ssl_crl_cache_api
API for a SSL/TLS CRL (Certificate Revocation List) cache.
When SSL/TLS performs certificate path validation according to
DATA TYPES
The following data types are used in the functions below:
cache_ref() =
dist_point() =
#'DistributionPoint'{} see X509 certificates records
Functions
fresh_crl(DistributionPoint, CRL) -> FreshCRL
DistributionPoint = dist_point()
CRL = [public_key:der_encoded()]
FreshCRL = [public_key:der_encoded()]
fun fresh_crl/2
will be used as input option update_crl
to
public_key:pkix_crls_validate/3
lookup(DistributionPoint, Issuer, DbHandle) -> not_available | CRLs
lookup(DistributionPoint, DbHandle) -> not_available | CRLs
DistributionPoint = dist_point()
Issuer = public_key:issuer_name()
DbHandle = cache_ref()
CRLs = [public_key:der_encoded()]
Lookup the CRLs belonging to the distribution point Distributionpoint
.
This function may choose to only look in the cache or to follow distribution point
links depending on how the cache is administrated.
The Issuer
argument contains the issuer name of the
certificate to be checked. Normally the returned CRL should
be issued by this issuer, except if the cRLIssuer
field
of DistributionPoint
has a value, in which case that
value should be used instead.
In an earlier version of this API, the lookup
function received two arguments, omitting Issuer
. For
compatibility, this is still supported: if there is no
lookup/3
function in the callback module,
lookup/2
is called instead.
select(Issuer, DbHandle) -> CRLs
Issuer = public_key:issuer_name()
DbHandle = cache_ref()
Select the CRLs in the cache that are issued by Issuer