RSA BSAFE Cert-C

Certificate Components for C

Crypto-C 6.2.1 Developer's Guide
Search

DISTRIBUTION_POINT Reference

Represents a CRL Distribution Point (DP) extension for X.509 v3 CRLs.

It identifies how the CRL DP is obtained. While both distPointName and cRLIssuers are optional fields, at least one of these fields must contain a value as RFC 2459 states that reasons cannot be the only field in the encoding. The default criticality for this extension is NON_CRITICAL. A CRL can have multiple CRL DP extensions at any time. Use this structure with C_AddExtensionValue() and C_GetExtensionValue().

Samples:

extnhlp.c.

#include <certext.h> 

typedef struct DISTRIBUTION_POINT {

  DIST_POINT_NAME  *distPointName;

  UINT4            reasons;

  GENERAL_NAMES    *cRLIssuers;
} DISTRIBUTION_POINT;

Data Fields

DIST_POINT_NAMEdistPointName
 A pointer to a DIST_POINT_NAME structure that contains the DNs of the CRL DP from which this CRL is distributed. More...

UINT4 reasons
 A UINT4 value that can be used to limit the revocation reasons specified by this CRL. More...

GENERAL_NAMEScRLIssuers
 A pointer to a GENERAL_NAMES structure that contains a sequence of GENERAL_NAMEs. More...

Field Documentation

GENERAL_NAMES* cRLIssuers
 

A pointer to a GENERAL_NAMES structure that contains a sequence of GENERAL_NAMEs. This field is optional. A NULL value means this field is omitted from the DER encoding. Cert-C uses the x500 DN to select CRLs from the CRL distribution point when the path algorithm is set to PKIX2.

DIST_POINT_NAME* distPointName
 

A pointer to a DIST_POINT_NAME structure that contains the DNs of the CRL DP from which this CRL is distributed. This field is optional. A NULL value means this field is omitted from the DER encoding.

UINT4 reasons
 

A UINT4 value that can be used to limit the revocation reasons specified by this CRL. This field can be set to one or more of the values in the following table. If this field is not set, the CRL can specify any revocation reasons. Currently, the reason is ignored in Cert-C. 




 
Reason Type Description 


DPR_NO_REASONS Indicates the reason was not contained in the DER encoding 


DPR_UNUSED Indicates a reason is not used 


DPR_KEY_COMPROMISE Indicates revocation of an end-entity certificate; the subject's private key or validation information has been compromised 


DPR_CA_COMPROMISE Indicates revocation of a CA certificate; the subject's private key or validation information has been compromised 


DPR_AFFILIATION_CHANGED Indicates the subject's name or other information has been changed  


DPR_SUPERSEDED Indicates the certificate has been superseded 


DPR_CESSATION_OF_OPERATION Indicates the certificate is no longer needed 


DPR_CERTIFICATE_HOLD Indicates the certificate is on hold 

     

  







Copyright (c) 1999-2005 RSA Security Inc. All rights reserved.
067-001001-2720-001-000 - 2.7.2