ssl_crl_cache_api(3erl)

1ssl_crl_cache_api(3)       Erlang Module Definition       ssl_crl_cache_api(3)
2
3
4

NAME

6       ssl_crl_cache_api - API for a SSL/TLS CRL (Certificate Revocation List)
7       cache.
8

DESCRIPTION

10       When SSL/TLS performs certificate path validation according to RFC 5280
11       it  should also perform CRL validation checks. To enable the CRL checks
12       the application needs access to CRLs. A database of CRLs can be set  up
13       in  many  different  ways. This module provides the behavior of the API
14       needed to integrate an arbitrary CRL cache with the erlang ssl applica‐
15       tion.  It  is  also  used by the application itself to provide a simple
16       default implementation of a CRL cache.
17

DATA TYPES

19       The following data types are used in the functions below:
20
21         cache_ref() =:
22           opaque()
23
24         dist_point() =:
25           #'DistributionPoint'{} see  X509 certificates records
26

EXPORTS

28       fresh_crl(DistributionPoint, CRL) -> FreshCRL
29
30              Types:
31
32                  DistributionPoint = dist_point()
33                  CRL = [public_key:der_encoded()]
34                  FreshCRL = [public_key:der_encoded()]
35
36              fun fresh_crl/2  will be used as input option update_crl to pub‐
37              lic_key:pkix_crls_validate/3
38
39       lookup(DistributionPoint, Issuer, DbHandle) -> not_available | CRLs
40       lookup(DistributionPoint, DbHandle) -> not_available | CRLs
41
42              Types:
43
44                  DistributionPoint = dist_point()
45                  Issuer = public_key:issuer_name()
46                  DbHandle = cache_ref()
47                  CRLs = [public_key:der_encoded()]
48
49              Lookup  the  CRLs belonging to the distribution point  Distribu‐
50              tionpoint. This function may choose to only look in the cache or
51              to follow distribution point links depending on how the cache is
52              administrated.
53
54              The Issuer argument contains the issuer name of the  certificate
55              to  be  checked.  Normally  the returned CRL should be issued by
56              this issuer, except if the cRLIssuer field of  DistributionPoint
57              has a value, in which case that value should be used instead.
58
59              In  an earlier version of this API, the lookup function received
60              two arguments, omitting Issuer. For compatibility, this is still
61              supported: if there is no lookup/3 function in the callback mod‐
62              ule, lookup/2 is called instead.
63
64       select(Issuer, DbHandle) -> CRLs
65
66              Types:
67
68                  Issuer = public_key:issuer_name()
69                  DbHandle = cache_ref()
70
71              Select the CRLs in the cache that are issued by Issuer
72
73
74
75Ericsson AB                       ssl 8.2.6.4             ssl_crl_cache_api(3)