NAME

       ssl_crl_cache_api - API for a SSL/TLS CRL (Certificate Revocation List) cache.

DESCRIPTION

       When  SSL/TLS  performs  certificate path validation according to RFC 5280  it should also
       perform CRL validation checks. To enable the CRL checks the application  needs  access  to
       CRLs.  A  database  of CRLs can be set up in many different ways. This module provides the
       behavior of the API needed to integrate  an  arbitrary  CRL  cache  with  the  erlang  ssl
       application.  It  is  also  used  by  the  application  itself to provide a simple default
       implementation of a CRL cache.

DATA TYPES

       The following data types are used in the functions below:

         cache_ref() =:
           opaque()

         dist_point() =:
           #'DistributionPoint'{} see  X509 certificates records

EXPORTS

       fresh_crl(DistributionPoint, CRL) -> FreshCRL

              Types:

                  DistributionPoint = dist_point()
                  CRL = [public_key:der_encoded()]
                  FreshCRL = [public_key:der_encoded()]

              fun   fresh_crl/2      will   be   used   as    input    option    update_crl    to
              public_key:pkix_crls_validate/3

       lookup(DistributionPoint, DbHandle) -> not_available | CRLs

              Types:

                  DistributionPoint = dist_point()
                  DbHandle = cache_ref()
                  CRLs = [public_key:der_encoded()]

              Lookup  the  CRLs  belonging  to  the  distribution  point  Distributionpoint. This
              function may choose to only look in the cache or to follow distribution point links
              depending on how the cache is administrated.

       select(Issuer, DbHandle) -> CRLs

              Types:

                  Issuer = public_key:issuer_name()
                  DbHandle = cache_ref()

              Select the CRLs in the cache that are issued by Issuer