[kmf-discuss] getting info on TA certificate
Huie-Ying Lee
huie-ying.lee at sun.com
Fri Feb 22 10:34:37 PST 2008
Wyllys Ingersoll wrote:
> Jan Pechanec wrote:
>>> several other functions - kmf_delete_cert_from_keystore,
>>> kmf_delete_key_from_keystore, kmf_delete_policy_from_db
>>>
>>
>> btw, none of the policy functions is decumented in KMF API document:
>>
>> jp161948:fossa:snv_83a:~$ nm /usr/lib/libkmf.so.1| grep policy
>> [696] | 103740| 498|FUNC |GLOB |0 |13
>> |kmf_add_policy_to_db
>> [545] | 102816| 309|FUNC |GLOB |0 |13
>> |kmf_delete_policy_from_db
>> [511] | 101044| 86|FUNC |GLOB |0 |13
>> |kmf_free_eku_policy
>> [588] | 101132| 257|FUNC |GLOB |0 |13
>> |kmf_free_policy_record
>> [816] | 101392| 391|FUNC |GLOB |0 |13 |kmf_get_policy
>> [543] | 101784| 209|FUNC |GLOB |0 |13 |kmf_set_policy
>> [648] | 103580| 157|FUNC |GLOB |0 |13
>> |kmf_verify_policy
>>
>>
>> J.
>>
>>
>
> OK, I will update the API doc to include them.
>
> -w
>
>
I have 1 concern about this.
Althought these policy APIS are global function from "nm", but they are
designed to be used by the kmfcfg command and
the KMF framework internally only.
In our current design, the only way that a user can
add/delete/modify/create a policy is thru the kmfcfg command.
If we make these APIs to be public, then we will allow a user to
add/delete/modify/create a policy by calling the APIs
directly.
Huie-Ying
More information about the kmf-discuss
mailing list