[kmf-discuss] getting info on TA certificate
Hai-May Chao
Hai-May.Chao at sun.com
Fri Feb 22 10:04:24 PST 2008
Huie-Ying Lee wrote:
> Wyllys Ingersoll wrote:
>
>> Jan Pechanec wrote:
>>
>>>> several other functions - kmf_delete_cert_from_keystore,
>>>> kmf_delete_key_from_keystore, kmf_delete_policy_from_db
>>>>
>>>>
>>> btw, none of the policy functions is decumented in KMF API document:
>>>
>>> jp161948:fossa:snv_83a:~$ nm /usr/lib/libkmf.so.1| grep policy
>>> [696] | 103740| 498|FUNC |GLOB |0 |13
>>> |kmf_add_policy_to_db
>>> [545] | 102816| 309|FUNC |GLOB |0 |13
>>> |kmf_delete_policy_from_db
>>> [511] | 101044| 86|FUNC |GLOB |0 |13
>>> |kmf_free_eku_policy
>>> [588] | 101132| 257|FUNC |GLOB |0 |13
>>> |kmf_free_policy_record
>>> [816] | 101392| 391|FUNC |GLOB |0 |13 |kmf_get_policy
>>> [543] | 101784| 209|FUNC |GLOB |0 |13 |kmf_set_policy
>>> [648] | 103580| 157|FUNC |GLOB |0 |13
>>> |kmf_verify_policy
>>>
>>>
>>> J.
>>>
>>>
>>>
>> OK, I will update the API doc to include them.
>>
>> -w
>>
>>
>>
> I have 1 concern about this.
>
>
same here.
> Althought these policy APIS are global function from "nm", but they are
> designed to be used by the kmfcfg command and
> the KMF framework internally only.
>
>
Right. That was the design choice we made.
Hai-May
> In our current design, the only way that a user can
> add/delete/modify/create a policy is thru the kmfcfg command.
> If we make these APIs to be public, then we will allow a user to
> add/delete/modify/create a policy by calling the APIs
> directly.
>
> Huie-Ying
>
> _______________________________________________
> kmf-discuss mailing list
> kmf-discuss at opensolaris.org
> http://mail.opensolaris.org/mailman/listinfo/kmf-discuss
>
More information about the kmf-discuss
mailing list