HsOpenSSL-0.6.4: (Incomplete) OpenSSL binding for HaskellSource codeContentsIndex
OpenSSL.X509.Revocation
Contents
Types
Functions to manipulate revocation list
Accessors
Description
An interface to Certificate Revocation List.
Synopsis
data CRL
data RevokedCertificate = RevokedCertificate {
revSerialNumber :: Integer
revRevocationDate :: UTCTime
}
newCRL :: IO CRL
signCRL :: KeyPair key => CRL -> key -> Maybe Digest -> IO ()
verifyCRL :: PublicKey key => CRL -> key -> IO VerifyStatus
printCRL :: CRL -> IO String
sortCRL :: CRL -> IO ()
getVersion :: CRL -> IO Int
setVersion :: CRL -> Int -> IO ()
getLastUpdate :: CRL -> IO UTCTime
setLastUpdate :: CRL -> UTCTime -> IO ()
getNextUpdate :: CRL -> IO UTCTime
setNextUpdate :: CRL -> UTCTime -> IO ()
getIssuerName :: CRL -> Bool -> IO [(String, String)]
setIssuerName :: CRL -> [(String, String)] -> IO ()
getRevokedList :: CRL -> IO [RevokedCertificate]
addRevoked :: CRL -> RevokedCertificate -> IO ()
Types
data CRL Source
CRL is an opaque object that represents Certificate Revocation List.
data RevokedCertificate Source
RevokedCertificate represents a revoked certificate in a list. Each certificates are supposed to be distinguishable by issuer name and serial number, so it is sufficient to have only serial number on each entries.
Constructors
RevokedCertificate
revSerialNumber :: Integer
revRevocationDate :: UTCTime
show/hide Instances
Functions to manipulate revocation list
newCRL :: IO CRLSource

newCRL creates an empty revocation list. You must set the following properties to and sign it (see signCRL) to actually use the revocation list. If you have any certificates to be listed, you must of course add them (see addRevoked) before signing the list.

Version
See setVersion.
Last Update
See setLastUpdate.
Next Update
See setNextUpdate.
Issuer Name
See setIssuerName.
signCRLSource
:: KeyPair key
=> CRLThe revocation list to be signed.
-> keyThe private key to sign with.
-> Maybe DigestA hashing algorithm to use. If Nothing the most suitable algorithm for the key is automatically used.
-> IO ()
signCRL signs a revocation list with an issuer private key.
verifyCRL :: PublicKey key => CRL -> key -> IO VerifyStatusSource
verifyCRL verifies a signature of revocation list with an issuer public key.
printCRL :: CRL -> IO StringSource
printCRL translates a revocation list into human-readable format.
sortCRL :: CRL -> IO ()Source
sortCRL crl sorts the certificates in the revocation list.
Accessors
getVersion :: CRL -> IO IntSource
getVersion crl returns the version number of revocation list.
setVersion :: CRL -> Int -> IO ()Source
setVersion crl ver updates the version number of revocation list.
getLastUpdate :: CRL -> IO UTCTimeSource
getLastUpdate crl returns the time when the revocation list has last been updated.
setLastUpdate :: CRL -> UTCTime -> IO ()Source
setLastUpdate crl utc updates the time when the revocation list has last been updated.
getNextUpdate :: CRL -> IO UTCTimeSource
getNextUpdate crl returns the time when the revocation list will next be updated.
setNextUpdate :: CRL -> UTCTime -> IO ()Source
setNextUpdate crl utc updates the time when the revocation list will next be updated.
getIssuerName :: CRL -> Bool -> IO [(String, String)]Source
getIssuerName crl wantLongName returns the issuer name of revocation list. See OpenSSL.X509.getIssuerName of OpenSSL.X509.
setIssuerName :: CRL -> [(String, String)] -> IO ()Source
setIssuerName crl name updates the issuer name of revocation list. See OpenSSL.X509.setIssuerName of OpenSSL.X509.
getRevokedList :: CRL -> IO [RevokedCertificate]Source
getRevokedList crl returns the list of revoked certificates.
addRevoked :: CRL -> RevokedCertificate -> IO ()Source
addRevoked crl revoked add the certificate to the revocation list.
Produced by Haddock version 2.4.2