NSSLAddCRLExternal

Syntax

#include <cafe.h>
#include <cafe/nssl/nsslclient.h>

NSSL_RVAL NSSLAddCRLExternal(NSSLContextHandle context,                         
                             const u8* pCRL,                                    
                             int crlLen,                                        
                             NSSLCrlType crlType); 

Parameters

context The context for which the Certificate Revocation List (CRL) is to be added.
pCRL Pointer to CRL buffer. The buffer size and address should be aligned to NSSL_IO_BUFFER_ALIGN.
crlLen CRL buffer length.
crlType Type of the CRL. Currently, only NSSL_CRL_TYPE_DER is supported. pCRL should contain a CRL in DER format.

Return Values

NSSL_RVAL_OK on success, error code of type NSSL_RVAL on failure.

Description

Add a Certificate Revocation List (CRL) to be used during the verification of the peer certificate. The CRL is used for all the connections created under the context. NSSLAddCRLExternal can be called multiple times for a context to add multiple CRLs. For example, for adding CRLs for any intermediate CAs in the certificate chain. The total maximum size of all CRLs an application can add (combined for all the contexts it creates) is 20 KB. The CRL checking during peer certificate verification has to be turned on for the context by setting appropriate flags using NSSLContextSetFlags.

Do Not Call From

Callbacks Do not call this function from any callback function.
Interrupt handler Do not call this function from any interrupt handler.
Exception handler Do not call this function from any exception handler.

See Also

NSSLContextSetFlags
NSSLContextClearFlags
NSSLContextGetFlags

Revision History

2014/06/02 Initial version.


CONFIDENTIAL