Ubuntu Manpage: ssl_crl_cache_api - API for a SSL/TLS CRL (Certificate Revocation List) cache.

Provided by: erlang-manpages_20.2.2+dfsg-1ubuntu2_all

NAME

       ssl_crl_cache_api - API for a SSL/TLS CRL (Certificate Revocation List) cache.

DESCRIPTION

       When  SSL/TLS  performs  certificate path validation according to RFC 5280  it should also
       perform CRL validation checks. To enable the CRL checks the application  needs  access  to
       CRLs.  A  database  of CRLs can be set up in many different ways. This module provides the
       behavior of the API needed to integrate  an  arbitrary  CRL  cache  with  the  erlang  ssl
       application.  It  is  also  used  by  the  application  itself to provide a simple default
       implementation of a CRL cache.

DATA TYPES

       The following data types are used in the functions below:

         cache_ref() =:
           opaque()

         dist_point() =:
           #'DistributionPoint'{} see  X509 certificates records

EXPORTS

       fresh_crl(DistributionPoint, CRL) -> FreshCRL

              Types:

                  DistributionPoint = dist_point()
                  CRL = [public_key:der_encoded()]
                  FreshCRL = [public_key:der_encoded()]

              fun   fresh_crl/2      will   be   used   as    input    option    update_crl    to
              public_key:pkix_crls_validate/3

       lookup(DistributionPoint, Issuer, DbHandle) -> not_available | CRLs
       lookup(DistributionPoint, DbHandle) -> not_available | CRLs

              Types:

                  DistributionPoint = dist_point()
                  Issuer = public_key:issuer_name()
                  DbHandle = cache_ref()
                  CRLs = [public_key:der_encoded()]

              Lookup  the  CRLs  belonging  to  the  distribution  point  Distributionpoint. This
              function may choose to only look in the cache or to follow distribution point links
              depending on how the cache is administrated.

              The  Issuer  argument  contains  the  issuer name of the certificate to be checked.
              Normally the returned CRL should be issued by this issuer, except if the  cRLIssuer
              field  of  DistributionPoint  has  a value, in which case that value should be used
              instead.

              In an earlier version of this API, the  lookup  function  received  two  arguments,
              omitting  Issuer.  For  compatibility,  this  is  still  supported:  if there is no
              lookup/3 function in the callback module, lookup/2 is called instead.

       select(Issuer, DbHandle) -> CRLs

              Types:

                  Issuer = public_key:issuer_name()
                  DbHandle = cache_ref()

              Select the CRLs in the cache that are issued by Issuer