API for a SSL/TLS CRL (Certificate Revocation List) cache.
When SSL/TLS performs certificate path validation according to
Types
crl_cache_ref() = any()
Reference to the CRL cache.
dist_point() = #'DistributionPoint'{}
For description see X509 certificates records
Functions
DistributionPoint = dist_point()
CRL = [public_key:der_encoded()]
FreshCRL = [public_key:der_encoded()]
fun fresh_crl/2
will be used as input option update_crl
to
public_key:pkix_crls_validate/3
DistributionPoint = dist_point()
Issuer = public_key:issuer_name()
DbHandle = crl_cache_ref()
CRLs = [public_key:der_encoded()]
Lookup the CRLs belonging to the distribution point Distributionpoint
.
This function may choose to only look in the cache or to follow distribution point
links depending on how the cache is administrated.
The Issuer
argument contains the issuer name of the
certificate to be checked. Normally the returned CRL should
be issued by this issuer, except if the cRLIssuer
field
of DistributionPoint
has a value, in which case that
value should be used instead.
In an earlier version of this API, the lookup
function received two arguments, omitting Issuer
. For
compatibility, this is still supported: if there is no
lookup/3
function in the callback module,
lookup/2
is called instead.
Issuer = public_key:issuer_name()
DbHandle = cache_ref()
Select the CRLs in the cache that are issued by Issuer