[kmf-discuss] getting info on TA certificate
Jan Pechanec
Jan.Pechanec at Sun.COM
Fri Feb 22 08:22:59 PST 2008
On Fri, 22 Feb 2008, Wyllys Ingersoll wrote:
> That would be ok, though I would change the name to make it clear that it is
> the
> TA based on the current policy - kmf_get_policy_trust_anchor(KMF_HANDLE_T,
> KMF_DATA *);
>
> The KMF_DATA record would be supplied by the caller, but filled in by the
> function.
>
> KMF_ERR_CERT_NOT_FOUND would be returned if a TA is defined but not found.
> KMF_ERR_TA_NOT_DEFINED would be returned if no TA is defined by the policy.
that's good.
>
> OK?
I would prefer kmf_get_policy_ta() because we already use
ta-location (not trust-anchor-location) and it's shorter but it's not a big
deal. What is good is that we have agreement on the semantics.
thanks, J.
--
Jan Pechanec
More information about the kmf-discuss
mailing list