1 /* ***** BEGIN LICENSE BLOCK *****
2 * Version: MPL 1.1/GPL 2.0/LGPL 2.1
4 * The contents of this file are subject to the Mozilla Public License Version
5 * 1.1 (the "License"); you may not use this file except in compliance with
6 * the License. You may obtain a copy of the License at
7 * http://www.mozilla.org/MPL/
9 * Software distributed under the License is distributed on an "AS IS" basis,
10 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
11 * for the specific language governing rights and limitations under the
14 * The Original Code is the PKIX-C library.
16 * The Initial Developer of the Original Code is
17 * Sun Microsystems, Inc.
18 * Portions created by the Initial Developer are
19 * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
22 * Sun Microsystems, Inc.
24 * Alternatively, the contents of this file may be used under the terms of
25 * either the GNU General Public License Version 2 or later (the "GPL"), or
26 * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
27 * in which case the provisions of the GPL or the LGPL are applicable instead
28 * of those above. If you wish to allow use of your version of this file only
29 * under the terms of either the GPL or the LGPL, and not to allow others to
30 * use your version of this file under the terms of the MPL, indicate your
31 * decision by deleting the provisions above and replace them with the notice
32 * and other provisions required by the GPL or the LGPL. If you do not delete
33 * the provisions above, a recipient may use your version of this file under
34 * the terms of any one of the MPL, the GPL or the LGPL.
36 * ***** END LICENSE BLOCK ***** */
38 * This file defines functions associated with the PKIX_CRLSelector and the
39 * PKIX_ComCRLSelParams types.
44 #ifndef _PKIX_CRLSEL_H
45 #define _PKIX_CRLSEL_H
55 * Please refer to the libpkix Programmer's Guide for detailed information
56 * about how to use the libpkix library. Certain key warnings and notices from
57 * that document are repeated here for emphasis.
59 * All identifiers in this file (and all public identifiers defined in
60 * libpkix) begin with "PKIX_". Private identifiers only intended for use
61 * within the library begin with "pkix_".
63 * A function returns NULL upon success, and a PKIX_Error pointer upon failure.
65 * Unless otherwise noted, for all accessor (gettor) functions that return a
66 * PKIX_PL_Object pointer, callers should assume that this pointer refers to a
67 * shared object. Therefore, the caller should treat this shared object as
68 * read-only and should not modify this shared object. When done using the
69 * shared object, the caller should release the reference to the object by
70 * using the PKIX_PL_Object_DecRef function.
72 * While a function is executing, if its arguments (or anything referred to by
73 * its arguments) are modified, free'd, or destroyed, the function's behavior
80 * PKIX_CRLSelectors provide a standard way for the caller to select CRLs
81 * based on particular criteria. A CRLSelector is typically used by libpkix
82 * to retrieve CRLs from a CertStore during certificate chain validation or
83 * building. (see pkix_certstore.h) For example, the caller may wish to only
84 * select those CRLs that have a particular issuer or a particular value for a
85 * private CRL extension. The MatchCallback allows the caller to specify the
86 * custom matching logic to be used by a CRLSelector.
88 * By default, the MatchCallback is set to point to the default implementation
89 * provided by libpkix, which understands how to process the most common
90 * parameters. If the default implementation is used, the caller should set
91 * these common parameters using PKIX_CRLSelector_SetCommonCRLSelectorParams.
92 * Any common parameter that is not set is assumed to be disabled, which means
93 * the default MatchCallback implementation will select all CRLs without
94 * regard to that particular disabled parameter. For example, if the
95 * MaxCRLNumber parameter is not set, MatchCallback will not filter out any
96 * CRL based on its CRL number. As such, if no parameters are set, all are
97 * disabled and any CRL will match. If a parameter is disabled, its associated
98 * PKIX_ComCRLSelParams_Get* function returns a default value of NULL.
100 * If a custom implementation is desired, the default implementation can be
101 * overridden by calling PKIX_CRLSelector_SetMatchCallback. In this case, the
102 * CRLSelector can be initialized with a crlSelectorContext, which is where
103 * the caller can specify the desired parameters the caller wishes to match
104 * against. Note that this crlSelectorContext must be a PKIX_PL_Object,
105 * allowing it to be reference-counted and allowing it to provide the standard
106 * PKIX_PL_Object functions (Equals, Hashcode, ToString, Compare, Duplicate).
111 * FUNCTION: PKIX_CRLSelector_MatchCallback
114 * This callback function determines whether the specified CRL pointed to by
115 * "crl" matches the criteria of the CRLSelector pointed to by "selector".
116 * If the CRL matches the CRLSelector's criteria, PKIX_TRUE is stored at
117 * "pMatch". Otherwise PKIX_FALSE is stored at "pMatch".
121 * Address of CRLSelector whose MatchCallback logic and parameters are
122 * to be used. Must be non-NULL.
124 * Address of CRL that is to be matched using "selector". Must be non-NULL.
126 * Address at which Boolean result is stored. Must be non-NULL.
128 * Platform-specific context pointer.
132 * Multiple threads must be able to safely call this function without
133 * worrying about conflicts, even if they're operating on the same objects.
135 * Returns NULL if the function succeeds.
136 * Returns a CRLSelector Error if the function fails in a non-fatal way.
137 * Returns a Fatal Error if the function fails in an unrecoverable way.
140 (*PKIX_CRLSelector_MatchCallback)(
141 PKIX_CRLSelector *selector,
143 PKIX_Boolean *pMatch,
147 * FUNCTION: PKIX_CRLSelector_Create
150 * Creates a new CRLSelector using the Object pointed to by
151 * "crlSelectorContext" (if any) and stores it at "pSelector". As noted
152 * above, by default, the MatchCallback is set to point to the default
153 * implementation provided by libpkix, which understands how to process
154 * ComCRLSelParams. This is overridden if the MatchCallback pointed to by
155 * "callback" is not NULL, in which case the parameters are specified using
156 * the Object pointed to by "crlSelectorContext".
162 * distribution points list
164 * The MatchCallback function to be used.
166 * Address where object pointer will be stored. Must be non-NULL.
168 * Platform-specific context pointer.
170 * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
172 * Returns NULL if the function succeeds.
173 * Returns a CRLSelector Error if the function fails in a non-fatal way.
174 * Returns a Fatal Error if the function fails in an unrecoverable way.
177 PKIX_CRLSelector_Create(
178 PKIX_PL_Cert *issuer,
179 PKIX_List *crlDpList,
181 PKIX_CRLSelector **pSelector,
185 * FUNCTION: PKIX_CRLSelector_GetMatchCallback
188 * Retrieves a pointer to "selector's" Match callback function and puts it in
193 * The CRLSelector whose Match callback is desired. Must be non-NULL.
195 * Address where Match callback function pointer will be stored.
198 * Platform-specific context pointer.
200 * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
202 * Returns NULL if the function succeeds.
203 * Returns a CRLSelector Error if the function fails in a non-fatal way.
204 * Returns a Fatal Error if the function fails in an unrecoverable way.
207 PKIX_CRLSelector_GetMatchCallback(
208 PKIX_CRLSelector *selector,
209 PKIX_CRLSelector_MatchCallback *pCallback,
213 * FUNCTION: PKIX_CRLSelector_GetCRLSelectorContext
216 * Retrieves a pointer to a PKIX_PL_Object representing the context (if any)
217 * of the CRLSelector pointed to by "selector" and stores it at
218 * "pCRLSelectorContext".
222 * Address of CRLSelector whose context is to be stored. Must be non-NULL.
223 * "pCRLSelectorContext"
224 * Address where object pointer will be stored. Must be non-NULL.
226 * Platform-specific context pointer.
228 * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
230 * Returns NULL if the function succeeds.
231 * Returns a CRLSelector Error if the function fails in a non-fatal way.
232 * Returns a Fatal Error if the function fails in an unrecoverable way.
235 PKIX_CRLSelector_GetCRLSelectorContext(
236 PKIX_CRLSelector *selector,
237 void **pCRLSelectorContext,
241 * FUNCTION: PKIX_CRLSelector_GetCommonCRLSelectorParams
244 * Retrieves a pointer to the ComCRLSelParams object that represent the common
245 * parameters of the CRLSelector pointed to by "selector" and stores it at
246 * "pCommonCRLSelectorParams". If there are no common parameters stored with
247 * the CRLSelector, this function stores NULL at "pCommonCRLSelectorParams".
251 * Address of CRLSelector whose ComCRLSelParams are to be stored.
253 * "pCommonCRLSelectorParams"
254 * Address where object pointer will be stored. Must be non-NULL.
256 * Platform-specific context pointer.
258 * Conditionally Thread Safe
259 * (see Thread Safety Definitions in Programmer's Guide)
261 * Returns NULL if the function succeeds.
262 * Returns a CRLSelector Error if the function fails in a non-fatal way.
263 * Returns a Fatal Error if the function fails in an unrecoverable way.
266 PKIX_CRLSelector_GetCommonCRLSelectorParams(
267 PKIX_CRLSelector *selector,
268 PKIX_ComCRLSelParams **pCommonCRLSelectorParams,
272 * FUNCTION: PKIX_CRLSelector_SetCommonCRLSelectorParams
275 * Sets the common parameters for the CRLSelector pointed to by "selector"
276 * using the ComCRLSelParams pointed to by "commonCRLSelectorParams".
280 * Address of CRLSelector whose common parameters are to be set.
282 * "commonCRLSelectorParams"
283 * Address of ComCRLSelParams representing the common parameters.
285 * Platform-specific context pointer.
287 * Not Thread Safe - assumes exclusive access to "selector"
288 * (see Thread Safety Definitions in Programmer's Guide)
290 * Returns NULL if the function succeeds.
291 * Returns a CRLSelector Error if the function fails in a non-fatal way.
292 * Returns a Fatal Error if the function fails in an unrecoverable way.
295 PKIX_CRLSelector_SetCommonCRLSelectorParams(
296 PKIX_CRLSelector *selector,
297 PKIX_ComCRLSelParams *commonCRLSelectorParams,
300 /* PKIX_ComCRLSelParams
302 * PKIX_ComCRLSelParams are X.509 parameters commonly used with CRLSelectors,
303 * especially determining which CRLs to retrieve from a CertStore.
304 * PKIX_ComCRLSelParams are typically used with those CRLSelectors that use
305 * the default implementation of MatchCallback, which understands how to
306 * process ComCRLSelParams.
310 * FUNCTION: PKIX_ComCRLSelParams_Create
313 * Creates a new ComCRLSelParams object and stores it at "pParams".
317 * Address where object pointer will be stored. Must be non-NULL.
319 * Platform-specific context pointer.
321 * Thread Safe (see Thread Safety Definitions in Programmer's Guide)
323 * Returns NULL if the function succeeds.
324 * Returns a CRLSelector Error if the function fails in a non-fatal way.
325 * Returns a Fatal Error if the function fails in an unrecoverable way.
328 PKIX_ComCRLSelParams_Create(
329 PKIX_ComCRLSelParams **pParams,
333 * FUNCTION: PKIX_ComCRLSelParams_GetIssuerNames
336 * Retrieves a pointer to the List of X500Names (if any) representing the
337 * issuer names criterion that is set in the ComCRLSelParams pointed to by
338 * "params" and stores it at "pNames". In order to match against this
339 * criterion, a CRL's IssuerName must match at least one of the criterion's
342 * If "params" does not have this criterion set, this function stores NULL at
343 * "pNames", in which case all CRLs are considered to match.
345 * Note that the List returned by this function is immutable.
349 * Address of ComCRLSelParams whose issuer names criterion (if any) is to
350 * be stored. Must be non-NULL.
352 * Address where object pointer will be stored. Must be non-NULL.
354 * Platform-specific context pointer.
356 * Conditionally Thread Safe
357 * (see Thread Safety Definitions in Programmer's Guide)
359 * Returns NULL if the function succeeds.
360 * Returns a CRLSelector Error if the function fails in a non-fatal way.
361 * Returns a Fatal Error if the function fails in an unrecoverable way.
364 PKIX_ComCRLSelParams_GetIssuerNames(
365 PKIX_ComCRLSelParams *params,
366 PKIX_List **pNames, /* list of PKIX_PL_X500Name */
370 * FUNCTION: PKIX_ComCRLSelParams_SetIssuerNames
373 * Sets the issuer names criterion of the ComCRLSelParams pointed to by
374 * "params" using a List of X500Names pointed to by "names". In order to match
375 * against this criterion, a CRL's IssuerName must match at least one of the
376 * criterion's issuer names.
380 * Address of ComCRLSelParamsParams whose issuer names criterion is to be
381 * set. Must be non-NULL.
383 * Address of List of X500Names used to set the criterion
385 * Platform-specific context pointer.
387 * Not Thread Safe - assumes exclusive access to "params"
388 * (see Thread Safety Definitions in Programmer's Guide)
390 * Returns NULL if the function succeeds.
391 * Returns a CRLSelector Error if the function fails in a non-fatal way.
392 * Returns a Fatal Error if the function fails in an unrecoverable way.
395 PKIX_ComCRLSelParams_SetIssuerNames(
396 PKIX_ComCRLSelParams *params,
397 PKIX_List *names, /* list of PKIX_PL_X500Name */
401 * FUNCTION: PKIX_ComCRLSelParams_AddIssuerName
404 * Adds to the issuer names criterion of the ComCRLSelParams pointed to by
405 * "params" using the X500Name pointed to by "name". In order to match
406 * against this criterion, a CRL's IssuerName must match at least one of the
407 * criterion's issuer names.
411 * Address of ComCRLSelParams whose issuer names criterion is to be added
412 * to. Must be non-NULL.
414 * Address of X500Name to be added.
416 * Platform-specific context pointer.
418 * Not Thread Safe - assumes exclusive access to "params"
419 * (see Thread Safety Definitions in Programmer's Guide)
421 * Returns NULL if the function succeeds.
422 * Returns a CRLSelector Error if the function fails in a non-fatal way.
423 * Returns a Fatal Error if the function fails in an unrecoverable way.
426 PKIX_ComCRLSelParams_AddIssuerName(
427 PKIX_ComCRLSelParams *params,
428 PKIX_PL_X500Name *name,
432 * FUNCTION: PKIX_ComCRLSelParams_GetCertificateChecking
435 * Retrieves a pointer to the Cert (if any) representing the certificate whose
436 * revocation status is being checked. This is not a criterion. It is simply
437 * optional information that may help a CertStore find relevant CRLs.
439 * If "params" does not have a certificate set, this function stores NULL at
440 * "pCert", in which case there is no optional information to provide.
444 * Address of ComCRLSelParams whose certificate being checked (if any) is
445 * to be stored. Must be non-NULL.
447 * Address where object pointer will be stored. Must be non-NULL.
449 * Platform-specific context pointer.
451 * Conditionally Thread Safe
452 * (see Thread Safety Definitions in Programmer's Guide)
454 * Returns NULL if the function succeeds
455 * Returns a CRLSelector Error if the function fails in a non-fatal way.
456 * Returns a Fatal Error if the function fails in an unrecoverable way.
459 PKIX_ComCRLSelParams_GetCertificateChecking(
460 PKIX_ComCRLSelParams *params,
461 PKIX_PL_Cert **pCert,
465 * FUNCTION: PKIX_ComCRLSelParams_SetCertificateChecking
468 * Sets the ComCRLSelParams pointed to by "params" with the certificate
469 * (pointed to by "cert") whose revocation status is being checked. This is
470 * not a criterion. It is simply optional information that may help a
471 * CertStore find relevant CRLs.
475 * Address of ComCRLSelParams whose certificate being checked is to be
476 * set. Must be non-NULL.
478 * Address of Cert whose revocation status is being checked
480 * Platform-specific context pointer.
482 * Not Thread Safe - assumes exclusive access to "params"
483 * (see Thread Safety Definitions in Programmer's Guide)
485 * Returns NULL if the function succeeds.
486 * Returns a CRLSelector Error if the function fails in a non-fatal way.
487 * Returns a Fatal Error if the function fails in an unrecoverable way.
490 PKIX_ComCRLSelParams_SetCertificateChecking(
491 PKIX_ComCRLSelParams *params,
496 * FUNCTION: PKIX_ComCRLSelParams_GetDateAndTime
499 * Retrieves a pointer to the Date (if any) representing the dateAndTime
500 * criterion that is set in the ComCRLSelParams pointed to by "params" and
501 * stores it at "pDate". In order to match against this criterion, a CRL's
502 * thisUpdate component must be less than or equal to the criterion's
503 * dateAndTime and the CRL's nextUpdate component must be later than the
504 * criterion's dateAndTime. There is no match if the CRL does not contain a
505 * nextUpdate component.
507 * If "params" does not have this criterion set, this function stores NULL at
508 * "pDate", in which case all CRLs are considered to match.
512 * Address of ComCRLSelParams whose dateAndTime criterion (if any) is to
513 * be stored. Must be non-NULL.
515 * Address where object pointer will be stored. Must be non-NULL.
517 * Platform-specific context pointer.
519 * Conditionally Thread Safe
520 * (see Thread Safety Definitions in Programmer's Guide)
522 * Returns NULL if the function succeeds.
523 * Returns a CRLSelector Error if the function fails in a non-fatal way.
524 * Returns a Fatal Error if the function fails in an unrecoverable way.
527 PKIX_ComCRLSelParams_GetDateAndTime(
528 PKIX_ComCRLSelParams *params,
529 PKIX_PL_Date **pDate,
533 * FUNCTION: PKIX_ComCRLSelParams_SetDateAndTime
536 * Sets the dateAndTime criterion of the ComCRLSelParams pointed to by
537 * "params" using a Date pointed to by "date". In order to match against this
538 * criterion, a CRL's thisUpdate component must be less than or equal to the
539 * criterion's dateAndTime and the CRL's nextUpdate component must be later
540 * than the criterion's dateAndTime. There is no match if the CRL does not
541 * contain a nextUpdate component.
545 * Address of ComCRLSelParamsParams whose dateAndTime criterion is to be
546 * set. Must be non-NULL.
548 * Address of Date used to set the criterion
550 * Platform-specific context pointer.
552 * Not Thread Safe - assumes exclusive access to "params"
553 * (see Thread Safety Definitions in Programmer's Guide)
555 * Returns NULL if the function succeeds.
556 * Returns a CRLSelector Error if the function fails in a non-fatal way.
557 * Returns a Fatal Error if the function fails in an unrecoverable way.
560 PKIX_ComCRLSelParams_SetDateAndTime(
561 PKIX_ComCRLSelParams *params,
566 * FUNCTION: PKIX_ComCRLSelParams_GetNISTPolicyEnabled
569 * Retrieves a pointer to the Boolean representing the NIST CRL policy
570 * activation flag that is set in the ComCRLSelParams pointed to by "params"
571 * and stores it at "enabled". If enabled, a CRL must have nextUpdate field.
573 * Default value for this flag is TRUE.
577 * Address of ComCRLSelParams whose NIST CRL policy criterion is to
578 * be stored. Must be non-NULL.
580 * Address where object pointer will be stored. Must be non-NULL.
582 * Platform-specific context pointer.
584 * Conditionally Thread Safe
585 * (see Thread Safety Definitions in Programmer's Guide)
587 * Returns NULL if the function succeeds.
588 * Returns a CRLSelector Error if the function fails in a non-fatal way.
589 * Returns a Fatal Error if the function fails in an unrecoverable way.
592 PKIX_ComCRLSelParams_GetNISTPolicyEnabled(
593 PKIX_ComCRLSelParams *params,
594 PKIX_Boolean *pEnabled,
598 * FUNCTION: PKIX_ComCRLSelParams_SetNISTPolicyEnabled
601 * Sets the NIST crl policy criterion of the ComCRLSelParams pointed to by
602 * "params" using a "enabled" flag. In order to match against this
603 * criterion, a CRL's nextUpdate must be available and criterion's
604 * dataAndTime must be within thisUpdate and nextUpdate time period.
608 * Address of ComCRLSelParamsParams whose NIST CRL policy criterion
609 * is to be set. Must be non-NULL.
611 * Address of Bollean used to set the criterion
613 * Platform-specific context pointer.
615 * Not Thread Safe - assumes exclusive access to "params"
616 * (see Thread Safety Definitions in Programmer's Guide)
618 * Returns NULL if the function succeeds.
619 * Returns a CRLSelector Error if the function fails in a non-fatal way.
620 * Returns a Fatal Error if the function fails in an unrecoverable way.
623 PKIX_ComCRLSelParams_SetNISTPolicyEnabled(
624 PKIX_ComCRLSelParams *params,
625 PKIX_Boolean enabled,
629 * FUNCTION: PKIX_ComCRLSelParams_GetMaxCRLNumber
632 * Retrieves a pointer to the BigInt (if any) representing the maxCRLNumber
633 * criterion that is set in the ComCRLSelParams pointed to by "params" and
634 * stores it at "pNumber". In order to match against this criterion, a CRL
635 * must have a CRL number extension whose value is less than or equal to the
638 * If "params" does not have this criterion set, this function stores NULL at
639 * "pNumber", in which case all CRLs are considered to match.
643 * Address of ComCRLSelParams whose maxCRLNumber criterion (if any) is to
644 * be stored. Must be non-NULL.
646 * Address where object pointer will be stored. Must be non-NULL.
648 * Platform-specific context pointer.
650 * Conditionally Thread Safe
651 * (see Thread Safety Definitions in Programmer's Guide)
653 * Returns NULL if the function succeeds.
654 * Returns a CRLSelector Error if the function fails in a non-fatal way.
655 * Returns a Fatal Error if the function fails in an unrecoverable way.
658 PKIX_ComCRLSelParams_GetMaxCRLNumber(
659 PKIX_ComCRLSelParams *params,
660 PKIX_PL_BigInt **pNumber,
664 * FUNCTION: PKIX_ComCRLSelParams_SetMaxCRLNumber
667 * Sets the maxCRLNumber criterion of the ComCRLSelParams pointed to by
668 * "params" using a BigInt pointed to by "number". In order to match against
669 * this criterion, a CRL must have a CRL number extension whose value is less
670 * than or equal to the criterion's value.
674 * Address of ComCRLSelParamsParams whose maxCRLNumber criterion is to be
675 * set. Must be non-NULL.
677 * Address of BigInt used to set the criterion
679 * Platform-specific context pointer.
681 * Not Thread Safe - assumes exclusive access to "params"
682 * (see Thread Safety Definitions in Programmer's Guide)
684 * Returns NULL if the function succeeds.
685 * Returns a CRLSelector Error if the function fails in a non-fatal way.
686 * Returns a Fatal Error if the function fails in an unrecoverable way.
689 PKIX_ComCRLSelParams_SetMaxCRLNumber(
690 PKIX_ComCRLSelParams *params,
691 PKIX_PL_BigInt *number,
695 * FUNCTION: PKIX_ComCRLSelParams_GetMinCRLNumber
698 * Retrieves a pointer to the BigInt (if any) representing the minCRLNumber
699 * criterion that is set in the ComCRLSelParams pointed to by "params" and
700 * stores it at "pNumber". In order to match against this criterion, a CRL
701 * must have a CRL number extension whose value is greater than or equal to
702 * the criterion's value.
704 * If "params" does not have this criterion set, this function stores NULL at
705 * "pNumber", in which case all CRLs are considered to match.
709 * Address of ComCRLSelParams whose minCRLNumber criterion (if any) is to
710 * be stored. Must be non-NULL.
712 * Address where object pointer will be stored. Must be non-NULL.
714 * Platform-specific context pointer.
716 * Conditionally Thread Safe
717 * (see Thread Safety Definitions in Programmer's Guide)
719 * Returns NULL if the function succeeds.
720 * Returns a CRLSelector Error if the function fails in a non-fatal way.
721 * Returns a Fatal Error if the function fails in an unrecoverable way.
724 PKIX_ComCRLSelParams_GetMinCRLNumber(
725 PKIX_ComCRLSelParams *params,
726 PKIX_PL_BigInt **pNumber,
730 * FUNCTION: PKIX_ComCRLSelParams_SetMinCRLNumber
733 * Sets the minCRLNumber criterion of the ComCRLSelParams pointed to by
734 * "params" using a BigInt pointed to by "number". In order to match against
735 * this criterion, a CRL must have a CRL number extension whose value is
736 * greater than or equal to the criterion's value.
740 * Address of ComCRLSelParamsParams whose minCRLNumber criterion is to be
741 * set. Must be non-NULL.
743 * Address of BigInt used to set the criterion
745 * Platform-specific context pointer.
747 * Not Thread Safe - assumes exclusive access to "params"
748 * (see Thread Safety Definitions in Programmer's Guide)
750 * Returns NULL if the function succeeds.
751 * Returns a CRLSelector Error if the function fails in a non-fatal way.
752 * Returns a Fatal Error if the function fails in an unrecoverable way.
755 PKIX_ComCRLSelParams_SetMinCRLNumber(
756 PKIX_ComCRLSelParams *params,
757 PKIX_PL_BigInt *number,
761 * FUNCTION: PKIX_ComCRLSelParams_SetCrlDp
764 * Sets crldp list that can be used to download a crls.
768 * Address of ComCRLSelParamsParams whose minCRLNumber criterion is to be
769 * set. Must be non-NULL.
771 * A list of CRLDPs. Can be an emptry list.
773 * Platform-specific context pointer.
775 * Not Thread Safe - assumes exclusive access to "params"
776 * (see Thread Safety Definitions in Programmer's Guide)
778 * Returns NULL if the function succeeds.
779 * Returns a CRLSelector Error if the function fails in a non-fatal way.
780 * Returns a Fatal Error if the function fails in an unrecoverable way.
783 PKIX_ComCRLSelParams_SetCrlDp(
784 PKIX_ComCRLSelParams *params,
785 PKIX_List *crldpList,
792 #endif /* _PKIX_CRLSEL_H */