x509rev.h File Reference

X.509 revocation policy and CRL-based certificate status checking interface. More...

#include "qsccommon.h"
#include "x509crl.h"
#include "x509time.h"
#include "x509types.h"
#include "x509revext.h"

Go to the source code of this file.

Data Structures
struct	qsc_x509_revocation_options_t

Typedefs
typedef enum qsc_x509_revocation_mode_t	qsc_x509_revocation_mode
typedef enum qsc_x509_revocation_status_t	qsc_x509_revocation_status
typedef qsc_asn1_status(*	qsc_x509_crl_resolver_callback) (const qsc_x509_certificate *certificate, const qsc_x509_certificate *issuer, qsc_x509_crl *crl, void *context)
	Caller-supplied CRL acquisition callback.
typedef qsc_asn1_status(*	qsc_x509_delta_crl_resolver_callback) (const qsc_x509_certificate *certificate, const qsc_x509_certificate *issuer, qsc_x509_crl *basecrl, qsc_x509_crl *deltacrl, bool *deltaavailable, void *context)
typedef struct qsc_x509_revocation_options_t	qsc_x509_revocation_options

Enumerations
enum	qsc_x509_revocation_mode_t { QSC_X509_REVOCATION_MODE_NONE = 0 , QSC_X509_REVOCATION_MODE_BEST_EFFORT = 1 , QSC_X509_REVOCATION_MODE_REQUIRE_VALID_CRL = 2 }
enum	qsc_x509_revocation_status_t {   QSC_X509_REVOCATION_STATUS_GOOD = 0 , QSC_X509_REVOCATION_STATUS_REVOKED = 1 , QSC_X509_REVOCATION_STATUS_UNCHECKED = 2 , QSC_X509_REVOCATION_STATUS_CRL_NOT_FOUND = 3 ,   QSC_X509_REVOCATION_STATUS_CRL_INVALID = 4 , QSC_X509_REVOCATION_STATUS_CRL_EXPIRED = 5 , QSC_X509_REVOCATION_STATUS_ISSUER_MISMATCH = 6 , QSC_X509_REVOCATION_STATUS_ERROR = 7 }

Functions
QSC_EXPORT_API void	qsc_x509_revocation_options_initialize (qsc_x509_revocation_options *options)
	Initialize a revocation options structure.
QSC_EXPORT_API qsc_x509_revocation_status	qsc_x509_certificate_check_revocation_with_crl (const qsc_x509_certificate *certificate, const qsc_x509_certificate *issuer, const qsc_x509_crl *crl, qsc_x509_crl_signature_verify_callback verifycallback, void *verifycontext, const qsc_x509_time *validationtime)
	Check certificate revocation status using a supplied CRL.
QSC_EXPORT_API qsc_x509_revocation_status	qsc_x509_certificate_check_revocation (const qsc_x509_certificate *certificate, const qsc_x509_certificate *issuer, const qsc_x509_revocation_options *options, const qsc_x509_time *validationtime)
	Check certificate revocation status using resolver-driven CRL acquisition.

Detailed Description

X.509 revocation policy and CRL-based certificate status checking interface.

This header defines the revocation policy modes, revocation status results, callback types, option container, and helper functions used to perform certificate revocation checks through certificate revocation lists. The interface supports direct CRL evaluation as well as resolver-driven CRL acquisition under caller-defined policy.

Typedef Documentation

qsc_x509_crl_resolver_callback

typedef qsc_asn1_status(* qsc_x509_crl_resolver_callback) (const qsc_x509_certificate *certificate, const qsc_x509_certificate *issuer, qsc_x509_crl *crl, void *context)

Caller-supplied CRL acquisition callback.

This callback is used to obtain a CRL applicable to the supplied certificate and issuer. The callback populates the destination CRL object and returns an ASN.1 status code indicating whether resolution was successful.

Parameters

certificate	[const][struct] The certificate whose revocation status is being checked.
issuer	[const][struct] The issuer certificate for the target certificate.
crl	[struct] The destination CRL object to populate.
context	Caller-defined opaque resolver context.

Returns

[enum] Returns a qsc_asn1_status code.

Enumeration Type Documentation

qsc_x509_revocation_mode_t

enum qsc_x509_revocation_mode_t

Enumerator
QSC_X509_REVOCATION_MODE_NONE	Disable revocation checking.
QSC_X509_REVOCATION_MODE_BEST_EFFORT	Attempt revocation checking but do not hard-fail when a CRL cannot be obtained or validated.
QSC_X509_REVOCATION_MODE_REQUIRE_VALID_CRL	Require a valid CRL-based revocation result for successful validation.

qsc_x509_revocation_status_t

enum qsc_x509_revocation_status_t

Enumerator
QSC_X509_REVOCATION_STATUS_GOOD	The certificate was checked and is not listed as revoked.
QSC_X509_REVOCATION_STATUS_REVOKED	The certificate serial number was found in the CRL and is revoked.
QSC_X509_REVOCATION_STATUS_UNCHECKED	Revocation status was not checked under the active policy or available inputs.
QSC_X509_REVOCATION_STATUS_CRL_NOT_FOUND	No CRL could be obtained for the certificate and issuer pair.
QSC_X509_REVOCATION_STATUS_CRL_INVALID	A CRL was obtained but failed structural or signature validation.
QSC_X509_REVOCATION_STATUS_CRL_EXPIRED	The CRL validity interval did not cover the supplied validation time.
QSC_X509_REVOCATION_STATUS_ISSUER_MISMATCH	The CRL issuer did not match the supplied issuer certificate.
QSC_X509_REVOCATION_STATUS_ERROR	A non-specific error occurred during revocation processing.

Function Documentation

qsc_x509_certificate_check_revocation()

QSC_EXPORT_API qsc_x509_revocation_status qsc_x509_certificate_check_revocation	(	const qsc_x509_certificate *	certificate,
		const qsc_x509_certificate *	issuer,
		const qsc_x509_revocation_options *	options,
		const qsc_x509_time *	validationtime )

Check certificate revocation status using resolver-driven CRL acquisition.

Resolves a CRL for the target certificate using the configured resolver callback and applies revocation processing according to the supplied revocation policy options.

Parameters

certificate	[const][struct] The certificate whose revocation status is being checked.
issuer	[const][struct] The issuer certificate for the target certificate.
options	[const][struct] The revocation policy and callback options.
validationtime	[const][struct] The time used to evaluate CRL validity.

Returns

[enum] Returns a qsc_x509_revocation_status code.

qsc_x509_certificate_check_revocation_with_crl()

QSC_EXPORT_API qsc_x509_revocation_status qsc_x509_certificate_check_revocation_with_crl	(	const qsc_x509_certificate *	certificate,
		const qsc_x509_certificate *	issuer,
		const qsc_x509_crl *	crl,
		qsc_x509_crl_signature_verify_callback	verifycallback,
		void *	verifycontext,
		const qsc_x509_time *	validationtime )

Check certificate revocation status using a supplied CRL.

Evaluates the target certificate against the supplied CRL, verifies the CRL against the issuer certificate using the caller-supplied verification callback, and returns a normalized revocation status result.

Parameters

certificate	[const][struct] The certificate whose revocation status is being checked.
issuer	[const][struct] The issuer certificate for the target certificate.
crl	[const][struct] The CRL to use for revocation checking.
verifycallback	The callback used to verify the CRL signature.
verifycontext	Caller-defined opaque context passed to the verification callback.
validationtime	[const][struct] The time used to evaluate CRL validity.

Returns

[enum] Returns a qsc_x509_revocation_status code.

qsc_x509_revocation_options_initialize()

QSC_EXPORT_API void qsc_x509_revocation_options_initialize

(

qsc_x509_revocation_options *

options

)

Initialize a revocation options structure.

Resets the revocation options object to a clean default state suitable for later policy and callback configuration.

Parameters

options

[struct] The revocation options structure to initialize.

Returns

[void] This function does not return a value.