RSA Security logo

RSA BSAFE Cert-C
API Reference

ISSUING_DISTRIBUTION_POINT Reference

Represents an Issuing Distribution Point extension for X.509 v3 CRLs.

It identifies the CRL distribution point from which this CRL is distributed, and the types of information this CRL can contain. The default criticality for this extension is CRITICAL. A CRL can have only one Issuing Distribution Point extension at a time. Use the ISSUING_DISTRIBUTION_POINT structure with the C_AddExtensionValue() and C_GetExtensionValue() functions.

Data Fields
distributionPoint A pointer to a DIST_POINT_NAME structure that contains the DNs of the CRL distribution point from which this CRL is distributed.
userCerts An int value that indicates whether this CRL covers revocation for end-entity certificates or not. This field can be set to one of the values in the following table:

End-Entity Certificate Type Description
IDP_VALUE_TRUE Indicates that the CRL covers revocation for end-entity certificates.
IDP_VALUE_FALSE Indicates that the CRL does not cover revocation for end-entity certificates.

CACerts An int value that indicates whether this CRL covers revocation for CA certificates or not. This field can be set to one of the values in the following table:

CA Certificate Type Description
IDP_VALUE_TRUE Indicates that the CRL covers revocation for CA certificates.
IDP_VALUE_FALSE Indicates that the CRL does not cover revocation for CA certificates.

reasons A UINT4 value that limits the revocation reasons that can be specified by this CRL. This field can be set to one or more of the values in the following table. If this field is not set, the CRL can specify any revocation reasons.

Revocation Reason Description
DPR_NO_REASONS Indicates that the reason was not contained in the DER encoding.
DPR_UNUSED Indicates that a reason is not used.
DPR_KEY_COMPROMISE Indicates revocation of an end-entity certificate; the subject's private key or validation information has been compromised.
DPR_CA_COMPROMISE Indicates revocation of a CA certificate; the subject's private key or validation information has been compromised.
DPR_AFFILIATION_CHANGED Indicates that the subject's name or other information has been changed.
DPR_SUPERSEDED Indicates that the certificate has been superseded.
DPR_CESSATION_OF_OPERATION Indicates that the certificate is no longer needed.
DPR_CERTIFICATE_HOLD Indicates that the certificate is on hold.

indirectCRL An int value that indicates whether this CRL can contain revocation notifications from CAs other than the issuer of the CRL. This field can be set to one of the values in the following table:

Indirect CRL Option Description
IDP_VALUE_TRUE The CRL can contain revocation notifications from CAs other than the CA that issued the CRL.
IDP_VALUE_FALSE The CRL can contain only revocation notifications from the CA that issued the CRL.

If this is an indirect CRL, note that distributionPoint identifies only the issuer of the CRL, not the issuer of the certificates in the CRL. Therefore, the CA that issued the certificates in the CRL must be identified by a Certificate Issuer extension in each CRL entry.

#include <certext.h> 

02529 typedef struct ISSUING_DISTRIBUTION_POINT {
02530   DIST_POINT_NAME *distributionPoint;
02531   int             userCerts;
02532   int             CACerts;
02533   UINT4           reasons;
02534   int             indirectCRL;
02535 } ISSUING_DISTRIBUTION_POINT;
The documentation for this struct was generated from the following file:

RSA BSAFE® Cert-C 2.7 API Reference