RSA BSAFE Cert-C

Certificate Components for C

Crypto-C 6.2.1 Developer's Guide
Search

CRL_ENTRY_INFO Reference

Allows viewing and alteration of aspects of a CRL entry in a CRL_ENTRIES_OBJ object via C_GetCRLEntry() and C_AddCRLEntry().

Samples:

crl.c, crlutil.c, and dcrl.c.

#include <crlapi.h> 

typedef struct CRL_ENTRY_INFO {

  ITEM           serialNumber;

  UINT4          actionTime;

  EXTENSIONS_OBJ crlEntryExtensions;
  
  POINTER        reserved;
} CRL_ENTRY_INFO;

Data Fields

ITEM serialNumber
 An ITEM structure that represents the serial number of the certificate being revoked. More...

UINT4 actionTime
 A UINT4 value that indicates the time the entry was added to the CRL. More...

EXTENSIONS_OBJ crlEntryExtensions
 An EXTENSIONS_OBJ object that contains X.509 v3 CRL entry extensions, if present. More...

POINTER reserved
 Set this field to NULL_PTR.
Reserved for future use.

Field Documentation

UINT4 actionTime
 

A UINT4 value that indicates the time the entry was added to the CRL. The time is specified as the number of seconds since 12:00 A.M. GMT, January 1, 1970.
If CRL_ENTRIES_OBJ belongs to CRL_VERSION_1, this parameter indicates the time the certificate was revoked.
If CRL_ENTRIES_OBJ belongs to CRL_VERSION_2, this parameter indicates the time the certificate was revoked or put on hold (depending on which CRL entry extension is in crlEntryExtensions).

EXTENSIONS_OBJ crlEntryExtensions
 

An EXTENSIONS_OBJ object that contains X.509 v3 CRL entry extensions, if present. If this parameter belongs to CRL_VERSION_2, the following cases apply:
If empty, the certificate is being revoked. If not empty and the reason code CRL entry extension is not given, the certificate is being revoked. If not empty and the reason code CRL entry extension is given, see the reason codes types outlined below. 




If you are revoking the certificate referenced by serialNumber because the subject's private key is compromised or suspected to be compromised, use one of the following reason code types: 




Reason Code Type Description 


CR_KEY_COMPROMISE It is known or suspected that the end-entity certificate subject's private key, or other aspects of the subject validated in the certificate, has been compromised. 


CR_CA_COMPROMISE It is known or suspected that the CA certificate subject's private key, or other aspects of the subject validated in the certificate, has been compromised. 

 



Use the Invalidity Date extension in crlEntryExtensions to contain the time that you suspect the key was compromised. Omit this extension if the time is unknown or is not needed.


If you are revoking the certificate referenced by serialNumber, but do not suspect that the subject's private key has been compromised, set the reason code to one of the following types:

 




Reason Code Type Description 


CR_UNSPECIFIED The reason code is unspecified. 


CR_AFFILIATION_CHANGED The subject's name or other information in the certificate has been modified, but there is no cause to suspect that the private key has been compromised. 


CR_SUPERSEDED The certificate has been superseded, but there is no cause to suspect that the private key has been compromised. 


CR_CESSATION_OF_OPERATION The certificate is no longer needed for the purpose for which it was issued, but there is no cause to suspect that the private key has been compromised. 


CR_PRIVILEGE_WITHDRAWN The certificate (public key or attribute certificate) was revoked because a privilege contained within the certificate has been withdrawn.  


CR_AA_COMPROMISE It is known or suspected that aspects of the Attribute Authority (AA) validated in the attribute certificate have been compromised. 

 



If you are placing the certificate on hold for further action, set the reason code to CR_CERTIFICATE_HOLD. 



If you are deleting the certificate from a delta CRL due to certificate expiration or hold release, set the reason code to CR_REMOVE_FROM_CRL.     

  







  

    
      

        

           ITEM serialNumber
      

    		
  





  

    
       
    
    



An ITEM structure that represents the serial number of the certificate being revoked. data points to a string that contains the serial number, and len contains the length of the serial number. Both are in canonical format. A serial number of length 0 (zero) means the serial number is 0 (zero).     

  







Copyright (c) 1999-2005 RSA Security Inc. All rights reserved.
067-001001-2720-001-000 - 2.7.2