RSA BSAFE Cert-C

Certificate Components for C

Crypto-C 6.2.1 Developer's Guide
Search

ISSUING_DISTRIBUTION_POINT Reference

Represents an Issuing Distribution Point (DP) extension for X.509 v3 CRLs.

It identifies the CRL DP from which this CRL is distributed, and the types of information this CRL can contain. The default criticality for this extension is CRITICAL. A CRL can have only one Issuing DP extension at a time. Use this structure with C_AddExtensionValue() and C_GetExtensionValue().

#include <certext.h> 

typedef struct ISSUING_DISTRIBUTION_POINT {

  DIST_POINT_NAME *distributionPoint;

  int             userCerts;

  int             CACerts;

  UINT4           reasons;

  int             indirectCRL;
} ISSUING_DISTRIBUTION_POINT;

Data Fields

DIST_POINT_NAMEdistributionPoint
 A pointer to a DIST_POINT_NAME structure that contains the DNs of the CRL DP from which this CRL is distributed.

int userCerts
 An int value that indicates whether this CRL covers revocation for end-entity certificates or not. More...

int CACerts
 An int value that indicates whether this CRL covers revocation for CA certificates or not. More...

UINT4 reasons
 A UINT4 value that limits the revocation reasons that can be specified by this CRL. More...

int indirectCRL
 An int value that indicates whether this CRL can contain revocation notifications from CAs other than the issuer of the CRL. More...

Field Documentation

int CACerts
 

An int value that indicates whether this CRL covers revocation for CA certificates or not. This field can be set to one of the following values:

CA Certificate Type Description
IDP_VALUE_TRUE Indicates the CRL covers revocation for CA certificates.
IDP_VALUE_FALSE Indicates the CRL does not cover revocation for CA certificates.

int indirectCRL
 

An int value that indicates whether this CRL can contain revocation notifications from CAs other than the issuer of the CRL. This field can be set to one of the following values:

Indirect CRL Option Description
IDP_VALUE_TRUE The CRL can contain revocation notifications from CAs other than the CA that issued the CRL.
IDP_VALUE_FALSE The CRL can contain only revocation notifications from the CA that issued the CRL.

If this is an indirect CRL, note that distributionPoint identifies only the issuer of the CRL, not the issuer of the certificates in the CRL. Therefore, the CA that issued the certificates in the CRL must be identified by a Certificate Issuer extension in each CRL entry.

UINT4 reasons
 

A UINT4 value that limits the revocation reasons that can be specified by this CRL. This field can be set to one or more of the following values. If this field is not set, the CRL can specify any revocation reason. 




 
Revocation Reason Description 


DPR_NO_REASONS Indicates the reason was not contained in the DER encoding. 


DPR_UNUSED Indicates a reason is not used. 


DPR_KEY_COMPROMISE Indicates revocation of an end-entity certificate; the subject's private key or validation information has been compromised. 


DPR_CA_COMPROMISE Indicates revocation of a CA certificate; the subject's private key or validation information has been compromised.  


DPR_AFFILIATION_CHANGED Indicates the subject's name or other information has been changed.  


DPR_SUPERSEDED Indicates the certificate has been superseded. 


DPR_CESSATION_OF_OPERATION  Indicates the certificate is no longer needed. 


DPR_CERTIFICATE_HOLD Indicates the certificate is on hold. 

     

  







  

    
      

        

           int userCerts
      

    		
  





  

    
       
    
    



An int value that indicates whether this CRL covers revocation for end-entity certificates or not. This field can be set to one of the following values:




 
End-Entity Certificate Type Description 


IDP_VALUE_TRUE Indicates the CRL covers revocation for end-entity certificates. 


IDP_VALUE_FALSE Indicates the CRL does not cover revocation for end-entity certificates. 

     

  







Copyright (c) 1999-2005 RSA Security Inc. All rights reserved.
067-001001-2720-001-000 - 2.7.2