RSA Security logo

RSA BSAFE Cert-C
API Reference

DISTRIBUTION_POINT Reference

Represents a CRL Distribution Point extension for X.509 v3 CRLs.

It identifies how the CRL distribution point is obtained. While both distPointName and cRLIssuers are optional fields, at least one of these fields must contain a value; RFC 2459 states that reasons cannot be the only field in the encoding. The default criticality for this extension is NON_CRITICAL. A CRL can have multiple CRL Distribution Point extensions at any time. Use the DISTRIBUTION_POINT structure with the C_AddExtensionValue() and C_GetExtensionValue() functions.

Data Fields
distPointName A pointer to a DIST_POINT_NAME structure that contains the DNs of the CRL distribution point from which this CRL is distributed. This field is optional. A NULL value means this field is omitted from the DER encoding. See DIST_POINT_NAME for more information.
reasons A UINT4 value that can be used to limit the revocation reasons specified by this CRL. This field can be set to one or more of the values in the following table. If this field is not set, the CRL can specify any revocation reasons. Currently, the reason is ignored in Cert-C.

Reason Type Description
DPR_NO_REASONS Indicates that the reason was not contained in the DER encoding
DPR_UNUSED Indicates that a reason is not used
DPR_KEY_COMPROMISE Indicates revocation of an end-entity certificate; the subject's private key or validation information has been compromised
DPR_CA_COMPROMISE Indicates revocation of a CA certificate; the subject's private key or validation information has been compromised
DPR_AFFILIATION_CHANGED Indicates that the subject's name or other information has been changed
DPR_SUPERSEDED Indicates that the certificate has been superseded
DPR_CESSATION_OF_OPERATION Indicates that the certificate is no longer needed
DPR_CERTIFICATE_HOLD Indicates that the certificate is on hold

crlIssuers A pointer to a GENERAL_NAMES structure that contains a sequence of GENERAL_NAMEs. This field is optional. A NULL value means this field is omitted from the DER encoding. Cert-C uses the x500 DN to select CRLs from the CRL distribution point when the path algorithm is set to PKIX2.

#include <certext.h> 

02389 typedef struct DISTRIBUTION_POINT {
02390   DIST_POINT_NAME  *distPointName;
02391   UINT4            reasons;
02392   GENERAL_NAMES    *cRLIssuers;
02393 } DISTRIBUTION_POINT;
The documentation for this struct was generated from the following file:

RSA BSAFE® Cert-C 2.7 API Reference