NAME

       ssl_crl_cache_api - API for a SSL/TLS CRL (Certificate Revocation List) cache.

DESCRIPTION

       When  SSL/TLS  performs  certificate  path  validation  according to RFC 5280  it should also perform CRL
       validation checks. To enable the CRL checks the application needs access to CRLs. A database of CRLs  can
       be  set  up  in  many different ways. This module provides the behavior of the API needed to integrate an
       arbitrary CRL cache with the erlang ssl application. It is also used by the application itself to provide
       a simple default implementation of a CRL cache.

DATA TYPES

       The following data types are used in the functions below:

         cache_ref() =:
           opaque()

         dist_point() =:
           #'DistributionPoint'{} see  X509 certificates records

EXPORTS

       fresh_crl(DistributionPoint, CRL) -> FreshCRL

              Types:

                  DistributionPoint = dist_point()
                  CRL = [public_key:der_encoded()]
                  FreshCRL = [public_key:der_encoded()]

              fun fresh_crl/2  will be used as input option update_crl to public_key:pkix_crls_validate/3

       lookup(DistributionPoint, DbHandle) -> not_available | CRLs

              Types:

                  DistributionPoint = dist_point()
                  DbHandle = cache_ref()
                  CRLs = [public_key:der_encoded()]

              Lookup the CRLs belonging to the distribution point  Distributionpoint. This function  may  choose
              to  only  look  in  the  cache or to follow distribution point links depending on how the cache is
              administrated.

       select(Issuer, DbHandle) -> CRLs

              Types:

                  Issuer = public_key:issuer_name()
                  DbHandle = cache_ref()

              Select the CRLs in the cache that are issued by Issuer

Ericsson AB                                          ssl 7.3                             ssl_crl_cache_api(3erl)