Ubuntu Manpage: ssl_crl_cache_api - API for a SSL/TLS CRL (Certificate Revocation List) cache.

Provided by: erlang-manpages_20.2.2+dfsg-1ubuntu2_all

NAME

       ssl_crl_cache_api - API for a SSL/TLS CRL (Certificate Revocation List) cache.

DESCRIPTION

       When  SSL/TLS  performs  certificate  path  validation  according to RFC 5280  it should also perform CRL
       validation checks. To enable the CRL checks the application needs access to CRLs. A database of CRLs  can
       be  set  up  in  many different ways. This module provides the behavior of the API needed to integrate an
       arbitrary CRL cache with the erlang ssl application. It is also used by the application itself to provide
       a simple default implementation of a CRL cache.

DATA TYPES

       The following data types are used in the functions below:

         cache_ref() =:
           opaque()

         dist_point() =:
           #'DistributionPoint'{} see  X509 certificates records

EXPORTS

       fresh_crl(DistributionPoint, CRL) -> FreshCRL

              Types:

                  DistributionPoint = dist_point()
                  CRL = [public_key:der_encoded()]
                  FreshCRL = [public_key:der_encoded()]

              fun fresh_crl/2  will be used as input option update_crl to public_key:pkix_crls_validate/3

       lookup(DistributionPoint, Issuer, DbHandle) -> not_available | CRLs
       lookup(DistributionPoint, DbHandle) -> not_available | CRLs

              Types:

                  DistributionPoint = dist_point()
                  Issuer = public_key:issuer_name()
                  DbHandle = cache_ref()
                  CRLs = [public_key:der_encoded()]

              Lookup  the  CRLs belonging to the distribution point  Distributionpoint. This function may choose
              to only look in the cache or to follow distribution point links depending  on  how  the  cache  is
              administrated.

              The  Issuer  argument  contains  the  issuer  name  of the certificate to be checked. Normally the
              returned CRL should be issued by this issuer, except if the cRLIssuer field  of  DistributionPoint
              has a value, in which case that value should be used instead.

              In  an  earlier  version of this API, the lookup function received two arguments, omitting Issuer.
              For compatibility, this is still supported: if there is  no  lookup/3  function  in  the  callback
              module, lookup/2 is called instead.

       select(Issuer, DbHandle) -> CRLs

              Types:

                  Issuer = public_key:issuer_name()
                  DbHandle = cache_ref()

              Select the CRLs in the cache that are issued by Issuer