GSP
Quick Navigator

Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages
ssl_crl_cache_api(3) Erlang Module Definition ssl_crl_cache_api(3)

ssl_crl_cache_api - API for a TLS CRL (Certificate Revocation List) cache.

When TLS performs certificate path validation according to RFC 5280 it should also perform CRL validation checks. To enable the CRL checks the application needs access to CRLs. A database of CRLs can be set up in many different ways. This module provides the behavior of the API needed to integrate an arbitrary CRL cache with the erlang ssl application. It is also used by the application itself to provide a simple default implementation of a CRL cache.

crl_cache_ref() = any()

Reference to the CRL cache.

dist_point() = #'DistributionPoint'{}

For description see X509 certificates records

logger_info() = 
    {logger:level(),
     Report :: #{description => string(), reason => term()},
     logger:metadata()}

Information for ssl applications use of Logger(3)

Module:fresh_crl(DistributionPoint, CRL) -> FreshCRL
Module:fresh_crl(DistributionPoint, CRL) -> FreshCRL | {LoggerInfo, FreshCRL}

Types:

DistributionPoint = dist_point() CRL = [public_key:der_encoded()] FreshCRL = [public_key:der_encoded()] LoggerInfo = {logger, logger_info() }}

fun fresh_crl/2 will be used as input option update_crl to public_key:pkix_crls_validate/3

It is possible to return logger info that will be used by the TLS connection to produce log events.

Module:lookup(DistributionPoint, Issuer, DbHandle) -> not_available | CRLs | {LoggerInfo, CRLs}
Module:lookup(DistributionPoint, Issuer, DbHandle) -> not_available | CRLs
Module:lookup(DistributionPoint, DbHandle) -> not_available | CRLs

Types:

DistributionPoint = dist_point() Issuer = public_key:issuer_name() DbHandle = crl_cache_ref() CRLs = [public_key:der_encoded()] LoggerInfo = {logger, logger_info() }}

Lookup the CRLs belonging to the distribution point Distributionpoint. This function may choose to only look in the cache or to follow distribution point links depending on how the cache is administrated.

The Issuer argument contains the issuer name of the certificate to be checked. Normally the returned CRL should be issued by this issuer, except if the cRLIssuer field of DistributionPoint has a value, in which case that value should be used instead.

In an earlier version of this API, the lookup function received two arguments, omitting Issuer. For compatibility, this is still supported: if there is no lookup/3 function in the callback module, lookup/2 is called instead.

It is possible to return logger info that will be used by the TLS connection to produce log events.

Module:select(Issuer, DbHandle) -> CRLs | {LoggerInfo, CRLs}
Module:select(Issuer, DbHandle) -> CRLs

Types:

Issuer = public_key:issuer_name() | list() DbHandle = cache_ref() LoggerInfo = {logger, logger_info() }

Select the CRLs in the cache that are issued by Issuer unless the value is a list of so called general names, see X509 certificates records, originating form #'DistributionPoint'.cRLissuer and representing different mechanism to obtain the CRLs. The cache callback needs to use the appropriate entry to retrive the CRLs or return an empty list if it does not exist.

It is possible to return logger info that will be used by the TLS connection to produce log events.

ssl 10.6 Ericsson AB

Search for    or go to Top of page |  Section 3 |  Main Index

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with ManDoc.