NAME
PROXY_POLICY_new
,
PROXY_POLICY_free
,
PROXY_CERT_INFO_EXTENSION_new
,
PROXY_CERT_INFO_EXTENSION_free
—
X.509 proxy certificate
extension
SYNOPSIS
#include
<openssl/x509v3.h>
PROXY_POLICY *
PROXY_POLICY_new
(void);
void
PROXY_POLICY_free
(PROXY_POLICY
*pp);
PROXY_CERT_INFO_EXTENSION *
PROXY_CERT_INFO_EXTENSION_new
(void);
void
PROXY_CERT_INFO_EXTENSION_free
(PROXY_CERT_INFO_EXTENSION
*pcie);
DESCRIPTION
If a given non-CA certificate grants any privileges, using that certificate to issue a proxy certificate and handing that proxy certificate over to another person, organization, or service allows the bearer of the proxy certificate to exercise some or all of the privileges on behalf of the subject of the original certificate.
PROXY_POLICY_new
()
allocates and initializes an empty PROXY_POLICY
object, representing an ASN.1 ProxyPolicy structure
defined in RFC 3820 section 3.8. It defines which privileges are to be
delegated.
PROXY_POLICY_free
()
frees pp.
PROXY_CERT_INFO_EXTENSION_new
()
allocates and initializes an empty
PROXY_CERT_INFO_EXTENSION object, representing an
ASN.1 ProxyCertInfo structure defined in RFC 3820
section 3.8. It can contain a PROXY_POLICY object, and
it can additionally restrict the maximum depth of the path of proxy
certificates that can be signed by this proxy certificate.
PROXY_CERT_INFO_EXTENSION_free
()
frees pcie.
If a non-CA certificate contains a PROXY_CERT_INFO_EXTENSION, it is a proxy certificate; otherwise, it is an end entity certificate.
RETURN VALUES
PROXY_POLICY_new
() and
PROXY_CERT_INFO_EXTENSION_new
() return the new
PROXY_POLICY or
PROXY_CERT_INFO_EXTENSION object, respectively, or
NULL
if an error occurs.
SEE ALSO
BASIC_CONSTRAINTS_new(3), EXTENDED_KEY_USAGE_new(3), POLICYINFO_new(3), X509_EXTENSION_new(3), X509_new(3)
STANDARDS
RFC 3820: Internet X.509 Public Key Infrastructure (PKI) Proxy Certificate Profile
HISTORY
These functions first appeared in OpenSSL 0.9.7g and have been available since OpenBSD 3.8.