[kmf-discuss] getting info on TA certificate
Wyllys Ingersoll
wyllys.ingersoll at sun.com
Fri Feb 22 07:27:16 PST 2008
> when I'm thinking about this again, would not be better if we have
> just a function call to get TA certificate in ASN.1 form? When I have that,
> I can find out anything I want using existing KMF functions.
>
> kmf_get_ta_cert(KMF_HANDLE_T, KMF_DATA **)
>
> the caller would be responsible to free returned *KMF_DATA inluding
> the data in it. If there is no TA defined in the policy file, an error is
> returned.
>
> would that be acceptable?
>
> J.
>
That would be ok, though I would change the name to make it clear that
it is the
TA based on the current policy -
kmf_get_policy_trust_anchor(KMF_HANDLE_T, KMF_DATA *);
The KMF_DATA record would be supplied by the caller, but filled in by
the function.
KMF_ERR_CERT_NOT_FOUND would be returned if a TA is defined but not found.
KMF_ERR_TA_NOT_DEFINED would be returned if no TA is defined by the policy.
OK?
-Wyllys
More information about the kmf-discuss
mailing list