Ubuntu Manpage: ssl_crl_cache_api - API for a SSL/TLS CRL (Certificate Revocation List) cache.

Provided by: erlang-manpages_20.2.2+dfsg-1ubuntu2_all

NAME

       ssl_crl_cache_api - API for a SSL/TLS CRL (Certificate Revocation List) cache.

DESCRIPTION

       When  SSL/TLS  performs  certificate  path  validation  according to RFC 5280  it should also perform CRL
       validation checks. To enable the CRL checks the application needs access to CRLs. A database of CRLs  can
       be  set  up  in  many different ways. This module provides the behavior of the API needed to integrate an
       arbitrary CRL cache with the erlang ssl application. It is also used by the application itself to provide
       a simple default implementation of a CRL cache.

DATA TYPES

       The following data types are used in the functions below:

         cache_ref() =:
           opaque()

         dist_point() =:
           #'DistributionPoint'{} see  X509 certificates records

EXPORTS

       fresh_crl(DistributionPoint, CRL) -> FreshCRL

              Types:

                  DistributionPoint = dist_point()
                  CRL = [public_key:der_encoded()]
                  FreshCRL = [public_key:der_encoded()]

              fun fresh_crl/2  will be used as input option update_crl to public_key:pkix_crls_validate/3

       lookup(DistributionPoint, Issuer, DbHandle) -> not_available | CRLs
       lookup(DistributionPoint, DbHandle) -> not_available | CRLs

              Types:

                  DistributionPoint = dist_point()
                  Issuer = public_key:issuer_name()
                  DbHandle = cache_ref()
                  CRLs = [public_key:der_encoded()]

              Lookup the CRLs belonging to the distribution point  Distributionpoint. This function  may  choose
              to  only  look  in  the  cache or to follow distribution point links depending on how the cache is
              administrated.

              The Issuer argument contains the issuer name of  the  certificate  to  be  checked.  Normally  the
              returned  CRL  should be issued by this issuer, except if the cRLIssuer field of DistributionPoint
              has a value, in which case that value should be used instead.

              In an earlier version of this API, the lookup function received two  arguments,  omitting  Issuer.
              For  compatibility,  this  is  still  supported:  if there is no lookup/3 function in the callback
              module, lookup/2 is called instead.

       select(Issuer, DbHandle) -> CRLs

              Types:

                  Issuer = public_key:issuer_name()
                  DbHandle = cache_ref()

              Select the CRLs in the cache that are issued by Issuer

Ericsson AB                                         ssl 8.2.3                            ssl_crl_cache_api(3erl)