API for a SSL/TLS CRL (Certificate Revocation List) cache.
When SSL/TLS performs certificate path validation according to
RFC 5280 it should also perform CRL validation checks. To enable the CRL checks the application needs access to CRLs. A database of CRLs can be set up in many different ways. This module provides the behavior of the API needed to integrate an arbitrary CRL cache with the erlang ssl application. It is also used by the application itself to provide a simple default implementation of a CRL cache.
The following data types are used in the functions below:
X509 certificates records
fun fresh_crl/2 will be used as input option
Lookup the CRLs belonging to the distribution point
Distributionpoint. This function may choose to only look in the cache or to follow distribution point links depending on how the cache is administrated.
Issuer argument contains the issuer name of the certificate to be checked. Normally the returned CRL should be issued by this issuer, except if the
cRLIssuer field of
DistributionPoint has a value, in which case that value should be used instead.
In an earlier version of this API, the
lookup function received two arguments, omitting
Issuer. For compatibility, this is still supported: if there is no
lookup/3 function in the callback module,
lookup/2 is called instead.
Select the CRLs in the cache that are issued by
© 2010–2017 Ericsson AB
Licensed under the Apache License, Version 2.0.