Safe Haskell | Safe-Inferred |
---|---|
Language | Haskell2010 |
An interface to Certificate Revocation List.
Synopsis
- data CRL
- data RevokedCertificate = RevokedCertificate {}
- newCRL :: IO CRL
- signCRL :: KeyPair key => CRL -> key -> Maybe Digest -> IO ()
- verifyCRL :: PublicKey key => CRL -> key -> IO VerifyStatus
- printCRL :: CRL -> IO String
- sortCRL :: CRL -> IO ()
- getVersion :: CRL -> IO Int
- setVersion :: CRL -> Int -> IO ()
- getLastUpdate :: CRL -> IO UTCTime
- setLastUpdate :: CRL -> UTCTime -> IO ()
- getNextUpdate :: CRL -> IO UTCTime
- setNextUpdate :: CRL -> UTCTime -> IO ()
- getIssuerName :: CRL -> Bool -> IO [(String, String)]
- setIssuerName :: CRL -> [(String, String)] -> IO ()
- getRevokedList :: CRL -> IO [RevokedCertificate]
- addRevoked :: CRL -> RevokedCertificate -> IO ()
- getRevoked :: CRL -> Integer -> IO (Maybe RevokedCertificate)
Types
data RevokedCertificate Source #
represents a revoked certificate in a
list. Each certificates are supposed to be distinguishable by
issuer name and serial number, so it is sufficient to have only
serial number on each entries.RevokedCertificate
Instances
Show RevokedCertificate Source # | |
Defined in OpenSSL.X509.Revocation showsPrec :: Int -> RevokedCertificate -> ShowS # show :: RevokedCertificate -> String # showList :: [RevokedCertificate] -> ShowS # | |
Eq RevokedCertificate Source # | |
Defined in OpenSSL.X509.Revocation (==) :: RevokedCertificate -> RevokedCertificate -> Bool # (/=) :: RevokedCertificate -> RevokedCertificate -> Bool # |
Functions to manipulate revocation list
creates an empty revocation list. You must set the
following properties to and sign it (see newCRL
signCRL
) to actually use
the revocation list. If you have any certificates to be listed, you
must of course add them (see addRevoked
) before signing the list.
- Version
- See
setVersion
. - Last Update
- See
setLastUpdate
. - Next Update
- See
setNextUpdate
. - Issuer Name
- See
setIssuerName
.
:: KeyPair key | |
=> CRL | The revocation list to be signed. |
-> key | The private key to sign with. |
-> Maybe Digest | A hashing algorithm to use. If |
-> IO () |
signs a revocation list with an issuer private key.signCRL
verifyCRL :: PublicKey key => CRL -> key -> IO VerifyStatus Source #
verifies a signature of revocation list with an
issuer public key.verifyCRL
printCRL :: CRL -> IO String Source #
translates a revocation list into human-readable
format.printCRL
Accessors
getVersion :: CRL -> IO Int Source #
returns the version number of revocation list.getVersion
crl
setVersion :: CRL -> Int -> IO () Source #
updates the version number of revocation
list.setVersion
crl ver
getLastUpdate :: CRL -> IO UTCTime Source #
returns the time when the revocation list
has last been updated.getLastUpdate
crl
setLastUpdate :: CRL -> UTCTime -> IO () Source #
updates the time when the revocation
list has last been updated.setLastUpdate
crl utc
getNextUpdate :: CRL -> IO UTCTime Source #
returns the time when the revocation list
will next be updated.getNextUpdate
crl
setNextUpdate :: CRL -> UTCTime -> IO () Source #
updates the time when the revocation
list will next be updated.setNextUpdate
crl utc
getIssuerName :: CRL -> Bool -> IO [(String, String)] Source #
returns the issuer name of
revocation list. See getIssuerName
crl wantLongNamegetIssuerName
of
OpenSSL.X509.
setIssuerName :: CRL -> [(String, String)] -> IO () Source #
updates the issuer name of revocation
list. See setIssuerName
crl namesetIssuerName
of OpenSSL.X509.
getRevokedList :: CRL -> IO [RevokedCertificate] Source #
returns the list of revoked certificates.getRevokedList
crl
addRevoked :: CRL -> RevokedCertificate -> IO () Source #
add the certificate to the revocation
list.addRevoked
crl revoked
getRevoked :: CRL -> Integer -> IO (Maybe RevokedCertificate) Source #
looks up the corresponding revocation.getRevoked
crl serial