RSA Security logo

RSA BSAFE Cert-C
API Reference

CRL_ENTRY_INFO Reference

Allows viewing and alteration of CRL entry aspects.

The CRL_ENTRY_INFO structure allows viewing and alteration of aspects of a CRL entry in a CRL_ENTRIES_OBJ object, by calling the C_GetCRLEntry() and C_AddCRLEntry() functions.

Data Fields
serialNumber An ITEM structure that represents the serial number of the certificate being revoked. The data member points to a string that contains the serial number, and the len member contains the length of the serial number. Both are in canonical format. A serial number of length 0 (zero) means the serial number is 0 (zero).
actionTime A UINT4 value that indicates the time at which this entry was added to the CRL. The time is specified as the number of seconds since 12:00 A.M. GMT, January 1, 1970.

Note: If crlEntriesObject belongs to CRL_VERSION_1, then the actionTime indicates the time at which the certificate was revoked.
  • If crlEntriesObject belongs to CRL_VERSION_2, then the actionTime indicates the time at which the certificate was revoked or put on hold (depending on which CRL entry extension is in the crlEntryExtensions field).
    • crlEntryExtensions An EXTENSIONS_OBJ object that contains X.509 v3 CRL entry extensions, if present. If the crlEntriesObject belongs to CRL_VERSION_2, then the following cases apply: If the crlEntryExtensions field in crlEntryInfo has no entries, then the certificate is being revoked. If the crlEntryExtensions field is not empty and the Reason Code CRL entry extension is not given, then the certificate is being revoked. If the crlEntryExtensions field is not empty and the Reason Code CRL entry extension is given, then the following cases apply:

    Note: If you are revoking the certificate referenced by the serialNumber field because the subject's private key is compromised or suspected to be compromised, then use one of the following Reason Code types:

    Reason Code Type Description
    CR_KEY_COMPROMISE It is known or suspected that the end-entity certificate subject's private key, or other aspects of the subject validated in the certificate, has been compromised.
    CR_CA_COMPROMISE It is known or suspected that the CA certificate subject's private key, or other aspects of the subject validated in the certificate, has been compromised.

    Note: Use the Invalidity Date extension in the crlEntryExtensions field to contain the time that you suspect the key was compromised. Omit this extension if the time is unknown or is not needed.

    Note: If you are revoking the certificate referenced by serialNumber, but do not suspect that the subject's private key has been compromised, set the Reason Code to one of the following types:

    Reason Code Type Description
    CR_UNSPECIFIED The reason code is unspecified.
    CR_AFFILIATION_CHANGED The subject's name or other information in the certificate has been modified, but there is no cause to suspect that the private key has been compromised.
    CR_SUPERSEDED The certificate has been superseded, but there is no cause to suspect that the private key has been compromised.
    CR_CESSATION_OF_OPERATION The certificate is no longer needed for the purpose for which it was issued, but there is no cause to suspect that the private key has been compromised.

    If you are placing the certificate on hold for further action, set the Reason Code to the following type:

    Reason Code Type Description
    CR_CERTIFICATE_HOLD The certificate is being placed on hold.


    Note: If you are deleting the certificate from a delta CRL due to certificate expiration or hold release, set the Reason Code to the following type:

    Reason Code Type Description
    CR_REMOVE_FROM_CRL For use with delta CRLs only: the existing CRL entry should now be removed due to certificate expiration or hold release.

    reserved Set this field to NULL_PTR; it is reserved for future use.

    #include <crlapi.h> 

    00156 typedef struct CRL_ENTRY_INFO {
00157   ITEM           serialNumber;                 /* certificate serial number */
00158   UINT4          actionTime;     /* time the certificate is revoked or held */
00159   EXTENSIONS_OBJ crlEntryExtensions;                    /* extension object */
00160   POINTER        reserved;                       /* reserved for future use */
00161 } CRL_ENTRY_INFO;
    The documentation for this struct was generated from the following file:

    RSA BSAFE® Cert-C 2.7 API Reference