Safe Haskell	None
Language	Haskell2010

OpenSSL.X509.Revocation

Contents

Types
Functions to manipulate revocation list
Accessors

Description

An interface to Certificate Revocation List.

Synopsis

Types

data CRL Source #

CRL is an opaque object that represents Certificate Revocation List.

data RevokedCertificate Source #

RevokedCertificate represents a revoked certificate in a list. Each certificates are supposed to be distinguishable by issuer name and serial number, so it is sufficient to have only serial number on each entries.

Constructors

RevokedCertificate
Fields revSerialNumber :: Integer revRevocationDate :: UTCTime

Instances

Eq RevokedCertificate Source #
Methods (==) :: RevokedCertificate -> RevokedCertificate -> Bool # (/=) :: RevokedCertificate -> RevokedCertificate -> Bool #
Show RevokedCertificate Source #
Methods showsPrec :: Int -> RevokedCertificate -> ShowS # show :: RevokedCertificate -> String # showList :: [RevokedCertificate] -> ShowS #

Functions to manipulate revocation list

newCRL :: IO CRL Source #

newCRL creates an empty revocation list. You must set the following properties to and sign it (see signCRL) to actually use the revocation list. If you have any certificates to be listed, you must of course add them (see addRevoked) before signing the list.

Version: See setVersion.
Last Update: See setLastUpdate.
Next Update: See setNextUpdate.
Issuer Name: See setIssuerName.

signCRL Source #

Arguments

:: KeyPair key
=> CRL	The revocation list to be signed.
-> key	The private key to sign with.
-> Maybe Digest	A hashing algorithm to use. If `Nothing` the most suitable algorithm for the key is automatically used.
-> IO ()

signCRL signs a revocation list with an issuer private key.

verifyCRL :: PublicKey key => CRL -> key -> IO VerifyStatus Source #

verifyCRL verifies a signature of revocation list with an issuer public key.

printCRL :: CRL -> IO String Source #

printCRL translates a revocation list into human-readable format.

sortCRL :: CRL -> IO () Source #

sortCRL crl sorts the certificates in the revocation list.

Accessors

getVersion :: CRL -> IO Int Source #

getVersion crl returns the version number of revocation list.

setVersion :: CRL -> Int -> IO () Source #

setVersion crl ver updates the version number of revocation list.

getLastUpdate :: CRL -> IO UTCTime Source #

getLastUpdate crl returns the time when the revocation list has last been updated.

setLastUpdate :: CRL -> UTCTime -> IO () Source #

setLastUpdate crl utc updates the time when the revocation list has last been updated.

getNextUpdate :: CRL -> IO UTCTime Source #

getNextUpdate crl returns the time when the revocation list will next be updated.

setNextUpdate :: CRL -> UTCTime -> IO () Source #

setNextUpdate crl utc updates the time when the revocation list will next be updated.

getIssuerName :: CRL -> Bool -> IO [(String, String)] Source #

getIssuerName crl wantLongName returns the issuer name of revocation list. See getIssuerName of OpenSSL.X509.

setIssuerName :: CRL -> [(String, String)] -> IO () Source #

setIssuerName crl name updates the issuer name of revocation list. See setIssuerName of OpenSSL.X509.

getRevokedList :: CRL -> IO [RevokedCertificate] Source #

getRevokedList crl returns the list of revoked certificates.

addRevoked :: CRL -> RevokedCertificate -> IO () Source #

addRevoked crl revoked add the certificate to the revocation list.

getRevoked :: CRL -> Integer -> IO (Maybe RevokedCertificate) Source #

getRevoked crl serial looks up the corresponding revocation.