Developer's Guide
 All Classes Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
virtual P6R::P6ERR P6R::p6IGenCerts::newCrl ( P6UINT32  nextInDays,
P6UINT32  nextInHours,
P6CERTEXTENSION pExtensionSet,
P6UINT32  numExtension,
p6ICert pCACertificate 
)
pure virtual

Create an in-memory image of a certificate revocation list (CRL).

This list contains a group of serial numbers of revoked (i.e., invalid) certificates that the associated CA has generated. This function is used by a CA.

Note, that each cert object can contain only one CRL at a time. The standard calling sequence should be: (newCrl, revokeCert, ..., revokeCert, genCrlFile, deleteCrl). Thus the following calling sequence: (newCrl, newCrl) will result only in one CRL since the second call to newCrl will delete the unfinished CRL created by the first call to newCrl.

Note that only CRL extensions are supported, not CRL entry extensions. Any of the certificate extensions can be added on a CRL however only the two ( authorityKeyIdentifier, issuerAltName ) make sense. Here are examples of both:

v3Ext[0].name = "authorityKeyIdentifier"; v3Ext[0].value = "keyid,issuer:always"; v3Ext[1].name = "issuerAltName"; v3Ext[1].value = "DNS:test.p6r.com";

Valid values for the authorityKeyIdentifier extension are the following strings: "keyid,issuer", "keyid,issuer:always", "keyid:always,issuer", and "keyid:always,issuer:always".

The option "keyid" means to use the issuer's (i.e., CA) subject keyid. When that option is followed by the string ":always" it becomes an error (and the new CRL will not be created) if the issuer's certificate does not have a key id. (The error eUnsupproted is returned.)

The option "issuer" means to take the issuer's name and serial number out from the CA's certificate. If the keyid is not available then this option becomes the default. When this option is followed by the string "always" then it is always included in the CRL.

Parameters
nextInDays[ in ] The number of days that the next new CRL will be generated.
nextInHours[ in ] The number of days + hours that the next new CRL will be generated.
pExtensionSet[ in ] An array of extensions to be added to the V2 CRL. This pointer can be NULL if no extensions are required.
numExtension[ in ] The number of entries in pExtensionSet
pCACertificate[ in ] The CA's certificate
Returns
SuccessP6R::eOk 
FailureP6R::eNotInitializedA successful call to initialize was not made before this call.
P6R::eFormatErrorCA certificate file cannot be properly read.
P6R::eIoErrorFailed to open the CA certificate file.
P6R::eNotFoundThe CA certificate file does not exist.
P6R::eInvalidArgnextInDays and nextInHours cannot both be zero. pCACertificate cannot be NULL. If numExtenison is greater than zero then pExtensionSet cannot be NULL.
P6R::eInvalidStateFailed to initialize the new CRL.
P6R::eNoMemoryInsufficient memory to initialize the new CRL.
P6R::eUnsupportedAn unsupported extension has been passed in.