Provided by: erlang-manpages_25.2.3+dfsg-1_all bug

NAME

       ssl_crl_cache_api - API for a TLS CRL (Certificate Revocation List) cache.

DESCRIPTION

       When  TLS  performs  certificate  path  validation  according  to RFC 5280  it should also
       perform CRL validation checks. To enable the CRL checks the application  needs  access  to
       CRLs.  A  database  of CRLs can be set up in many different ways. This module provides the
       behavior of the API needed to integrate  an  arbitrary  CRL  cache  with  the  erlang  ssl
       application.  It  is  also  used  by  the  application  itself to provide a simple default
       implementation of a CRL cache.

DATA TYPES

       crl_cache_ref() = any()

              Reference to the CRL cache.

       dist_point() = #'DistributionPoint'{}

              For description see  X509 certificates records

       logger_info() =
           {logger:level(),
            Report :: #{description => string(), reason => term()},
            logger:metadata()}

              Information for ssl applications use of  Logger(3erl)

EXPORTS

       Module:fresh_crl(DistributionPoint, CRL) -> FreshCRL
       Module:fresh_crl(DistributionPoint, CRL) -> FreshCRL | {LoggerInfo, FreshCRL}

              Types:

                  DistributionPoint =  dist_point()
                  CRL = [public_key:der_encoded()]
                  FreshCRL = [public_key:der_encoded()]
                  LoggerInfo = {logger,  logger_info() }}

              fun   fresh_crl/2      will   be   used   as    input    option    update_crl    to
              public_key:pkix_crls_validate/3

              It  is  possible  to  return logger info that will be used by the TLS connection to
              produce log events.

       Module:lookup(DistributionPoint, Issuer, DbHandle) -> not_available | CRLs |  {LoggerInfo,
       CRLs}
       Module:lookup(DistributionPoint, Issuer, DbHandle) -> not_available | CRLs
       Module:lookup(DistributionPoint, DbHandle) -> not_available | CRLs

              Types:

                  DistributionPoint =  dist_point()
                  Issuer = public_key:issuer_name()
                  DbHandle =  crl_cache_ref()
                  CRLs = [public_key:der_encoded()]
                  LoggerInfo = {logger,  logger_info() }}

              Lookup  the  CRLs  belonging  to  the  distribution  point  Distributionpoint. This
              function may choose to only look in the cache or to follow distribution point links
              depending on how the cache is administrated.

              The  Issuer  argument  contains  the  issuer name of the certificate to be checked.
              Normally the returned CRL should be issued by this issuer, except if the  cRLIssuer
              field  of  DistributionPoint  has  a value, in which case that value should be used
              instead.

              In an earlier version of this API, the  lookup  function  received  two  arguments,
              omitting  Issuer.  For  compatibility,  this  is  still  supported:  if there is no
              lookup/3 function in the callback module, lookup/2 is called instead.

              It is possible to return logger info that will be used by  the  TLS  connection  to
              produce log events.

       Module:select(Issuer, DbHandle) -> CRLs | {LoggerInfo, CRLs}
       Module:select(Issuer, DbHandle) -> CRLs

              Types:

                  Issuer = public_key:issuer_name() | list()
                  DbHandle =  cache_ref()
                  LoggerInfo = {logger,  logger_info() }

              Select  the  CRLs in the cache that are issued by Issuer unless the value is a list
              of so called general  names,  see   X509  certificates  records,  originating  form
              #'DistributionPoint'.cRLissuer  and  representing different mechanism to obtain the
              CRLs. The cache callback needs to use the appropriate entry to retrieve the CRLs or
              return an empty list if it does not exist.

              It  is  possible  to  return logger info that will be used by the TLS connection to
              produce log events.