
    unsigned int    serialNumberLen,
    unsigned int *    crlEntryIndex
    ;
     

    Searches for the CRL entry list in crlEntriesObject for an entry with the given serialNumber. If an entry is found, its index in the list is returned in crlEntryIndex. Otherwise, E_NOT_FOUND is returned.

    Parameters:
    crlEntriesObject This input parameter is the CRL entries object.
    serialNumber This input parameter is the certificate's serial number.
    serialNumberLen This input parameter is the length of the certificate's serial number.
    crlEntryIndex This output parameter is a pointer to the CRL entries index result. If this parameter is NULL, it is ignored.
    Returns:
    If successful, returns 0. If not, returns a Cert-C error code.

    int C_GetCRLDER CRL_OBJ    crlObject,
    unsigned char **    der,
    unsigned int *    derLen
    ;
     

    Obtains the DER encoding of the value of crlObject, and stores a pointer to the DER encoding in der and its length in derLen.

    Note: The fields returned from this function are read-only. You do not need to create any objects or items before calling this function. Do not call any functions that modify these fields. Do not call any C_Destroy*() functions on these fields.

    Parameters:
    crlObject This input parameter is the CRL object.
    der This output parameter is the DER-encoded CRL.
    derLen This output parameter is the length of the DER-encoded CRL.
    Returns:
    If successful, returns 0. If not, returns a Cert-C error code.

    int C_GetCRLEntriesCount CRL_ENTRIES_OBJ    crlEntriesObject,
    unsigned int *    count
    ;
     

    Sets count to the number of revocation entries contained in crlEntriesObject, which is typically the crlEntries member of a CRL_FIELDS structure.

    Parameters:
    crlEntriesObject This input parameter is the CRL entries object.
    count This output parameter is the number of entries in the CRL entries object.
    Returns:
    If successful, returns 0. If not, returns a Cert-C error code.

    int C_GetCRLEntry CRL_ENTRIES_OBJ    crlEntriesObject,
    CRL_ENTRY_INFO   crlEntryInfo,
    unsigned int    crlEntryIndex
    ;
     

    Gets the entry in the CRL list of crlEntriesObject at position crlEntryIndex. The data structure for crlEntryInfo is CRL_ENTRY_INFO.

    Note: The fields returned from this function are read-only. You do not need to create any objects or items before calling this function. Do not call any functions that modify these fields. Do not call any C_Destroy*() functions on these fields.

    Parameters:
    crlEntriesObject This input parameter is the CRL entries object.
    crlEntryInfo This output parameter points to a data structure that contains information about a CRL entry. The serialNumber.data and serialNumber.len fields are set to the entries serial number and its length. The serial number returned by C_GetCRLEntry() has no leading zeroes. A crlEntryInfo.serialNumber.len of 0 (zero) implies that the serial number is 0 (zero). The actionTime field is set to the action time of the entry, measured in the number of seconds since 12:00 A.M. GMT, January 1, 1970. The crlEntryExtensions field is set to the extensions object in the entry, if one exists. Otherwise, it is set to (EXTENSIONS_OBJ)NULL_PTR.
    crlEntryIndex This input parameter is the CRL entries index.
    Returns:
    If successful, returns 0. If not, returns a Cert-C error code.

    int C_GetCRLFields CRL_OBJ    crlObject,
    CRL_FIELDS   crlFields
    ;
     

    Fills crlFields with the value found in crlObject. The data structure for crlFields is CRL_FIELDS.

    Note: You do not need to create any objects or items before calling this function. After calling this function, you share the returned fields with the crlObj. If you modify any of these fields, you must call the C_SetCrlFields() function to ensure that the internal state of the object is consistent with these modifications.

    Parameters:
    crlObject This input parameter is the CRL object.
    crlFields This is both an input and output parameter; it is the data structure for the CRL information. The version field indicates the CRL is either CRL_VERSION_1 or CRL_VERSION_2. The signatureAlgorithm field contains one of the following types:

    Signature Algorithm Type Description
    SA_MD2_WITH_RSA_ENCRYPTION Signature operations that involve the MD2 digest algorithm and RSA public-key algorithm
    SA_MD5_WITH_RSA_ENCRYPTION Signature operations that involve the MD5 digest algorithm and RSA public-key algorithm
    SA_SHA1_WITH_RSA_ENCRYPTION Signature operations that involve the SHA-1 digest algorithm and RSA public-key algorithm
    SA_OIW_SHA1_WITH_RSA_ENCRYPTION Signature operations that involve the SHA-1 digest algorithm, the OAEP masking according to OIW (OSI Implementers' Workshop) syntax, and RSA public-key algorithm
    SA_DSA_WITH_SHA1 Signature operations that involve the SHA-1 digest algorithm and the Digital Signature Algorithm

    The issuerName name object specifies the CRL's issuer. The lastUpdate and nextUpdate values specify the CRL's validity period. The time values are measured in seconds since 12:00 A.M. GMT, January 1, 1970. The crlEntries field gives access to the CRL. Its data can be obtained with the CRL entries functions. The extensionsObject gives all the CRL extensions that have been added. The NAME_OBJ, CRL_ENTRIES_OBJECT, and EXTENSIONS_OBJ do not need to be created before this call.

    Note: After this call, the issuerName, crlEntries, and extensionsObject fields point to the issuer name object, the CRL entries object, and the extensions object in the crlObject, respectively. Treat these objects as read-only fields. Do not call any functions that manipulate or modify the crlObj fields, because you will not be changing the actual values within crlObj itself. Do not attempt to call any C_Destroy*() functions on these objects, because if crlObj is destroyed, the objects are undefined. To change the crlObj fields, you must create new field structures and call C_SetCrlFields().
    Returns:
    If successful, returns 0. If not, returns a Cert-C error code.

    int C_GetCRLInnerDER CRL_OBJ    crlObject,
    unsigned char **    innerDER,
    unsigned int *    innerDERLen
    ;
     

    Obtains the DER encoding of the "to be signed" value of crlObject, and stores a pointer to the DER encoding in innerDER and its length in innerDERLen. The "to be signed" part of the CRL is the inner value without the issuer's signature.

    Note: The fields returned from this function are read-only. You do not need to create any objects or items before calling this function. Do not call any functions that modify these fields. Do not call any C_Destroy*() functions on these fields.

    Parameters:
    crlObject This input parameter is the CRL object.
    innerDER This output parameter is the DER-encoded inner CRL.
    innerDERLen This output parameter is the length of the DER-encoded inner CRL.
    Returns:
    If successful, returns 0. If not, returns a Cert-C error code.

    int C_PrepareUnsignedCRLForIssuer CRL_OBJ    crlObject,
    NAME_OBJ    issuerName
    ;
     

    Sets the CRL version in crlObject to CRL_VERSION_1, the issuer to issuerName, the signature algorithm to SA_MD2_WITH_RSA_ENCRYPTION, and the CRL_ENTRIES_OBJ to an empty list. The last-update and next-update times are set to 0 (zero), which represents 12:00 A.M. GMT, January 1, 1970.

    Parameters:
    crlObject This is both an input and an output parameter; it is the CRL object.
    issuerName This input parameter is the CRL issuer name.
    Returns:
    If successful, returns 0. If not, returns a Cert-C error code.

    void C_ResetCRLEntries CRL_ENTRIES_OBJ    crlEntriesObject ;
     

    Returns crlEntriesObject to the state it was in after it was created, by setting the number of entries to 0 (zero) and freeing any memory that was held by the object. The crlEntriesObject is typically the crlEntries member of a CRL_FIELDS structure.

    Parameters:
    crlEntriesObject This is both an input and an output parameter. As an input parameter, it is the CRL entries object that Cert-C should reset. As an output parameter, it is the reset CRL entries object.
    Returns:
    None.

    int C_SetCRLBER CRL_OBJ    crlObject,
    unsigned char *    ber,
    unsigned int    berLen
    ;
     

    Modifies the value of crlObject to the BER-encoded CRL given by ber and berLen. A separate copy of the BER-encoded CRL is allocated inside the CRL object so that ber can be changed after calling this function. If ber includes X.509 v3 extensions, these extensions are parsed and checked against the registered extensions and the supported standard extensions. If the incoming extension's criticality is TRUE and it is registered as FALSE in the extension handler table, the extension is saved with the criticality set to TRUE. However, if the incoming criticality is FALSE and the registered value is TRUE, an error is returned.

    Parameters:
    crlObject This is both an input and an output parameter. As an input parameter, it is the CRL object that Cert-C should update. As an output parameter, it is the updated CRL object.
    ber This input parameter is the BER-encoded CRL.
    berLen This input parameter is the length of the BER-encoded CRL.
    Returns:
    If successful, returns 0. If not, returns a Cert-C error code.

    int C_SetCRLFields CRL_OBJ    crlObject,
    CRL_FIELDS   crlFields
    ;
     

    Sets crlObject with the value in crlFields. The value in crlFields may be the current working value of crlObject, or another CRL object. After calling this function, the value in crlFields becomes the actual value of crlObject. The data structure for crlFields is CRL_FIELDS.

    Parameters:
    crlObject This is both an input and an output parameter; it is the CRL object.
    crlFields This input parameter points to a CRL_FIELDS data structure for the CRL information. The version field of CRL_FIELDS can be either CRL_VERSION_1 or CRL_VERSION_2. If the value of version does not agree with other data in CRL_FIELDS, then Cert-C modifies the version to agree with the other data in CRL_FIELDS. For example, if there are extensions in the crlExtensions field, the version will be set to CRL_VERSION_2. The signatureAlgorithm field of CRL_FIELDS must be either SA_MD_WITH_RSA_ENCRYPTION, SA_MD5_WITH_RSA_ENCRYPTION, SA_SHA1_WITH_RSA_ENCRYPTION, SA_OIW_SHA1_WITH_RSA_ENCRYPTION, or SA_DSA_WITH_SHA1. The issuerName object specifies the name of the issuer of the CRL. If any fields in CRL_FIELDS are different from the fields returned by C_GetCRLFields(), then C_SetCRLFields() makes a separate copy of those fields. The lastUpdate and nextUpdate values specify the CRL's validity period. The time values are measured in seconds since 12:00 A.M. GMT, January 1, 1970. If lastUpdate is later than nextUpdate, an error is returned.

    The crlEntries object supplies the certificate revocation entries. It is usually the same object that is returned by C_GetCRLEntries(). If crlEntries is (CRL_ENTRIES_OBJ)NULL_PTR, this indicates that there are no revocation entries. The extensionsObject supplies all the CRL extensions that were added.

    Returns:
    If successful, returns 0. If not, returns a Cert-C error code.

    int C_SetCRLInnerBER CRL_OBJ    crlObject,
    unsigned char *    innerBER,
    unsigned int    innerBERLen
    ;
     

    Sets the value of crlObject to the BER encoding of a CRL's "to be signed" value given by innerBER, of length innerBERLen. The "to be signed" part of the CRL is the inner value without the issuer signature. A separate copy of the BER encoding is allocated inside the CRL object so that innerBER can be changed after calling this function. If the inner CRL includes X.509 v3 extensions, these extensions are parsed and saved in crlObject. If the incoming extension criticality is TRUE and it is registered as FALSE, the extension is saved with the criticality set to TRUE. However, if the incoming criticality is FALSE and the registered value is TRUE, an error is returned.

    Parameters:
    crlObject This input and output parameter is the CRL object.
    innerBER This input parameter is the BER-encoded inner CRL.
    innerBERLen This input parameter is the length of the BER-encoded inner CRL.
    Returns:
    If successful, returns 0. If not, returns a Cert-C error code.

    int C_SignCRL CRL_OBJ    crlObj,
    B_KEY_OBJ    privateKey,
    ...   
    ;
     

    Signs a CRL using privateKey. This function contains extra variable parameters that make it backward-compatible with BCERT v1.

    Parameters:
    crlObj This input parameter is the CRL to sign. To ensure that CERTC_CTX is available, use Cert-C rather than BCERT to create this object.
    privateKey This input parameter is the private key used to sign the CRL.
    Returns:
    If successful, returns 0. If returns a Cert-C error code.

    int C_VerifyCRLSignature CRL_OBJ    crlObj,
    B_KEY_OBJ    publicKey,
    ...   
    ;
     

    Uses publicKey, the public key of the issuer, to check the signature of the CRL in crlObj. This function contains extra variable parameters that make it backward-compatible with BCERT v1.

    Parameters:
    crlObj This input parameter is the CRL object. To ensure that CERTC_CTX is available, use Cert-C rather than BCERT to create this object.
    publicKey This input parameter is the CRL issuer's public key that is used to verify the CRL signature.
    Returns:
    If successful, returns 0. If not, returns a Cert-C error code.


    RSA BSAFE® Cert-C 2.7 API Reference