CSSM_TP_CertGroupPrune

Purpose

This function removes certificates from a certificate group. The prune operation can remove those certificates that have been signed by any local certificate authority, as it is possible that these certificates will not be meaningful on other systems.

This operation also can remove additional certificates that can be added to the certificate group again using the CSSM_CertGroupConstruct function. The pruned certificate group should be suitable for transmission to external hosts, which can in turn reconstruct and verify the certificate group.

The DBList parameter specifies a set of data stores containing certificates that should be pruned from the group.

Format

CSSM_CERTGROUP_PTRCSSMAPI CSSM_TP_CertGroupPrune
                (CSSM_TP_HANDLE TPHandle,
                CSSM_CL_HANDLE CLHandle, 
                CSSM_CERTGROUP_PTR OrderedCertGroup,
                CSSM_DL_DB_LIST_PTR DBList)

Parameters

Input

TPHandle: The handle to the TP module to perform this operation.
OrderedCertGroup: The initial, complete set of certificates from which certificates will be selectively removed.
DBList: A list of handle pairs specifying a DL module and a data store managed by that module. These data stores should contain certificates (and possibly other security objects also). The data stores are searched for certificates semantically related to those in the certificate group to determine whether they should be removed from the certificate group.

Input/optional

CLHandle: The handle to the CL module that can be used to manipulate and parse the certgroup certificates and the certificates in the specified data stores. If no CL module is specified, the TP module uses an assumed CL module.

Return Value

Returns a certificate group containing those certificates which are verifiable credentials outside of the local system. If the list is NULL, an error has occurred.

Related Information

CSSM_TP_CertGroupConstruct
CSSM_TP_CertGroupVerify